United Kingdom
Senior SOC Analyst specialising in enterprise threat detection, incident response, and detection engineering within large-scale Microsoft environments at London Business School. Alongside core Security Operations responsibilities, I have developed a strong focus on AI security through structured study and lab-based research, covering LLM risk assessment, adversarial ML, prompt injection, and AI governance. This complements a broader background spanning cloud security architecture, identity hardening, and data governance across the Microsoft ecosystem. I have experience developing operational runbooks, embedding security best practices, and supporting the uplift of incident response capability through mentoring and process improvement. My work also includes enabling secure device rollouts, supporting cloud migrations, and contributing to operational modernisation initiatives. Technically, I work hands-on with Microsoft 365, Azure, Microsoft Purview, KQL, Rubrik, and modern EDR/XDR platforms, supporting improvements in detection capability, visibility, and security operations efficiency.
In my current role, I operate within Security Operations across endpoint, cloud, identity, email, and data in a large-scale enterprise Microsoft environment. I support threat detection, investigation, and response activities using Microsoft Defender XDR, Hadrian, and Coalition, with investigations mapped to MITRE ATT&CK to support structured root-cause analysis. I strengthen detection capability by developing and tuning KQL-based rules across Microsoft Defender XDR, improving alert quality and reducing false positives across high-volume telemetry sources. I leverage cyber threat intelligence (CTI) to enhance detection coverage, support proactive threat hunting, and track emerging adversary techniques. I conduct digital forensics and AI-assisted forensic investigations for complex security incidents, producing clear, evidence-based findings to support remediation and stakeholder reporting. I also apply structured AI threat modelling to assess risks in cloud and LLM-based systems, including prompt injection, model evasion, and data leakage scenarios. I support identity security across Entra ID by identifying over-privileged access and Conditional Access gaps across a 70,000+ account environment. I also work across Microsoft Purview and DSPM capabilities, supporting data classification, sensitivity labelling, retention, DLP, eDiscovery, and compliance workflows. In addition, I act as a third-line escalation point for complex cloud, endpoint, and identity incidents, and contribute to improving operational capability through knowledge sharing in KQL, MITRE ATT&CK mapping, and incident response practices.
In my earlier role, I led the migration from SCCM to Microsoft Intune, transitioning legacy endpoint management into a fully cloud-managed, compliance-driven environment that improved operational efficiency and strengthened security posture. I onboarded all endpoint classes into Microsoft Defender for Endpoint, establishing unified XDR visibility and EDR coverage across Windows, macOS, and server infrastructure. I identified and remediated security misconfigurations across Microsoft Defender for Endpoint and Entra ID, improving zero-trust alignment and reducing overall attack surface through strengthened identity and endpoint security controls. I developed operational security playbooks to support incident response readiness and standardise procedures, while mentoring 1st and 2nd line Service Desk teams to improve endpoint security awareness and incident-handling capability. I also managed Microsoft 365 licensing and endpoint configuration policies, ensuring secure and compliant allocation across the organisation.
Delivered secure workplace and cloud modernisation initiatives, including Microsoft Teams Telephony and Azure integration, improving collaboration, productivity, and secure service delivery across the organisation. Managed Microsoft 365 and Azure environments, enforcing identity-driven access controls and governance policies to strengthen security posture and ensure compliance. Administered endpoint and virtual desktop solutions using Microsoft Intune and Azure Virtual Desktop, supporting secure remote access and reducing operational risk through standardised configuration and policy enforcement. Coordinated cross-functional teams to implement cloud services and workplace technologies, ensuring secure adoption, minimal disruption, and alignment with organisational security requirements.
Managed core cloud and endpoint infrastructure, including Microsoft Intune, Azure Virtual Desktop, and cloud storage platforms, improving endpoint resilience, secure access, and operational efficiency. Supported the rapid adoption and rollout of Microsoft Intune during COVID-19, enabling secure remote working capabilities for the organisation at scale. Administered Cisco Meraki network infrastructure, maintaining secure network segmentation, VLAN design, and Wi-Fi security controls to support a hardened enterprise environment. Supported Active Directory and Azure AD synchronisation, contributing to improved identity governance, access control, and overall security posture. Led migration of legacy systems to cloud-based platforms, reducing technical debt, improving reliability, and enhancing security through modern cloud architectures. Provided technical escalation support for infrastructure an identity-related issues, assisting with resolution of complex operational and access control incidents.