Security Engineer | SOC Analyst | Threat Detection & Security Automation

Thanmayee Manchikanti

SOC Analyst with experience in incident triage, log analysis, and threat detection across real-world environments. I design and build security workflows and automation using APIs to improve how threats are identified, analyzed, and responded to across modern environments. My work combines IOC analysis, threat intelligence enrichment, and MITRE ATT&CK mapping to produce evidence-based incident outcomes, along with developing Python and Flask-based tools to support consistent and scalable security operations. I am particularly interested in applying these capabilities to cloud-native and scalable security environments.

Featured on GitHub: SOAR threat-intel & automation engine

View projectsContact me

About

Professional summary

I build and document repeatable detection and response workflows that support SOC operations from triage through remediation. My project work combines IOC analysis, threat intelligence enrichment, and MITRE ATT&CK mapping to produce evidence-based incident handling outcomes. I also implement API-driven security automation in Python and Flask to standardize enrichment, scoring, and analyst-facing response steps.

Focus areas

  • Incident triage and IOC analysis with evidence-first case documentation
  • Threat intelligence enrichment and ATT&CK-aligned detection workflow thinking
  • Python/Flask API implementation for security automation and response consistency

Projects

Featured

Automated Threat Intelligence & SOAR Engine

Security automation pipeline for Security Operations workflows: ingest IOC data (IP/domain/hash), enrich with threat intelligence, risk-score outcomes, and trigger alerting/playbook response steps for SOC analyst triage and incident handling.

Impact: Standardized enrichment, scoring, and alerting to reduce manual triage variance and improve analyst response consistency.

SOAR sourceFull repo
PythonFlaskSQLiteREST APIsSlack Webhooks
  • Threat intelligence enrichment via VirusTotal and AbuseIPDB
  • IOC triage workflow: ingest → enrich → risk score → incident handling action
  • Analyst-facing alerting and playbook-style response flow
  • Standardized API-driven scoring logic for consistent triage decisions
SOAR engine web dashboard with indicator analysis and incident table
Web dashboard — enrichment, verdict, incidents
Slack alert from SOAR playbook with VT and Abuse scores
Slack alerting — suspicious indicator notification
SOC Case Lab

SOC Incident Investigation Lab

Analyst-readiness case lab demonstrating Security Operations workflows across six incident types using repeatable investigation steps and defensible evidence handling.

Impact: Demonstrates repeatable, evidence-based SOC case handling that supports faster and more consistent incident decisions.

SOC lab source

Highlights

  • 5+ completed investigations spanning 6 SOC scenarios (phishing, brute force, ransomware, data exfiltration, malware infection, insider threat)
  • Repeatable case workflow: triage → IOC extraction → enrichment → ATT&CK mapping → remediation
  • Evidence-based case documentation for consistent incident response decisions

Snapshot

Operational evidence from real case work: command-line triage output and suspicious access analysis tied to incident response decisions.

Terminal output showing ranked failed login attempts by attacker IP
Incident triage evidence — failed login IOC pattern analysis
Evidence view showing suspicious or sensitive access behavior
Detection evidence — suspicious access behavior for response validation

Skills

Security Operations

  • Incident triage
  • IOC analysis and validation
  • Incident response and escalation workflow
  • Case documentation

Threat Intelligence & Detection

  • Threat intel enrichment
  • MITRE ATT&CK mapping
  • Detection analysis across endpoint and log evidence
  • SIEM/EDR alert triage context

Automation & SOAR

  • Python
  • Flask
  • REST APIs
  • Webhooks
  • Security workflow automation (API-driven)

Systems & Data

  • Linux CLI workflows
  • SQLite
  • Structured evidence handling and incident reporting

Networking Fundamentals

  • TCP/IP
  • DNS
  • HTTP
  • Suspicious connection and network behavior analysis

Contact

Open to roles in security engineering, SOC automation, and detection. Reach out via email or connect on LinkedIn.

Emailthanmayee3133@gmail.comLinkedInProfileGitHubRepositories