Security Engineer / SOC Analyst

SANKET 
TAWARE. 

I build systems that catch what others miss.

Also, I used to deadlift. The discipline did not leave.

At a glance

  • Scale: SOC handling 1M+ logs/day at IIT Bombay.
  • Tools: Kafka, ELK, Python, Isolation Forest, Wazuh.
  • Outcomes: 30% false positive reduction, 15+ attack patterns caught.

Open to roles: Security Analyst / SOC / Detection Engineer | Location: India | Availability: Immediate

Skills keywords: SOC, detection engineering, SIEM, Kafka, ELK, Python, ML, MITRE ATT&CK, log parsing, incident response

Enter the SOC

Scene 02

Before the keyboards.

Chapter 01

The gym taught me one thing.

Discipline isn't motivation.

It is a system.

1.5 years as a certified fitness trainer.Every client taught me something:Consistency > intensity. Every single time.I run my SOC the same way.

Gym era

Chapter 02

Fashion shows. Art circles.

Pattern recognition in disguise.

Turns out, building a threat detection pipeline and curating a fashion show share the same skill:finding signal in noise.I just moved from runways to Kibana dashboards.

Chapter 03

IIT Bombay.

Built it from zero.

No template. No vendor.

Just architecture.

Lead SOC Architect / TrustLab.1,000,000 logs. Every day.ML detection. Real infrastructure. Real threats.None of them get past the pipeline.

SOC era
DRAG TO EXPLORE

Scene 03

On Stage

Not just building. Also explaining. To real audiences.

IITB TRUST SUMMIT
IITB TRUST SUMMIT

Kibana SOC Dashboard / Live Demo / IIT Bombay

ML ANOMALY DETECTION TALK
ML ANOMALY DETECTION TALK

Isolation Forest / Academic Audience

HSBC CTF
HSBC CTF

Technical Support / Cybersecurity Competition

DELOITTE x IITB FWD
DELOITTE x IITB FWD

Featured: Junior Program Engineer, TrustLab

RISC 2025
RISC 2025

SOC Architecture Presentation / Live Audience

CO-PRESENTER / RISC 2025 / TRUST SUMMIT / DELOITTE FWD / HSBC CTF

Scene 04

The Journey

2020

Enrolled, BCA - Savitribai Phule Pune University

Enrolled, BCA - Savitribai Phule Pune University

Computer Applications. Where the curiosity started.

2023

Graduated - CGPA 8.26

Graduated - CGPA 8.26

Strong fundamentals. Weak sleep schedule.

2023

First Cyber Certifications

Cisco Threat Management / Mastercard Cybersecurity / Commonwealth Bank Fraud Detection

Nov 2024

Security Engineer / TrustLab, IIT Bombay

Security Engineer / TrustLab, IIT Bombay

CURRENT ROLE

Built production SOC from zero. No template. No vendor.

2024

FOSS SOC Engine - Live in Production

1M+ logs/day. Apache Kafka + ELK. Real infra.

2025

LLMGuard - Published

Chrome extension. Protects secrets on ChatGPT, Claude, Gemini.

2025

RISC 2025 - Co-Presenter photo

RISC 2025 - Co-Presenter

SPEAKER

Presented ML-based anomaly detection and custom SOC architecture to industry and academic researchers.

2025

IIT Bombay Trust Summit - Presenter

LIVE DEMO

Live demo of FOSS SOC Engine with Kibana dashboard to an audience at IIT Bombay.

2025

Deloitte x IITB FWD - Featured Engineer

FEATURED

Officially featured as Junior Program Engineer, TrustLab, in the Deloitte x IIT Bombay FWD program showcase.

2025

HSBC CTF - Technical Support

CTF SUPPORT

Provided technical support for the HSBC Capture the Flag cybersecurity competition.

Scene 05

LOGS DON'T LIE / PEOPLE DO / FANCY DASHBOARDS DON'T STOP ATTACKS / IF IT'S NOT MONITORED IT'S ALREADY COMPROMISED / YOUR FIREWALL IS NOT YOUR IDENTITY /LOGS DON'T LIE / PEOPLE DO / FANCY DASHBOARDS DON'T STOP ATTACKS / IF IT'S NOT MONITORED IT'S ALREADY COMPROMISED / YOUR FIREWALL IS NOT YOUR IDENTITY /

Deploying a SIEM in production is easy. Doing it at IIT Bombay, from scratch, while catching actual threats, is another thing entirely.

Signed: Someone who actually did it.

ML does not detect threats. Bad ML does not. Good ML, trained on your actual logs, with an Isolation Forest model? That caught 15 attack patterns your signature rules never saw.

You do not need 5 years of experience. You need 1 year of building something real that processes a million logs a day.

Scene 06

Case Files

1M+ LOGS/DAY

FOSS SOC ENGINE

Production log parsing engine deployed live at IIT Bombay. Handles 1M+ events/day. 4 hybrid parsing strategies. Dead Letter Queue for forensics. Built a custom Python attack simulation framework to generate real DDoS, SQLi, and brute force traffic to validate every detection rule before production deployment.

PythonKafkaRedisElasticsearchYAML
1M+ logs/day | 40% fewer errors | 100% rule validation
GitHub
ANOMALY MAP

ML ANOMALY DETECTION ENGINE

Isolation Forest model baked directly into the SIEM pipeline. Catches low-and-slow brute force that signatures miss entirely.

PythonScikit-learnIsolation ForestELK Stack
30% false positive reduction | 15+ attack patterns caught
REAL-TIME SHIELD

LLMGUARD

Real-time secret scanner for ChatGPT, Claude, Gemini. Blocks API keys, AWS credentials, JWTs before they reach the model. Shadow DOM isolated. Under 50KB. Zero dependencies.

JavaScriptChrome ExtensionManifest v3Regex
30+ secret types | 100% local | No external calls
BLUEPRINT

FOSS SOC BLUEPRINT

An open-source practitioner guide for building a full SOC on zero budget. ELK + Wazuh + Suricata + Zeek + TheHive + MISP. Architecture to incident response.

ELKWazuhSuricataTheHiveMISP
Zero budget build | End-to-end IR | Open-source stack

Scene 07

Under the Hood

The Pipeline Architecture

Log SourcesApache KafkaPython ParsersElasticsearchKibana DashboardAlert

Every log from NGINX, Apache, Postfix goes through a 4-strategy hybrid parser - stateless regex, multi-match, Redis-backed stateful reassembly, JSON mapping. Zero code changes per new log source.

The ML Detection Layer

-> Isolation Forest model trained on real IIT Bombay traffic

-> Detects: Low-and-slow brute force, Credential stuffing

-> 15+ attack patterns missed by signatures

-> 30% false positive reduction vs baseline rules

Scene 08

The Arsenal

1

Detection Engineering

  • Kibana
  • MITRE ATT&CK
  • Correlation Rules
2

SIEM Architecture

  • Kafka
  • ELK Stack
  • Logstash
  • Redis
3

ML Threat Detection

  • Isolation Forest
  • Python
  • Scikit-learn
4

Log Analysis

  • Grok
  • Regex
  • Filebeat
  • Wazuh
5

Infrastructure

  • Proxmox
  • Ubuntu
  • Docker
  • TLS Hardening
6

Threat Intelligence

  • MISP
  • IOC Enrichment
  • Real-time Alert Fidelity
7

Attack Simulation

  • Custom Python Framework
  • DDoS
  • SQLi
  • BruteForce

Scene 09

The numbers do not lie.

Verified real infrastructure / not a simulation

Deployed at

IIT Bombay logoIIT Bombay
0

Logs processed daily

0

Uptime on SOC infrastructure

0

False positive reduction

0

Attack patterns caught by ML

0

MITRE ATT&CK-aligned rules deployed

"Deployed at IIT Bombay. On real infrastructure. Not a simulation. Not a lab. Production."

Scene 10

The Case for Sanket

Built, Not Studied

1+ year building a live production SOC. Not a home lab. Not a simulation. Real infrastructure. Real threats. Real uptime.

Full Stack Security

From raw log ingestion to ML-based detection to MITRE-mapped correlation rules. I own the entire pipeline - not just one layer.

Ships Real Things

FOSS SOC Engine / ML Detection Engine / LLMGuard / SOC Blueprint. All public. All working. All linked.

Scene 11

If your logs are sleeping,

your attacker is not.

I build systems that catch threats in real time. Let us talk.

Email MeGitHub