Summary
Overview
Work History
Skills
Core Competencies
Education
Certification
Timeline
Generic

Neha Sonar

Summary

Cybersecurity professional with 5+ years of experience in Security Operations Center (SOC) management, incident response, threat intelligence, and digital forensics. Skilled in SIEM (Splunk, QRadar, ArcSight), EDR/XDR, SOAR, malware analysis, IDS/IPS tuning, and compliance frameworks. Holds CEH and Splunk Core User certifications. Proven ability to lead teams, automate threat detection processes, and enhance security posture through AI-driven solutions. Passionate about building resilient cybersecurity operations through automation and AI-driven threat mitigation.

Overview

7
7
years of professional experience
1
1
Certification

Work History

Cyber Security Engineer

Verizon Communications
02.2025 - Current
  • Security incident triage and response for Verizon's global infrastructure across hybrid cloud and enterprise environments.
  • Implemented advanced threat detection using Splunk ES and integrated TIPs (MISP, ThreatConnect) for correlation.
  • Conducted threat hunting exercises using MITRE ATT&CK mapping across Windows and Linux endpoints.
  • Collaborated with vulnerability management team to align detection rules with high CVSS-score exploits.
  • Developed automated playbooks using Phantom/XSOAR for phishing, malware containment, and IOC lookups.
  • Fine-tuned behavioral analytics rules (UEBA) for detecting anomalous logins, privilege abuse, and data movement.
  • Investigated and responded to alerts triggered by DLP, EDR, CASB, and Microsoft 365 Defender.
  • Created weekly executive dashboards detailing incident trends, false positive rates, and response metrics.
  • Participated in red/blue team engagements and managed post-attack cleanup with forensic reports.
  • Onboarded 30+ log sources into Splunk and QRadar, ensuring normalized parsing and correlation integrity.
  • Liaised with Verizon's global cybersecurity operations and GRC teams to align with ISO 27001, NIST 800-53, and SOX compliance.
  • Designed and conducted SOC maturity assessments to identify gaps in detection, response, and containment workflows.
  • Worked on integration of Azure Sentinel with external data sources and ensured correct KQL rule writing for threat detection.
  • Developed honeypots to study attacker behavior and feed threat intelligence pipelines.
  • Led automation of phishing investigation lifecycle using regex parsing and sandbox integrations.
  • Maintained and updated incident response playbooks based on evolving threat landscape and Verizon-specific threat models.
  • Created and managed indicators of compromise (IOCs) repository, enabling faster correlation in future incidents.
  • Assisted Verizon teams during tabletop exercises and helped simulate APT-style attack scenarios for executive training.
  • Reviewed and validated endpoint security policies, ensuring alignment with SOC visibility requirements and zero trust principles.
  • Coordinated with law enforcement and third-party forensic vendors during post-breach investigations.
  • Delivered internal training to SOC analysts on cloud-native threat hunting using Azure and AWS logs.

Assistant Manager – Security Operations Center (SOC)

Deloitte | Client: Leading Global Banking & Financial Organization
01.2024 - 06.2024
  • Led a 24/7 SOC team of 8 analysts for a global bank (50,000+ employees), ensuring real-time threat detection, triage, and resolution.
  • Acted as incident commander for critical ransomware and insider threat cases; minimized business disruption with zero downtime.
  • Developed Python-based SOAR playbooks for alert enrichment, isolation, and auto-containment — reducing MTTR by 35%.
  • Directed full-scope digital forensic investigations, establishing root causes and enhancing detection rules.
  • Authored executive-level threat reports and threat intelligence briefs presented to the CISO and Board.
  • Maintained compliance with NIST CSF, MITRE ATT&CK, and CIS benchmarks.
  • Mentored junior SOC analysts in log analysis, correlation, triage, and threat hunting best practices.
  • Monitored DLP alerts, CASB violations, and implemented custom data loss signatures.
  • Designed escalation matrices, shift handover templates, and incident response workflows.
  • Partnered with threat intelligence vendors to integrate premium feeds into SIEM.
  • Worked closely with red team to build detection signatures for simulated attack techniques.
  • Coordinated BCP/DRP simulation exercises and validated SOC resiliency plans.
  • Improved KPIs for SOC performance, including MTTD/MTTR metrics through automation and alert prioritization.
  • Developed quarterly SOC performance reviews and maturity roadmap with CISO office.
  • Led SIEM optimization efforts, including parsing enhancements and correlation rule rewrites for 20+ use cases.
  • Implemented SOC onboarding checklist for new analysts and shift leads.
  • Oversaw threat modeling and risk assessments for new business-critical applications prior to go-live.

Cybersecurity Specialist

Cognizant Technology Solutions | Internal SOC
04.2021 - 12.2023
  • Company Overview: Internal SOC – Corporate IT Infrastructure
  • Responded to 150+ monthly incidents (phishing, SQL injection, zero-day exploits, ransomware).
  • Deployed SOAR workflows to automate phishing alert handling, cutting manual workload by 40%.
  • Conducted threat hunts mapped to MITRE ATT&CK, uncovering stealthy lateral movement attempts before exploitation.
  • Tuned IDS/IPS and EDR configurations to reduce false positives by 30%, improving analyst efficiency.
  • Partnered with cloud and IT teams (10+ stakeholders) to remediate vulnerabilities across O365 environments.
  • Fine-tuned IDS/IPS rules, firewall policies, and EDR/XDR configurations to reduce false positives and improve threat detection.
  • Consistently closed incident tickets within SLA timelines, maintaining high operational standards.
  • Designed cloud threat detection dashboards that flagged 200+ suspicious logins, preventing account takeover incidents.
  • Internal SOC – Corporate IT Infrastructure

Cybersecurity Analyst – Security Operations & Threat Hunting

Atos | Clients: Qatar Islamic Bank and MNC Consulting Firm
12.2018 - 04.2021


  • Investigated suspicious activities including DDoS attacks, botnet traffic, brute force, and privilege abuse.
  • Conducted forensic analysis on infected systems; reverse-engineered malware samples to derive detection signatures.
  • Supported implementation of SIEM, IDS/IPS, and endpoint protection technologies in multi-tenant environments.
  • Developed detection use cases and alerts based on MITRE techniques, behavioral anomalies, and threat intelligence feeds.
  • Participated in tabletop simulations, blue team/red team exercises to enhance incident readiness.
  • Created detailed RCA documentation and post-incident reports with executive summaries.
  • Created alert tuning frameworks and log source onboarding checklists.
  • Performed patch validation and remediation tracking with SCCM and WSUS integration.
  • Handled VIP user threats, data exfiltration attempts, and email compromise triage.
  • Documented SOPs and managed weekly governance calls with compliance and risk teams.
  • Analyzed firewall, VPN, and proxy logs to identify malicious lateral movement and command-and-control traffic.
  • Integrated real-time threat intel feeds with SIEM for enriched IOC correlation and alert fidelity.
  • Responded to critical alerts involving core banking systems and coordinated remediation with infrastructure teams.
  • Conducted dark web monitoring and threat actor profiling related to client data exposure.
  • Automated IOC enrichment using Python scripts integrated with VirusTotal and AbuseIPDB APIs.
  • Led compliance control testing related to ISO 27001 and PCI DSS, reporting deviations to the audit team.
  • Performed endpoint triage using tools like Sysinternals, Redline, and memory dump analysis.
  • Supported the configuration and tuning of Fortinet firewalls and Snort-based IDS sensors.
  • Delivered training sessions on SOC procedures and phishing analysis to L1 analysts.
  • Facilitated incident simulation drills and SOC runbook validations every quarter.

Skills

  • Incident Response & Forensics – Root cause analysis, malware forensics, insider threats
  • Threat Hunting & Intelligence – MITRE ATT&CK, APT detection, anomaly hunting
  • SIEM/EDR/IDS/IPS – Splunk, QRadar, ArcSight
  • Network & Endpoint Security : Firewalls, Vulnerability Scanning, Zero Trust Security, Privileged Access Management (PAM), Endpoint Protection
  • Cryptography : Public Key Infrastructure (PKI), Cryptographic Protocols
  • Reporting & Documentation : Security Incident Reports, Threat Intelligence Briefings, Playbooks,SOPs, Post-Incident Analysis

Core Competencies

  • SOC Leadership & Automation (SOAR, Python)
  • Incident Response & Digital Forensics
  • Threat Intelligence (APT Tracking, IOC/IOA Analysis)
  • Security Information & Event Management (Splunk, QRadar, ArcSight)
  • Endpoint & Network Protection (EDR/XDR, IDS/IPS, Firewalls)
  • Insider Threat Detection & Malware Analysis
  • Cloud Security (Azure/O365 Monitoring)
  • Security Reporting, Playbooks & SOPs
  • NIST, MITRE ATT&CK, CIS Benchmarks
  • Vulnerability Management & Patch Lifecycle
  • Insider Threat Monitoring & Behavior Analytics
  • Cloud Access Security Broker (CASB) Operations
  • Risk Assessments, Tabletop Exercises, BCP/DRP

Education


  • Postgraduate Diploma – IT Infrastructure, Systems & Security
  • Bachelor of Engineering – Computer Engineering
  • Diploma – Computer Science

Certification

  • Certified Ethical Hacker (CEH)
  • Splunk Core Certified User
  • Qualys Vulnerability Management
  • CompTIA CySA+ – In Progress (Exam Prep, 2025)
  • CISSP - In Progress (Exam Prep, 2025)

Timeline

Cyber Security Engineer

Verizon Communications
02.2025 - Current

Assistant Manager – Security Operations Center (SOC)

Deloitte | Client: Leading Global Banking & Financial Organization
01.2024 - 06.2024

Cybersecurity Specialist

Cognizant Technology Solutions | Internal SOC
04.2021 - 12.2023

Cybersecurity Analyst – Security Operations & Threat Hunting

Atos | Clients: Qatar Islamic Bank and MNC Consulting Firm
12.2018 - 04.2021

Similar Profiles

  • Tania Useda-Castro

    Tania Useda-CastroTania Useda-Castro

    Consultant-Operations at Verizon CommunicationsConsultant-Operations at Verizon Communications

  • Rod del Cerro

    Rod del CerroRod del Cerro

    5G & Edge | Partner Development Manager at Verizon Communications5G & Edge | Partner Development Manager at Verizon Communications

  • CHARLES BEDRAN

    CHARLES BEDRANCHARLES BEDRAN

    System Engineer at Verizon CommunicationsSystem Engineer at Verizon Communications

  • LATRISHA GRAY

    LATRISHA GRAYLATRISHA GRAY

    VEC Client Executive VCG at Verizon CommunicationsVEC Client Executive VCG at Verizon Communications

  • Ken Coutts

    Ken CouttsKen Coutts

    Senior Cyber Security Engineer/Digital Security Consultant at HP/HPE/DXCSenior Cyber Security Engineer/Digital Security Consultant at HP/HPE/DXC

CREATE PROFILE
Neha Sonar