Devarajan P M

• SIEM Implementation: Built a centralised log pipeline using Windows Event Forwarding (WEF)
to aggregate security events from 50+ dispersed endpoints, reducing log gaps by ~40%.
• Log Enrichment: Engineered a Logstash normalisation pipeline enriching raw event logs
before Wazuh ingestion, improving alert detection accuracy and cutting false positives.
• Active Directory Defense: Designed and implemented realistic AD attack scenarios
(Kerberoasting, ACL abuse, Golden Ticket, DCSync) integrated with Velociraptor EDR and
Splunk for live threat detection and analyst training.
• Home SOC Lab: Built a full enterprise-grade SOC lab on Raspberry Pi and Docker —
OpenCanary honeypot exposed to internet, Suricata IPS, ntopng network monitoring,
Velociraptor EDR, Splunk SIEM, TheHive case management, Cortex IOC enrichment, n8n
SOAR automation, and MISP threat intelligence platform.
• SOAR Automation: Designed n8n workflows automating alert triage — Splunk detection fires,
TheHive case created automatically, Cortex enriches IOCs via VirusTotal and AbuseIPDB,
Telegram notification sent to analyst.
• CTF Development (C-DAC): Designed and built attack scenarios and CTF challenges for C-DAC
smart infrastructure platforms including Smart Agriculture and Smart Water Management
systems, simulating real-world ICS/IoT threats.
• Email Security: Audited corporate domain email security and enforced SPF/DMARC policies,
eliminating spoofing attempts and improving deliverability metrics across the organisation.

• GRC & Compliance: Supported ISO 27001 ISMS implementation by maintaining asset
inventories and mapping 40+ technical controls to Annex A requirements, contributing to
a successful external audit.
• Risk Assessment: Conducted internal gap analysis across security domains, identifying 15+
missing controls and preparing prioritised remediation plans presented to senior management.
• Documentation: Developed control-mapping documentation and compliance presentations
that streamlined audit preparation and reduced review cycles by 30%.

• SOC Operations: Monitored and triaged 200+ daily security events using Splunk and QRadar,
consistently distinguishing real threats from false positives with less than 5%
misclassification.
• Detection Tuning: Assisted in refining SIEM correlation rules, improving alert fidelity and
reducing analyst alert fatigue by an estimated 20%.
• Vulnerability Management: Verified patch applications for the Manappuram Finance MADU
application, ensuring full remediation of identified vulnerabilities within SLA timelines.