>// SANJAY

SANJAY M KOTABAGI

SOC Analyst L2 | AI-Powered Security Automation | Detection Engineering

sanjaymkotabagi@gmail.com
linkedin.com/in/sanjaymkotabagi
github.com/sanjaykotabagi
Bengaluru, Karnataka | +91-8147457639

Professional Summary

SOC Analyst L2 with 4+ years at Big4 firms (PwC and Deloitte USI) and Startup, specialising in 24x7 security operations, incident response, and detection engineering. Stands apart from most SOC analysts through production-deployed AI automation: independently built and shipped a phishing investigation system that eliminated manual triage entirely, and co-developed an in-house LLM that reduced alert-handling time by 30-40% at PwC. Hands-on across the full security stack - SIEM (Sentinel, QRadar, Splunk), EDR (SentinelOne, Defender XDR), cloud security (AWS, Azure), IAM (Okta), DLP, and network security. Primary L2 escalation point trusted by US enterprise clients with zero SLA breaches.

Signature Achievement: AI-Powered SOC Automation

Built end-to-end from scratch - no vendor tooling, no pre-built templates. Both systems are live in production.

  • Phishing Investigation Platform: Designed and deployed a full automated phishing investigation system integrating AI classification, IOC enrichment (VirusTotal, threat intel feeds), SOP-driven logic, and automated verdict generation. Zero manual effort on standard phishing alerts.
  • SOC alert runbook LLM: Co-architected, fine-tuned, and productionized an in-house LLM (PwC) trained on historical SOC alert data and runbooks - delivered 30-40% measurable reduction in time-to-handle.
  • Adversarial LLaMA 2: Jailbroken LLaMA 2 (7B) fine-tuned for adversarial AI research - used as a red-team companion for adversarial prompt generation and AI threat modelling.

Professional Experience

PwC | SOC Analyst L2 - Primary Escalation Point May 2025 – Present
  • Primary escalation point for complex, high-severity alerts across SIEM, SOAR, IR, and Advanced Threat Hunting teams; trusted first call for US-based enterprise client incidents.
  • Single-handedly designed, built, and deployed a multi-workflow SOC automation platform - eliminated repetitive manual tasks across the entire analyst team without any vendor dependency.
  • Architected and shipped the in-house LLM for L1 triage support and L2 review assistance - 30-40% alert-handling time reduction, production-proven, still running.
  • Led proactive threat hunting campaigns in collaboration with ATH teams - uncovered adversary TTPs missed by automated detection.
  • Managed critical incident lifecycle end-to-end: zero SLA breaches, full client satisfaction maintained across all engagements.
Deloitte USI | SOC Analyst - L1 Escalation Feb 2023 – Apr 2025
  • Delivered 24x7 SOC coverage for multiple high-profile US enterprise clients as the trusted bridge between front-line L1 analysts and L2/IR teams.
  • Built Python automation scripts for phishing triage - cut per-alert investigation time from 20+ minutes to under 3 minutes.
  • Monitored and correlated security events simultaneously across firewalls, IDS/IPS, EDR, SIEM, email security, and cloud platforms.
  • Developed detection hypotheses for Okta abuse, Azure account takeover, and cloud misuse scenarios - several adopted as permanent monitoring rules across client environments.
  • Received Spot Award for exceptional SLA adherence, accuracy, and dedication across all client SOC tickets. Multiple direct client commendations for incident handling quality.
Orbit Technologies | Cloud Security L1 Jun 2022 – Dec 2022
  • Reviewed indices and dashboards for anomalous cloud configuration activities.
  • Investigated security alert triggers from Microsoft Defender for Cloud and coordinated adjustments.

Technical Skills

SIEM / XDR: Microsoft Sentinel, IBM QRadar, Splunk, IBM XDR
EDR / EPP: SentinelOne, Microsoft Defender XDR, Carbon Black
Cloud Security: AWS GuardDuty, Prisma Cloud, Defender for Cloud Apps, Azure AD
Identity & Access: Okta IAM - ATO detection, policy enforcement
Email & Web Security: Proofpoint, PhishER, Zscaler, Akamai
Network & Firewall: Palo Alto Networks, IDS/IPS
Security Automation: Python (IOC extraction, email forensics), SOAR workflows
AI / ML in Security: LLM fine-tuning (LLaMA 2), AI alert classification, adversarial AI
Offensive / Threat Intel: Metasploit, Nmap, Gobuster, MITRE ATT&CK
Languages / Dev: Python, Java, JavaScript, PHP, MySQL, PL/SQL

Certifications

  • Microsoft SC-100 - Cybersecurity Architect Expert
  • Microsoft SC-200 - Security Operations Analyst
  • Cisco Cybersecurity Certification
  • Ethical Hacking & Penetration Testing Certification
  • Python - Automation and Scripting (Python Anywhere)
  • HackerRank - Java & Python
  • Git & GitHub - Certified

Education

Master of Computer Applications (MCA) Dec 2022 – Dec 2024
Jain University | CGPA: 8.6 / 10
Bachelor of Computer Applications (BCA) Apr 2019 – Apr 2022
KLE's PC Jabin College, Hubballi | CGPA: 8.7 / 10