SOC Lead · Detection Engineer · Purple Teamer

Sai Prashanth Pulisetti

→ |

6+ years building detection frameworks, leading SOC operations through critical incidents, and applying adversary simulation to sharpen defenses. Oracle Hall of Fame. NCIIPC ×15.

CRTECRTOCRTP CHFIeJPTSOAR

View Projects Security Intel Contact

bash — soc@defender:~ ssh 10.0.0.1

$ whoami

sai_prashanth_pulisetti

# SOC Lead · Detection Engineer · Purple Teamer

$ cat expertise.conf

▸ Threat Hunting & DFIR

▸ SIEM Engineering (Elastic · Sentinel · Splunk)

▸ Malware Analysis & IOC Extraction

▸ Purple Team Ops — CRTE / CRTO

▸ Sigma · YARA · KQL · EQL · SPL

$ ls ./recognition/

oracle_hall_of_fame.txt

nciipc_15_disclosures/

top_performer_2022_2023.award

300_detection_rules.sigma

$ ▊

0+Years in SOC

0+Detection Rules

0CVE Disclosures

0Active Certs

// about_me

The Operator

I'm a cybersecurity professional with 6+ years leading Security Operations Centers and building detection frameworks at scale. I've handled everything from P1 ransomware incidents at 3 AM to architecting enterprise-grade SIEM deployments from scratch.

My edge is bridging red and blue. Holding CRTE, CRTO and CRTP certifications, I apply adversary simulation thinking to write detection logic that catches real-world techniques — not just textbook ones.

Beyond operations, I contribute through open-source tooling, 15 responsible disclosures to NCIIPC, a critical Oracle vulnerability report, and published research on threat hunting methodologies.

📖 Blog 💼 LinkedIn ⌨ GitHub

Profile

LocationHyderabad, Telangana, India

RoleSOC Lead / Detection Engineer

EducationM.Sc. Cyber Security · IIITMK

FocusThreat Hunting, SIEM Engineering

StatusOpen to collaboration

Career Timeline

2022 – Present SOC Lead & Detection Engineer Eze Castle Integration

2020 – 2022 Senior SOC Analyst Security Operations

2018 – 2020 SOC Analyst Threat Monitoring & IR

// featured_tools

The Arsenal

JavaScriptSigmaKQL

Sigma-to-SIEM Converter

Converts Sigma detection rules into Elastic ECS-aligned queries and Azure Sentinel KQL — bridging community rule formats and production SIEM deployment with zero manual conversion effort.

Automates ECS-aligned query generation
Multi-platform: Elastic and Azure Sentinel
Bulk rule conversion workflow support
Speeds up detection rule deployment significantly

Live Demo ↗

PythonElasticOSINT

IOC Hunter

Extracts Indicators of Compromise from open-source threat intelligence blogs and converts them automatically into Elastic SIEM-ready hunting queries for real-time detection.

Automated IOC extraction from threat intel blogs
Direct Elastic SIEM query generation
Converts raw OSINT into actionable hunt rules
Accelerates threat detection onboarding

Live Demo ↗

ElasticSigmaMITRE

Elastic SIEM Use Case Library

300+ custom detection rules authored from real malware samples, threat actor TTP research, and enterprise SOC operational experience across financial sector environments.

300+ custom detection rules authored
Based on real malware samples and actor TTPs
Tuned to minimize false positives at scale
Full MITRE ATT&CK framework coverage

Enterprise / Internal

Additional Tools

PythonEmail Security

Email Analyzer

Parses email headers, detects phishing patterns, and extracts threat intelligence for SOC triage workflows.

GitHub ↗

TypeScriptObsidian

Password Audit Plugin

Obsidian plugin for password strength analysis, HIBP breach checking, and secure password generation.

GitHub ↗

// technical_stack

Skills & Arsenal

🎯

Threat Hunting & IR

Malware AnalysisP1/P2 IRDFIRIOC ExtractionBehavioral AnalysisThreat Intel

📊

SIEM Platforms

Elastic ELKAzure SentinelSplunkSOAR AutomationSwimlane SOAR

🛡️

EDR / XDR

CrowdStrike FalconSentinelOneMS DefenderCB DefenseProofpoint TAPMimecast

⚔️

Purple Team

AD Attacks (CRTE)Cobalt StrikeAtomic Red TeamCALDERAMITRE ATT&CKLOLBAS

📝

Detection Languages

Sigma RulesKQLYARASPLEQL

⚙️

Scripting & Automation

PythonPowerShellSQLBashREST APIsWorkflow Automation

☁️

Cloud Security

Microsoft 365 SecurityAzure ADM365 DefenderConditional AccessCSPM

🔬

Forensic Tools

EZ Tools SuiteRegRipperHayabusaChainsawVolatilityWireshark

// threat_intelligence

Security Intel Feed

Fetching threat intelligence…

Sourced from The Hacker News, BleepingComputer, and CISA. Updates every 3 hours.

// research_&_writing

Blog & Research

Loading articles…

// hall_of_fame

Recognition

CRITICAL01

Oracle Hall of Fame

Critical vulnerability discovery acknowledged in Oracle's official security hall of fame

15 CVEs02

NCIIPC · Govt. of India

15 responsible disclosures acknowledged by India's national cyber authority

BUG BOUNTY03

Dell · Trip Advisor · Cybrary

Bug bounty recognitions across major enterprise platforms and security communities

2× WINNER04

Top Performer · Eze Castle

Consecutive Top Performer of the Year for exceptional SOC leadership in 2022 & 2023

// get_in_touch

Connect

Open to collaboration on security research, purple team engagements, open-source detection tooling, and knowledge sharing. Working on something interesting in defensive security? Let's talk.

EMAILprashanth.inbox [at] tuta [dot] com

LOCATIONHyderabad, Telangana, India

WEBSITEprashanth.blog

contact.py

operator = {
    "name":     "Sai Prashanth Pulisetti",
    "role":     "SOC Lead | Detection Engineer",
    "certs":    ["CRTE", "CRTO", "CRTP", "CHFI"],
    "open_to": [
        "Security Research",
        "Purple Team Engagements",
        "OSS Detection Tooling",
        "Knowledge Sharing",
    ],
    "response": "within 48 hours",
    "status":   "AVAILABLE",
}

print(f"Reach: {operator['name']}")
print(f"Status: {operator['status']}")