SANJAY M KOTABAGI
SOC Analyst L2 | AI-Powered Security Automation | Detection Engineering
Professional Summary
SOC Analyst L2 with 4+ years at Big4 firms (PwC and Deloitte USI) and Startup, specialising in 24x7 security operations, incident response, and detection engineering. Stands apart from most SOC analysts through production-deployed AI automation: independently built and shipped a phishing investigation system that eliminated manual triage entirely, and co-developed an in-house LLM that reduced alert-handling time by 30-40% at PwC. Hands-on across the full security stack - SIEM (Sentinel, QRadar, Splunk), EDR (SentinelOne, Defender XDR), cloud security (AWS, Azure), IAM (Okta), DLP, and network security. Primary L2 escalation point trusted by US enterprise clients with zero SLA breaches.
Signature Achievement: AI-Powered SOC Automation
Built end-to-end from scratch - no vendor tooling, no pre-built templates. Both systems are live in production.
- Phishing Investigation Platform: Designed and deployed a full automated phishing investigation system integrating AI classification, IOC enrichment (VirusTotal, threat intel feeds), SOP-driven logic, and automated verdict generation. Zero manual effort on standard phishing alerts.
- SOC alert runbook LLM: Co-architected, fine-tuned, and productionized an in-house LLM (PwC) trained on historical SOC alert data and runbooks - delivered 30-40% measurable reduction in time-to-handle.
- Adversarial LLaMA 2: Jailbroken LLaMA 2 (7B) fine-tuned for adversarial AI research - used as a red-team companion for adversarial prompt generation and AI threat modelling.
Professional Experience
- Primary escalation point for complex, high-severity alerts across SIEM, SOAR, IR, and Advanced Threat Hunting teams; trusted first call for US-based enterprise client incidents.
- Single-handedly designed, built, and deployed a multi-workflow SOC automation platform - eliminated repetitive manual tasks across the entire analyst team without any vendor dependency.
- Architected and shipped the in-house LLM for L1 triage support and L2 review assistance - 30-40% alert-handling time reduction, production-proven, still running.
- Led proactive threat hunting campaigns in collaboration with ATH teams - uncovered adversary TTPs missed by automated detection.
- Managed critical incident lifecycle end-to-end: zero SLA breaches, full client satisfaction maintained across all engagements.
- Delivered 24x7 SOC coverage for multiple high-profile US enterprise clients as the trusted bridge between front-line L1 analysts and L2/IR teams.
- Built Python automation scripts for phishing triage - cut per-alert investigation time from 20+ minutes to under 3 minutes.
- Monitored and correlated security events simultaneously across firewalls, IDS/IPS, EDR, SIEM, email security, and cloud platforms.
- Developed detection hypotheses for Okta abuse, Azure account takeover, and cloud misuse scenarios - several adopted as permanent monitoring rules across client environments.
- Received Spot Award for exceptional SLA adherence, accuracy, and dedication across all client SOC tickets. Multiple direct client commendations for incident handling quality.
- Reviewed indices and dashboards for anomalous cloud configuration activities.
- Investigated security alert triggers from Microsoft Defender for Cloud and coordinated adjustments.
Technical Skills
Certifications
- Microsoft SC-100 - Cybersecurity Architect Expert
- Microsoft SC-200 - Security Operations Analyst
- Cisco Cybersecurity Certification
- Ethical Hacking & Penetration Testing Certification
- Python - Automation and Scripting (Python Anywhere)
- HackerRank - Java & Python
- Git & GitHub - Certified