Skip to content
View sandeepmothukuri's full-sized avatar
✌️
Building AI-powered SOC lab
✌️
Building AI-powered SOC lab
1 follower · 0 following

Block or report sandeepmothukuri

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
sandeepmothukuri/README.md

Sandeep Mothukuri

Senior SOC Analyst (L3) | Incident Response | Threat Hunting | XDR | SIEM (Splunk, QRadar) | CISM

👨‍💻 Professional Profile

Senior SOC Analyst with 5+ years of experience in enterprise and MSSP environments, specialising in high-severity incident response, threat hunting, and XDR-driven investigations.

Trusted escalation point for critical security incidents, making real-time containment decisions based on business impact and risk.

🚨 Core Capabilities

Incident Response & SOC Operations

  • End-to-end incident handling (Detection → Investigation → Containment → Recovery → RCA)
  • High-severity alert triage and escalation (L2/L3)
  • Business-impact-driven decision making
  • Stakeholder communication (technical & executive level)

Threat Detection & Hunting

  • Hypothesis-driven threat hunting
  • Detection engineering and alert tuning
  • False positive reduction and signal optimisation

XDR & SIEM Expertise

  • Splunk (Search, correlation rules, dashboards)
  • IBM QRadar
  • CrowdStrike Falcon (EDR/XDR)
  • Microsoft Defender & Sentinel

Investigation & Analysis

  • Multi-telemetry correlation (endpoint, identity, network, email)
  • Malware analysis (Any.Run, VirusTotal)
  • Log analysis (Windows Events, Sysmon, network logs)

📂 Featured Work

🔐 SOC Incident Investigation – Brute Force Attack

  • Simulated and investigated brute-force attack scenario
  • Correlated logs across network and endpoint telemetry
  • Identified attacker behaviour and attack patterns
  • Mapped activity to MITRE ATT&CK (T1110)
  • Performed containment strategy and remediation planning

📊 SIEM Detection Engineering

  • Developed detection use cases in Splunk
  • Built dashboards for security monitoring
  • Tuned alerts to reduce false positives

🛡 Threat Detection (Sigma / MITRE ATT&CK)

  • Created detection rules aligned to attacker techniques
  • Simulated adversary behaviour
  • Improved detection coverage

🧠 Analyst Decision-Making (What differentiates L3)

  • Evaluate alerts based on risk, context, and business impact
  • Decide between containment vs monitoring strategies
  • Lead investigations without dependency
  • Translate technical findings into actionable business insights

📈 Professional Focus

  • Advanced Detection Engineering
  • XDR-based Threat Hunting
  • SOC Automation (AI + Security)
  • Cloud Security Monitoring

🎓 Certifications

  • CISM
  • CompTIA Security+
  • ISC2 Certified in Cybersecurity
  • Cybersecurity SOC Analyst & Professional
  • Cybersecurity Ethical Hacking Professional
  • CompTIA Network+ | CompTIA A+
  • ITIL 4 Foundation

🌐 Connect With Me

⚡ Value Proposition

Delivering high-confidence detections, minimizing false positives, and enabling rapid response to critical threats in enterprise SOC environments.

Pinned Loading

  1. soc-lab soc-lab Public template

    SOC Analyst home lab with Wazuh SIEM, Sysmon logging, brute-force detection, MITRE ATT&CK mapping, and incident response workflow.

    Shell 1

  2. advanced-soc-lab-v2.0 advanced-soc-lab-v2.0 Public

    🔐 Hands-on SOC lab - 12 tools (OpenSearch, Suricata, Zeek, MISP, Caldera, Velociraptor + AI agents) via Docker Compose. MITRE ATT&CK v14. Free

    HTML 1