Summary
Overview
Work History
Education
Skills
Certification
Personal Information
Freelance Experience
Awards
Timeline
Generic
Ayush Sharma

Ayush Sharma

CyberSecurity
Pune

Summary

Results-driven cybersecurity consultant with over 5 years of hands-on experience securing cloud and hybrid environments for global enterprises. Specialist in Microsoft Defender XDR, Sentinel, Azure Security, and SOC operations, with a track record of leading detection engineering, threat response, and large-scale deployments across 100K+ assets. Adept at managing teams, building automation workflows, and aligning security operations with CIS, TPCRA, and FedRAMP compliance.

Overview

6
6
years of professional experience
2018
2018
years of post-secondary education
5
5
Certifications
2
2
Languages

Work History

Assistant Manager – GSOC Engineering

KPMG International
05.2022 - Current
  • Lead Tier 3 endpoint security operations, covering 700K+ devices across 118 countries.
  • Spearheaded the onboarding of over 100 event sources into Azure Sentinel, including AD, DNS, DHCP, and firewalls.
  • Developed automation via Logic Apps to streamline L1 responses (MFA reset, password revocation, session kill).
  • Created and maintained custom KQL-based analytics rules and workbooks for threat detection and reporting.
  • Led migration and hypercare from CentOS to RHEL for 20+ high-security logging servers.
  • Conducted a monthly review of MDE sensor health, log ingestion metrics, and alert fidelity.
  • Managed shadow IT risks using Microsoft Cloud App Security and Azure AD Identity Protection.
  • Lead Sentinel deployment projects from design to delivery, including workspace architecture, data connectors, and alert strategy.
  • Conduct onboarding sessions and KT workshops for client teams on how to use Sentinel and Defender XDR effectively.
  • Manage Upwork Enterprise contracts, including defining the scope of work, delivery milestones, and long-term security operations support.
  • Define key SOC metrics: MTTR, alert-to-incident ratio, false positive rate, alert volumes by source, and analyst performance.
  • Deliver monthly executive reports highlighting threat landscape trends, incident summaries, and SOC value delivered.
  • Align detection and response efforts with regulatory requirements (e.g., CIS, ISO 27001, TPCRA, FedRAMP).
  • Periodically audit Sentinel configurations, analytic rules, and role-based access to ensure security and compliance.

Cybersecurity Manager

Transputec (Contract)
01.2024 - Current
  • Manage and established a 30-member global SOC L1 team across time zones, ensuring 24/7 incident triage and SLA compliance.
  • Define and enforce SOPs, and escalation workflows for efficient triage, containment, and handoffs.
  • Conduct weekly performance reviews and training sessions to improve the detection quality and analytical capability of SOC analysts.
  • Research emerging TTPs (MITRE ATT&CK, MDSec, Sigma Rules), and develop custom KQL-based analytics rules for Azure Sentinel.
  • Continuously improve detection logic based on threat intelligence, false positive analysis, and red team exercises.
  • Map detection content to ATT&CK tactics and techniques to maintain threat coverage and alignment with industry standards.
  • Act as the L2/L3 escalation point for high-severity incidents involving credential theft, lateral movement, and cloud compromise.
  • Perform root cause analysis (RCA) and lead post-incident reviews to ensure lessons learned are operationalized.
  • Engage directly with client security teams and leadership for real-time incident response and advisories.
  • Enhanced network security by implementing multi-factor authentication and intrusion detection systems.
  • Optimized incident response time with the development of clear and concise communication protocols.

Security Consultant (Upwork - Freelance)

Confidential
01.2023 - 01.2024
  • Delivered CIS benchmark–based hardening for Microsoft 365 environments across 10+ SMBs and mid-sized clients, aligning configurations with industry standards, and minimizing the attack surface.
  • Conducted baseline security assessments, identifying misconfigurations in Exchange Online, SharePoint, OneDrive, Teams, Entra ID, and Defender, followed by prioritized remediation plans.
  • Defined and enforced Conditional Access policies to address high-risk sign-ins, geolocation anomalies, and unmanaged device access, drastically reducing user risk exposure.
  • Investigated critical incidents involving session hijacking (multi-IP, multi-UA access patterns), external spoofing attempts, legacy authentication abuse, and OAuth token misuse.
  • Built detection queries for use cases such as MFA fatigue attacks, suspicious Power Automate flows, excessive token refreshes, and developed enrichment logic for efficient triage.
  • Integrated Mimecast logs with Sentinel, enabling unified visibility across email and endpoint threat surfaces, using custom data connectors and normalization parsers.
  • Deployed GuardDuty alerts into Sentinel using AWS Lambda, EventBridge, and API collector flows to detect anomalous AWS behavior alongside M365 alerts.
  • Onboarded SentinelOne detection telemetry via syslog and Sentinel parsers to create cross-platform detection and response workflows.
  • Created automation playbooks to trigger remediation tasks (e.g., isolate endpoint, expire sessions, force sign-out) based on incident severity and context.
  • Provided monthly security reporting, highlighting vulnerabilities patched, alerts triaged, user risk status, and compliance posture improvements.
  • Acted as a technical advisor for clients migrating to the Microsoft Defender XDR stack from CrowdStrike.

Senior Escalation Engineer – Endpoint Protection

Concentrix India
12.2019 - 04.2022
  • Acted as L2 SME for Microsoft Defender for Endpoint across 11 tenants (100K+ assets).
  • Created escalation runbooks for L1 teams, improving MTTR by 30%.
  • Triaged and responded to high-fidelity alerts in Sentinel, Defender, and CrowdStrike.
  • Engaged directly with Microsoft support and client-side engineers to resolve complex EDR issues.
  • Served as a subject matter expert in key technology areas, providing guidance and expertise to colleagues and clients alike.
  • Analyzed trends in escalations data to identify recurring issues and initiate preventative measures.
  • Collaborated with product development teams to provide feedback on software bugs and potential improvements.
  • Participated in weekly review meetings with senior management, reporting on key metrics related to escalation handling performance.
  • Reduced average response time for escalated cases by implementing efficient case management processes.

Education

Bachelor of Engineering - Mechanical

CSVTU
Bhilai
06.2018

Skills

Endpoint security

Threat detection

Vulnerability assessment

Security information and event management

Incident response

Cybersecurity expertise

Security operations

Certification

Microsoft Certified: Cybersecurity Architect Expert (SC-100)

Personal Information

  • Willing To Relocate: Yes (including UAE)
  • Date of Birth: 14 Nov 1997
  • Availability: Yes (including UAE)

Freelance Experience

  • Principal Consultant, Transputec, 2024-01-01, Present, Focus on Microsoft Defender XDR, Sentinel, and SOC-as-a-Service., Led SOC transition project from A to B (supporting 1300-seat environment)., Delivered turnkey Sentinel deployments, KQL detection packs, and automation playbooks for global clients., Negotiated and managed long-term support contracts, including Upwork Enterprise engagements.
  • Freelance Security Consultant, Upwork, Performed CIS-based Microsoft 365 hardening for 10+ SMB clients., Investigated high-risk user activities and implemented Conditional Access policies., Integrated Mimecast, GuardDuty, SentinelOne with Sentinel for unified incident management., Conducted incident response investigations involving session hijacking, spoofed emails, and API abuse.

Awards

  • Encore Rising Star Award – KPMG Global, for outstanding performance.
  • Kudos & Super Team Award – For leading complex Tier 3 MDE operations and successful RLC migrations.
  • Expert-Vetted Freelancer – Upwork (Top 1% globally for cybersecurity services)

Timeline

Cybersecurity Manager

Transputec (Contract)
01.2024 - Current

Security Consultant (Upwork - Freelance)

Confidential
01.2023 - 01.2024

Assistant Manager – GSOC Engineering

KPMG International
05.2022 - Current

Senior Escalation Engineer – Endpoint Protection

Concentrix India
12.2019 - 04.2022

Bachelor of Engineering - Mechanical

CSVTU

Similar Profiles

CREATE PROFILE
Ayush SharmaCyberSecurity