JEET A PANDYA
// CYBER SECURITY CONSULTANT //
Initializing secure session...
Cybersecurity Operations  ·  Singapore 🇸🇬

Jeet A Pandya

Cybersecurity Operations Manager
|

10+ years working across security operations, incident response, and threat detection. Currently focused on Security Operations and building AI-driven security tooling at Rajah & Tann Singapore — one of Asia's leading law firms.

CISSP GIAC Advisory Board GCFA GPEN GCIH GCED AWS Security Specialty Splunk Admin CrowdStrike Falcon Hunter
View LinkedIn 🏅 Verify Credentials
0
Years Experience
0
Certifications
0
Organisations
0
GIAC Certs
0
Countries
// 01.  WHO AM I

Profile Summary

I'm Jeet A Pandya, a cybersecurity professional with over 10 years of experience across security operations, incident response, and threat detection. Based in Singapore, I currently work as Cybersecurity Operations Manager at Rajah & Tann, where I focus on operational security and building AI-driven tooling for the security team.

My background covers a range of areas including incident response, threat hunting, digital forensics, SOC development, and SIEM engineering. I've worked across consulting at Big 4 firms and now in-house, giving me perspective on both advisory and operational sides of security.

I've been involved in security work across telco, financial services, legal, property, natural gas, and BPO sectors, dealing with a range of environments from on-prem to cloud-native and IT/OT. I try to approach security practically — assessing risk based on business context rather than rigidly following frameworks.

I hold a CISSP and sit on the GIAC Advisory Board. I value continuous learning and staying current with how threats and technology evolve — it's something I take seriously both professionally and personally.

// 02.  WHERE I'VE WORKED

Professional Experience

Rajah & Tann Singapore
Cybersecurity Operations Manager
2025 – Present
Security Operations AI Security Tooling Vulnerability Management EDR DLP MSSP Management Incident Response Cloud Security Secure Configuration
  • Manage and operate day-to-day security tooling including vulnerability management, Data Loss Prevention (DLP), and Endpoint Detection & Response (EDR) platforms across the organisation.
  • Act as service manager for external Managed Security Service Providers (MSSPs) — defining service expectations, reviewing performance, and ensuring quality of alert triage and escalation processes.
  • Investigate and triage security alerts including phishing, DLP incidents, and MSSP-raised events, determining scope and coordinating response accordingly.
  • Define and evaluate secure configuration baselines across SaaS, cloud (Azure), and on-premises environments including Active Directory, Microsoft 365, Entra ID, and Intune.
  • Building an AI agent for the security team focused on cybersecurity operations — exploring how LLM-based automation can support alert triage, investigation workflows, and security reporting.
  • Respond to and manage security incidents to minimise organisational impact, working closely with IT and business stakeholders to contain and remediate effectively.
  • Report directly to the Chief Information Security Officer (CISO), contributing to strategic security planning alongside operational responsibilities.
KPMG Singapore
Assistant Manager → Manager  |  Cyber Security Advisory
June 2023 – 2025
Incident Response Threat Hunting Digital Forensics SOC Assessment Use Case Development Purple Team Cloud Forensics IT/OT Security
  • Led ransomware and data loss incident response investigations on Windows, Linux, and Cloud environments — identifying full attacker footprint and data exfiltration scope for multiple enterprise clients.
  • Directed Business Email Compromise (BEC) investigations for multiple clients, encompassing log analysis, email forensic artefact analysis, and delivery of comprehensive incident reports.
  • Supported PDPC-compliant data breach investigations for Singapore-based organizations, including PII data classification, impact scoping, and regulatory reporting assistance.
  • Performed security compromise assessments across telecom and financial services sectors using network traffic analysis, endpoint security tooling, and historic data analysis from triage collection.
  • Supported compromise assessment for a property and hospitality group — analysing servers, endpoints, network traffic, and applications across all properties for indicators of suspicious behaviour.
  • Led threat hunting in IT/OT environment for a natural gas manufacturer, analysing key servers, networking devices, security tools, and DNS infrastructure.
  • Led blue team operations during purple team cloud exercises, focusing on TTP-based cloud detection and response across the MITRE ATT&CK matrix.
  • Conducted SOC maturity assessment for a large insurance company — delivering gap analysis, target-state recommendations, and peer benchmarking across Governance, People, Process, and Technology.
  • Developed prioritised use cases and attack path models for Web, SAP, and IoT applications for an investment trust organization based on threat assessment and attack path modelling.
Ernst & Young Singapore
Senior Consultant  |  Cyber Security
Dec 2021 – Mar 2023
Next-Gen SOC SOC Audit Tabletop Exercise Cyber Due Diligence Insider Threat
  • Designed and developed Next-Gen SOC architecture for a transformation strategy — converting a traditional SOC to a more mature, robust state, and implemented a reference demo environment to operationalize the vision.
  • Led and executed a Security Operation Centre internal audit for a commercial MSSP, presenting findings across Governance, People, Process, and Technology dimensions, and identifying non-compliance areas and improvement opportunities.
  • Developed threat scenarios and executed tabletop exercises — providing technical knowledge support, building storyboards, designing injects, and facilitating the exercise for client stakeholders.
  • Conducted cyber due diligence for a financial services M&A transaction — providing pertinent insights into the target's cyber security governance, policy, and strategic posture.
  • Developed insider threat detection use cases for a financial services organization — mapping real-world insider threat scenarios to detection logic and SIEM alert design.
Ernst & Young Chennai
Intern → Associate Consultant → Consultant
Jul 2016 – Apr 2021
Compromise Assessment SIEM Engineering Splunk Architecture MITRE ATT&CK AWS Deployment SOC Operations
  • Led a real-time compromise assessment for a global omnichannel BPO — deploying Splunk and OSQuery agents across worldwide data centres, implementing SPAN mirroring of internet gateway traffic, and performing deep packet, domain, and traffic analysis.
  • Led threat hunting teams for manufacturing and telecom firms in India — developing hypotheses, mapping TTPs to MITRE ATT&CK, identifying log sources, and performing log analysis across network and endpoint security devices.
  • Designed and developed advanced Splunk threat detection use cases for a large payments organization — building SPL queries, correlation logic, alert notification templates, and custom dashboards.
  • Architected and deployed Distributed Splunk on AWS using Docker containers — configuring Indexer Clusters, Search Head Clusters, Heavy Forwarders, Deployment Server, Deployer, and Distributed Monitoring Console for high availability and scalability.
  • Led SOC operations with CI/CD pipeline for continuous Splunk use case deployment — including Splunk Enterprise Security and Alert Manager, with integrated Threat Intel and TAXII feed ingestion.
  • Crafted MITRE ATT&CK frameworks for Enterprise and AWS environments across ride-hailing, manufacturing, and media clients — mapping use cases, identifying detection gaps, and building coverage to strengthen overall security posture.
  • Deployed an in-house SOC for an agricultural organization — covering SIEM architecture planning, risk assessment, asset inventory, log onboarding, use case development, custom Splunk app creation, dashboard design, automated reporting, and analyst training.
  • Performed Splunk integrations for News and Oil & Gas organizations — from server hardening and device onboarding through to alert creation, index design, and dashboard deployment.
// 03.  CREDENTIALS

Certifications & Achievements

Expert
🛡️
Certified Information Systems Security Professional (CISSP)
(ISC)²  ·  CISSP
Board
GIAC Advisory Board Member
Global Information Assurance Certification (GIAC)
Advanced
🔬
GIAC Certified Forensic Analyst (GCFA)
SANS Institute  ·  GCFA
Advanced
⚔️
GIAC Certified Penetration Tester (GPEN)
SANS Institute  ·  GPEN
Advanced
🏰
GIAC Certified Enterprise Defender (GCED)
SANS Institute  ·  GCED
Advanced
🚨
GIAC Certified Incident Handler (GCIH)
SANS Institute  ·  GCIH
Professional
☁️
AWS Certified Security – Specialty
Amazon Web Services (AWS)
Professional
🦅
CrowdStrike Certified Falcon Hunter
CrowdStrike  ·  Threat Hunting
Professional
📊
Splunk Certified Admin
Splunk Inc.
Professional
Splunk Certified Power User
Splunk Inc.
Training
☁️
SANS FOR509 – Enterprise Cloud Forensics & Incident Response
SANS Institute
Training
💻
13Cubed Windows Endpoint Investigation
13Cubed  ·  Gold Level
Training
🗺️
Foundations of Operationalizing MITRE ATT&CK
AttackIQ
Training
🔴
Foundations of Purple Teaming
AttackIQ

Verify All Credentials on Credly

All certifications are digitally verified and publicly available via Credly.

🏅 Open Credly Profile ↗
// 04.  TECHNICAL ARSENAL

Skills & Expertise

CORE COMPETENCY PROFICIENCY

Incident Response & Digital Forensics (DFIR)95%
Threat Hunting & Compromise Assessment93%
SIEM Engineering (Splunk, ELK, QRadar, Sentinel)95%
SOC Design, Development & Assessment90%
Cloud Security (AWS, Azure, Cloud Forensics)85%
Network & Traffic Analysis84%
Security Automation (Python, Ansible, Terraform)78%
Penetration Testing & Red/Purple Team80%
📡
SIEM & MONITORING
Splunk Enterprise Splunk ES ELK Stack IBM QRadar Azure Sentinel Stellar Cyber Splunk Attack Range Splunk SPL Alert Manager
☁️
CLOUD SECURITY
AWS Security AWS SIEM Azure Security Cloud Forensics Docker CI/CD Security IaaS / PaaS Cloud IR
🔍
THREAT INTEL & HUNTING
MITRE ATT&CK MITRE D3FEND YARA Rules SIGMA Rules OSINT Threat Intelligence TAXII Feeds IOC Analysis TTP Mapping
🛠️
FORENSICS & IR TOOLS
Redline OSQuery Volatility CrowdStrike Falcon Memory Forensics Disk Forensics Network Forensics Email Forensics Artifact Analysis
AUTOMATION & DEVELOPMENT
Python Shell Scripting Ansible Terraform CI/CD Pipelines API Integration Custom Parsers
🌐
NETWORK & INFRASTRUCTURE
TCP/IP OSI Model IDS/IPS Deep Packet Inspection DNS Analysis Firewall Analysis Network Traffic Analysis SPAN Mirroring
// 05.  ACADEMIC BACKGROUND

Education & Foundation

🎓
Master of Technology (M.Tech.)
Cyber Security & Incident Response
National Forensic Sciences University
June 2015 – May 2017
SPECIALIZATION Advanced Forensics · Incident Response · Cybercrime Investigation · Digital Evidence
🖥️
Bachelor of Engineering (B.E.)
Information Technology
Gujarat Technological University
June 2010 – May 2014
FOUNDATION Networking · Systems Architecture · Software Engineering · Database Systems
// 06.  BEYOND THE SCREEN

Life Outside the SOC

🤿
Scuba Diving
🏍️
Bike Riding
✈️
Travelling
🧗
Adventure Sports
🍜
Total Foodie
🔐
Security Research

LANGUAGES SPOKEN

🇬🇧 English 🇮🇳 Hindi 🇮🇳 Gujarati