Sameer Goyal
chicago,Illinois
Summary
Security & Incident Response Professional with 9+ years of experience in detection & response across large, regulated enterprises. Own and mature IR programs and CSIRPs aligned to NIST SP 800-61r3, with deep hands-on work in high-severity investigations, insider-risk scenarios, and AI/LLM-assisted IR automation using Python and modern cloud tooling.
Overview
9
9
years of professional experience
2
2
Certifications
Work History
Incident Response Lead
Rivian Automotive LLC
chicago, IL
03.2025 - Current
- Oversaw enterprise-wide incident response program for Rivian across cloud and on-prem environments.
- Developed and operationalized Cyber Incident Response Plan aligned with NIST SP 800-61r3, securing cross-functional review from Legal, Privacy, and Security leadership.
- Defined and monitored incident response metrics to enhance Incident Response prioritization and automation.
- Led development of incident response AI strategy, implementing LLM-assisted workflows to standardize investigations.
- Collaborated with HR, Legal, and investigative teams on sensitive investigations, delivering defensible timelines and evidence packages.
Senior Incident Response Engineer
Rivian Automotive LLC
Chicago
06.2022 - 03.2025
- Conducted high-severity investigations across AWS, Azure, GCP, Kubernetes, and on-prem environments.
- Enhanced signal quality for insider-risk and account-compromise scenarios through SIEM/XDR detections and supporting pipelines.
- Created Python and PowerShell tools alongside Rootly automation for streamlined incident creation and triage workflows.
- Facilitated quarterly technical and executive tabletops to assess incident response strategies.
Senior Incident Response Analyst
Moody's Investor Services
New York City
07.2019 - 06.2022
- Investigated alerts using endpoint, network, email, and perimeter tools, identifying threats in Windows, macOS, and Linux environments.
- Performed log and packet analysis to contain identified threats efficiently.
- Led multi-stakeholder incidents with Legal, HR, Compliance, and global IT/business teams addressing sensitive access and data-handling cases.
- Developed incident response runbooks and automated SOAR workflows for improved detection and response.
- Integrated lessons learned into detections and playbooks to enhance future threat management.
Information Security Analyst
Morgan Stanley
New York, New York
08.2016 - 06.2019
- Investigated alerts from endpoint, network, email, and perimeter security tools for threat identification and containment.
- Conducted operational malware analysis while mentoring Level-1 analysts to enhance team capabilities.
- Contributed to playbook and process improvements through comprehensive training sessions.
Education
M.S. - Cyber Risk & Strategy
New York University
05.2021
M.S. - Computer Science (Information Assurance)
Arizona State University
05.2016
Skills
- Detection & Response
- Security Automation
- Cloud Security
- Incident Response
- SIEM & Analytics: Splunk, Databricks, log analytics platforms
- Cloud & Container IR: AWS, Azure, GCP, Kubernetes
- SOAR: Demisto/XSOAR, Rootly, Torq
- Endpoint, EDR & DLP: Microsoft Defender, CrowdStrike Falcon, Tanium, FortiDLP
- Forensics & IR Tooling: KAPE, SIFT Workstation, Volatility, Sysinternals Suite, Wireshark
Certification
GCFA
Timeline
Incident Response Lead
Rivian Automotive LLC
03.2025 - Current
Senior Incident Response Engineer
Rivian Automotive LLC
06.2022 - 03.2025
Senior Incident Response Analyst
Moody's Investor Services
07.2019 - 06.2022
Information Security Analyst
Morgan Stanley
08.2016 - 06.2019
M.S. - Cyber Risk & Strategy
New York University
M.S. - Computer Science (Information Assurance)
Arizona State University