Rakesh Mishra

https://www.linkedin.com/in/rakesh-mishra-2a005436/
rakesh.mishra087@gmail.com | +91-9971966753 | India

Professional Summary:

Seasoned Information Security Leader with over 13 years of expertise spanning Defensive and Offensive
Security domains. Proven track record in leading Incident Response, DFIR, Threat Detection, Threat
Hunting, Vulnerability Research, Application Security and Security Operations teams, safeguarding Azure &
AWS, two of the most intricate environments globally. Recognized for building and guiding world-class
security teams, coupled with exceptional stakeholder management and program leadership skills.

Skills:

Incident Response Threat Intelligence

Security Operations Digital Forensics
Detection Engineering SecDevOps
Threat Hunting Security Research
Cloud Security Application Security
Purple Team Adversary Emulation
Vulnerability Research Vulnerability Management

Key Achievements:

• Spearheaded the adoption of the MITRE ATT&CK framework to significantly improve Detection
Coverage for the Microsoft EDG group, resulting in a remarkable 50% increase in coverage.
• Developed a sophisticated Jupyter Notebooks based Investigation Framework, slashing Time to
Investigate for Security Operations by an impressive 20% within the MSRC.
• Served as the Product Owner during the development of a Proprietary SIEM solution tailored to
meet the unique needs of the Microsoft EDG group at scale.
• Implemented cutting-edge detection frameworks to swiftly identify emerging threats such as
Ransomware and CobaltStrike, bolstering the organization's ability to respond effectively.
• Established a comprehensive Threat Hunting function from inception, integrating diverse
methodologies including Hunting Traps, Environment-specific hypothesis-driven hunting, Threat
Actor-based Hunting, and IOC-led Hunting, ultimately maturing it into a highly effective program.
• Pioneered the "Scenario-Based Pentest" program, significantly enhancing the organization's
security posture by identifying vulnerabilities at scale.
• Established and led a dedicated Security Research function, instrumental in discovering new
variants of vulnerabilities, identifying novel TTPs, and tracking emerging Threat Actors.
• Responded to and meticulously investigated high-profile company-wide incidents such as Log4J and
SolarWinds, crafting detailed threat reports for each incident.
• Implemented a robust scoring model to prioritize security issues at the scale of AWS, resulting in
notable improvements in Incident Response efficiency and effectiveness.
• Designed and implemented mechanisms to track threat actors targeting the environment on a
consistent basis, enhancing the organization's ability to detect and respond to potential security
threats.
Experience:

Manager, Cloud Security Response, AWS, March 2023 – Now (Ireland, Dublin)

• Lead a team of managers, technical leads, incident responders, and security analysts responsible
for performing incident response, digital forensics, threat hunting, and threat intelligence
activities to secure AWS.
• Worked as program owner for Incident Response and Threat Intelligence within Cloud
Security Response.
• Lead efforts in building a Tier 3 Incident Response function from the ground up, specializing in
DFIR and Threat Hunting at scale.
• Collaborate with cross-functional teams to ensure seamless integration of incident response
processes within AWS environments.
• Develop and implement incident response playbooks and procedures tailored to the specific
complexities of AWS environments.
• Lead a team of threat intelligence analysts and reverse engineers in producing finished
intelligence content on threat actors and attacker techniques, including written reports, and
presentations to partner teams and leadership.
• Established key performance indicators (KPIs) and regularly tracked and analyzed data to measure
the team's progress and identify areas for improvement.
• Collaborated with cross-functional teams to integrate data-driven security measures across
various domains, enhancing overall organizational security posture.

Senior Security Engineering Manager / Microsoft/ 10.2021 – March 2023 (Hyderabad, India)

• Led a world-class Offensive Security Practice encompassing Application Security, Purple Team,
Adversary Emulation, Vulnerability Research and Offensive Security Research teams within
EDG (Edge & Platform, Devices, and Gaming) Security, ensuring a secure experience for
hundreds of millions of global users.
• Pioneered and built the Offensive Security Practice from inception at Microsoft IDC, employing a
data-driven approach to categorize and scale offensive security operations, thereby fortifying the
security posture for hundreds of business partners within Microsoft.
• Started programs such as "Scenario based Pentest" to perform application security at scale,
identifying new variants and enhancing security measures.
• Engineered a platform to support variant hunting at scale, significantly enhancing threat
detection capabilities.
• Drove adoption of centralized repository of semgrep rules across teams, which has become a
valuable resource consumed by all other security teams, ensuring consistent and effective
security measures across the organization.
• Conducted company-wide knowledge sharing sessions in the application security space, fostering
a culture of continuous learning and collaboration.
• Introduced a Tiered-based Purple Team and Application Security Engagement model, enhancing
security collaboration and effectiveness.
• Spearheaded initiatives to promote "shift left security" within the application security space,
embedding security considerations earlier in the development process.
• Championed various learning and development programs, including the "Empower to Pursue"
initiative, aimed at attracting talent to the field of information security.
 • Introduced innovative red team offerings focused on identifying systemic issues and leveraging
threat intelligence in red teaming exercises.

Senior Security Engineering Manager (MSRC) / Microsoft/ 12.2018 – 09.2021 (Hyderabad, India)

• Led world-class Blue Team functions, including SOC, Incident Response, Threat Hunting, Detection
Research, and Blue Engineering, responsible for safeguarding Azure.
• Built the threat hunting function from the ground up, achieving maturity in Detection
Engineering, Incident Response, and 24/7 Security Operations teams in India.
• Drove Purple Team engagements, identifying and presenting security gaps to stakeholders and
the leadership team.
• Managed high-scale companywide Security Incidents such as Log4J and Solarwinds,
demonstrating expertise in incident response and mitigation.
• Initiated various impactful programs, including the Alert Evaluation Scoring Model, Jupyter
Notebooks-based Investigation framework, and Hunting Traps programs (featuring a framework
for Ransomware & Cobalt Strike), enhancing the overall security posture and creating significant
business value.
• Spearheaded initiatives to enhance detection engineering, introducing a Threat Informed
Detection Engineering approach based on the MITRE ATTACK framework.
• Implemented Machine Learning-based behavioral detections, leveraging advanced technology to
enhance threat detection capabilities.
• Brought about maturity in the Detection Engineering program, optimizing the team's
effectiveness in identifying and responding to security incidents.
• Developed and mentored team members based on their individual strengths, resulting in several
team members progressing into managerial and technical lead positions, a testament to your
strong leadership and mentorship skills.

Technical Lead (Threat Hunting & Detection Research) / Microsoft / 01.2017 - 12.2018 (Hyderabad,
India)

• Lead overall Threat detection program for Microsoft EDG where i was driving overall detection
quality that included Detection Research/Onboarding and Tuning.
• Developed threat reports on incidents to share technical details with partner teams and
leadership.
• Lead program related to adoption of MITRE ATTACK framework to our detections that included
evaluation, identify new detections, logging gaps, detection writing etc.
• Lead migration of detection from Arcsight to big data platform Kusto and collaborated with
Engineering teams on building our Detection Repository with CI/CD integration.
• Took part in developing a concept called Alert Scoring Model intended to increase fidelity of
triggered detections and reduce alert fatigue for SOC.
• Setup Adversary Emulation System (AES Testing) Program using PowerShell Scripts and publicly
available tools like Caldera, APT Simulator.
• I was involved in the development of Microsoft Defender ATP. Gave analyst specific requirements to
ATP Product Group, tested their features, and provided feedback, suggested new functionalities.

Escalation Security Analyst / Microsoft IDC / 09.2015 - 01.2017 (Hyderabad, India)

• Performed security investigations and worked on various companywide Incidents. Handled all
escalations coming from SOC and provided mentorship on security investigations.
• Ran overall security operations program i.e., performing quality reviews of security investigations
and triggered alerts, day to day detection quality, participated in Purple Team Engagements.
• Performed analysis of logs from various devices like IDS/IPS, Network & Application Firewall, SEP,
Anti-Virus, FireEye, EDR, WEC/WEF in various investigations.
• Performed forensics for Azure VMs and Static Malware Analysis for some File Samples reported to
EDGFIRE.
• Participated in OneHunt and represented Blue Team.

Security Associate / Markit / 01.2015 - 09.2015 (Delhi, India)

• Worked in information security team for establishing SOC from the scratch and establishing Security
processes inside organization.
• Implemented tools such as Proxy (Zscaler), PrevilegeGuard (Avecto), AlgoSec firewall analyser in various
office locations
• Established Incident Response process inside organization

Senior Security Analyst / Symantec / 04.2013 - 01.2015 (Chennai, India)

• Handled incidents and analyzed logs of multiple devices like Snort IDS/IPS, ISS IPS, Network &
Application Firewall, SEP, Anti-virus, FireEye, Palo Alto etc.,
• Follow various attacking groups to keep customers about targeted attacks against them.
• Made Executive Summaries & Threat reports including actionable intelligence for external customers.

Security Engineer / NIIT Technologies / 02.2011 - 04.2013 (Delhi, India)

• Learned Security Information & Event and Management (SIEM) using Arcsight ESM, Logger.
Performed Building up of Use-cases, rules, reports, dashboards on Arcsight ESM.
• End to end deployment starting from requirement analysis to developing standard operating
procedures.
• Created Correlation rules and aggregation on Arcsight ESM for better security operations.
• Setting up alerting and monitoring processes, escalation matrix, turnaround time, response times
Operations handover.
• Performed Vulnerability Management using Qualysguard and generated vulnerability Reports to
fulfill the customer needs

Technical Certifications:
• SANS GIAC Certified GCIA (SANS advisory Board member)
• CNA
• AlgoSec Certified Security Administrator
• Avecto Defendpoint certified Specialist
• Qualysguard Certified Vulnerability Management Specialist
Education:
• Master’s degree (M.S.) in Cyber Law & Information Security
• Bachelor’s degree in Electronics and Communications Engineering