DHAWAL SHAH

Information Security Leader | SOC Operations | Threat Intelligence

About Me

Information Security leader with 10+ years driving Security Operation, Cloud Security, and Threat Intelligence programs across enterprise and startup environments. Currently pioneering AI agent-based security automation at Dreamsports building intelligent orchestration workflows, LLM-powered incident response, and autonomous threat detection systems. Deep expertise in SIEM/SOAR platforms, shift-left security practices, and scalable log pipeline architecture across AWS and GCP. Proven track record transforming security operations through automation, reducing MTTR, and operationalising threat intelligence at scale.

Professional Experience

Lead Security Engineer
Dream11 (Dream Sports Portfolio) - Mumbai
October 2022 - Present
  • Directed security operations for cloud security and threat intelligence across Dream Sports portfolio, emphasizing AI-driven automation
  • Engineered orchestration workflows utilizing AI agents and LLMs to enhance automated threat detection, triage, and incident response capabilities
  • Designed and implemented AI-driven solutions for automated log analysis, prioritizing vulnerabilities and facilitating natural language security queries
  • Designed and executed shift-left security strategies enhancing the SDLC by integrating automated code scanning and validating container security
  • Implemented automated compliance checks and threat detection systems across AWS and GCP
  • Developed comprehensive threat monitoring and incident response programs from inception, utilizing scalable data pipelines for diverse log sources
  • Hands-on with SIEM/SOAR (Elasticsearch Cloud, N8N), AWS (EC2, ECS, S3, WAF, CloudFront) and GCP (Compute Engine, SCC, Pub/Sub, Cloud CDN)
Senior Solution Architect
Cyware - Mumbai
December 2019 - September 2022
  • Spearheaded technical wins for strategic enterprise deals through discovery, tailored solution design, and customized POCs aligned to customer security gaps
  • Executed 100+ technical demonstrations and architecture presentations for CISO-level audiences in banking, healthcare, and government sectors
  • Collaborated with sales to enhance competitive positioning through RFP responses and technical battle cards
  • Led technical discovery and scoping for net-new accounts, translating SecOps pain points into solution proposals
  • Directed end-to-end customer delivery lifecycle — solution design, product mapping, production deployments, and post-implementation optimization
  • Built repeatable demo environments and solution blueprints that shortened sales cycles
  • Mentored junior architects and shaped product roadmap through field requirements and competitive gap analysis
Security Architect & Threat Researcher
Cyware - Mumbai
December 2018 - November 2019
  • Led product integrations and API-based automation implementations for incident response and security orchestration
  • Consulted as technical SME on SOAR playbooks, automation workflows, Python scripting, and orchestration best practices
  • Guided customers in designing automation strategies to achieve measurable ROI from security operations
Risk Manager (Incident Response & SecOps)
HDFC Bank - Mumbai
June 2016 - November 2018
  • Led incident response investigations across full IR lifecycle — digital forensics, malware analysis, threat hunting, and remediation coordination
  • Operationalized threat intelligence feeds and researched emerging threats, including rogue mobile app analysis
  • Developed SOC use cases, log parsers, and regex patterns for security event correlation and normalization
  • Contributed to security projects: WAF/IPS baseline, ATM security monitoring, Deception Technology POC, and rogue AP detection

Open Source Projects

🔍 Multi-SIEM Detection Rules Explorer

A unified web-based explorer for 4,100+ security detection rules aggregated from 9 major SIEM platforms — Elastic, Splunk, Sigma, Google Chronicle, OpenSearch, Wazuh, and more. Rules are normalized for easy browsing, filtering by MITRE ATT&CK tactics, techniques, platforms, and data sources. Updated weekly from official public repositories.

SIEM MITRE ATT&CK Detection Engineering Elastic Splunk Sigma
🚀 Live Demo 💻 GitHub

🔐 CredHound

A CLI tool that orchestrates TruffleHog, Gitleaks, and Semgrep under a single interface to scan local files, GitHub repos, and AWS S3 buckets for exposed secrets and credentials. Features live API credential validation, deduplication of findings across tools, and Claude-powered NLP investigation mode for incident response Q&A — all from one command.

Python Secret Scanning Incident Response TruffleHog Gitleaks AI-Powered
💻 GitHub

Technical Skills & Expertise

🛡️ Security Operations

  • SOC Maturity Assessment & Transformation
  • Incident Response Program Development
  • Threat Hunting & Detection-as-Code (MITRE ATT&CK)
  • SIEM (Elasticsearch, QRadar, Splunk)
  • SOAR (N8N, Cyware Labs)

🤖 AI-Driven Security

  • AI Agents & LLM Orchestration
  • RAG & Vector Databases for SecOps
  • Automated Threat Detection & Triage
  • Security Automation & Engineering (Python)
  • API Integration & Orchestration

☁️ Cloud & Infrastructure

  • AWS (EC2, ECS, S3, WAF, CloudFront)
  • GCP (Compute Engine, SCC, Pub/Sub, Cloud CDN)
  • Cloud Security Architecture
  • Shift-Left Security & SDLC Integration
  • Infrastructure as Code

🔍 Threat Intelligence

  • TI Program Management (Cloudsek, CTIX)
  • STIX/TAXII Protocols
  • Threat Intelligence at Scale
  • Security Metrics, KPI Reporting
  • Cross-Functional Stakeholder Management

🔐 Security Products

  • EDR (FireEye, Elastic Defend)
  • WAF (AWS WAF, Cloud Armor)
  • CSPM (Orca)
  • PAM (Arcos, Teleport)

🏆 Leadership & Strategy

  • SOC Analyst Hiring & Retention
  • Security Metrics & KPI Reporting
  • Budget Ownership
  • Cross-Functional Stakeholder Management
  • Vendor & Enterprise Solution Architecture

Education

Master of Engineering, Information Security
K J Somaiya College of Engineering
July 2016
B.E, Computer Science & Engineering
Amravati University
July 2013

Certifications

Google Professional Cloud Security Engineer

Expiring June 2026

Cyware Certified CTIX, CFTR & CSOL Administrator
Cyware Certified CTIX, CFTR & CSOL Analyst

Get In Touch

Let's connect! Feel free to reach out for collaboration, opportunities, or just to say hello.

📧 Email

shah.dhawal.s@gmail.com

🔗 LinkedIn

Visit Profile

Connect with me on LinkedIn

💻 GitHub

github.com/dhawal0

Check out my repositories