Detection & Response Engineer - Threat Hunting & Automation

HEMAVATHI GOWRI

Detection & Response Engineer Threat Detection & Hunting Security Automation Incident Response **********@*****.*** Jersey City, NJ linkedin.com/in/hemagh 908-***-**** PROFESSIONAL SUMMARY

Detection & Response Engineer with 5+ years building end-to-end security detection and response capabilities across SOC, cloud, and threat intelligence domains. Expert in Splunk SPL, Sigma, and YARA rule authoring; MITRE ATT&CK-aligned detection lifecycle management; and Python-based automation for triage, IOC enrichment, and incident orchestration. Proven ability to reduce false positives and MTTR at scale (500+ daily events). Integrates LLM-assisted analysis and ML-based anomaly detection into security operations — bridging traditional SOC work with next-generation AI-augmented security engineering. PROFESSIONAL EXPERIENCE

Operations & Detection Analyst Mar 2026 – Present

Amicus Global IT United States

• Design, deploy, and maintain production detection rules in Splunk and Microsoft Sentinel mapped to MITRE ATT&CK TTPs

— managing full detection lifecycle (scoping authoring testing tuning retirement) across 500+ daily events.

• Lead end-to-end incident response investigations across endpoint, identity, and application telemetry; coordinate cross- functional resolution with IT, compliance, and engineering teams; deliver structured post-incident reports with kill-chain mapping, IOC listings, and remediation actions.

• Develop Python automation for alert triage pipeline orchestration, IOC enrichment, and evidence collection — measurably reducing MTTD and MTTR while improving detection workflow consistency.

• Build and maintain IR playbooks aligned to threat actor profiles; conduct intelligence-driven threat hunts and convert confirmed findings into version-controlled, durable detection rules.

• Integrate LLM-assisted analysis to accelerate indicator contextualization, investigation summarization, and detection hypothesis generation — embedding AI tooling directly into daily detection and response operations. Data & Security Operations Analyst May 2025 – Mar 2026 Pilvi Systems, Inc. United States

• Built and operationalized a real-time threat monitoring pipeline in Splunk — authored SPL detection queries targeting behavioral IOCs, beaconing patterns, and anomalous DNS activity across cloud and application telemetry, achieving a 30% reduction in false positive rates through systematic rule tuning.

• Conducted advanced DNS anomaly analysis using entropy scoring, NXD pattern detection, and domain age/registration signals to identify C2 communication and suspicious outbound resolution at the network layer.

• Performed root-cause investigations on security anomalies across application and infrastructure logs; traced attacker activity to source, documented TTP patterns, and produced remediation runbooks adopted as team operational standards.

• Implemented risk-based detection prioritization aligned to MITRE ATT&CK, ensuring highest-confidence detections surfaced first — measurably reducing MTTR for escalated incidents. Security Operations Specialist May 2020 – Jun 2023 ZeroFOX Bengaluru, India

• Managed 1,000+ security events daily in a 24x7x365 multi-geography IR environment; engineered Python triage automation with severity scoring and auto-tagging against known threat actor TTPs — reducing mean event processing time by 20%.

• Led a high-priority forensic IR investigation, reconstructing a full attack timeline in under 6 hours by correlating endpoint, network, and identity telemetry across 12+ data sources; delivered a 20-page executive brief with kill-chain mapping, IOCs, and containment recommendations.

• Authored 50+ Splunk detection rules, IR playbooks, and escalation procedures — adopted as detection governance standards across the global operations team.

• Triaged phishing payloads and suspicious attachments using Cuckoo Sandbox dynamic analysis and static indicator extraction; fed confirmed behavioral IOCs directly into production detection rules.

• Produced 20+ CISO-level IR briefings with incident timelines, adversary TTPs, indicators of compromise, and strategic remediation roadmaps within defined SLA windows.

Cybersecurity Intern Aug 2019 – Feb 2020

Gyaan Vivarttana Technologies India

• Analyzed 30+ live phishing URLs and spoofed domains using OSINT tools; developed phishing triage workflow documentation and evidence-collection checklists, reducing analyst onboarding time.

• Applied ML ensemble classifiers for anomaly detection in IoT environments — gaining hands-on experience with behavioural analysis and AI-driven security use cases.

PROJECTS

ML-Based Intrusion Detection System — AI-Augmented Anomaly Detection 2024

• Architected and trained a hybrid ML-IDS for an IoT healthcare environment using ensemble classifiers (Random Forest, Gradient Boosting) with automated feature engineering — going beyond signature-based detection to build AI-driven anomaly detection from the ground up.

• Conducted traffic pattern analysis, anomaly scoring, and model evaluation across labeled attack datasets; aligned detection methodology to NIST CSF.

• Demonstrated practical application of ML to security monitoring — bridging the gap between traditional SOC tooling and modern AI-augmented detection approaches.

SOC Detection Engineering Lab — Hunt-to-Detection Pipeline 2023–2024

• Built a production-grade detection engineering home lab using Splunk and Sysmon to emulate APT attack chains across the full MITRE ATT&CK kill chain — initial access through exfiltration.

• Authored SPL detection rules and Sigma-compatible signatures for 10+ techniques including encoded PowerShell execution, suspicious DNS resolution, and abnormal authentication patterns; iteratively refined rules using VirusTotal enrichment and passive DNS pivoting to minimize false positives.

• Performed dynamic malware analysis on phishing payloads using Cuckoo Sandbox — extracting behavioral IOCs, C2 beaconing patterns, and persistence mechanisms — then directly converted findings into new SIEM detection logic.

• Validated network segmentation controls using pfSense; documented full IR lifecycle including containment actions, forensic

• findings, and post-incident detection improvements. EDUCATION

Master of Science, Computer Science May 2025

Montclair State University, USA

Bachelor of Engineering, Information Science May 2020 Vemana Institute of Technology, INDIA

CERTIFICATIONS

(ISC) CISSP (in progress) Cisco CCNA Google Prompting Essentials Splunk Core User Certified Yoga Instructor

Contact this candidate