Subash Jaganathan | Senior Cyber Security Consultant

01. cat about.md

Results-driven cybersecurity professional with 6+ years of hands-on experience specializing in Digital Forensics & Incident Response (DFIR), Security Operations (SOC), Malware Analysis, Threat Hunting and Threat Intelligence, with growing expertise in AI Security, LLM threat detection, and AI-assisted VAPT within SOC and IR workflows.

Proven record conducting in-depth forensic investigations across Windows, Linux, mobile and cloud environments, leading SOC operations, and responding to sophisticated threats including APTs, ransomware and insider attacks across banking, financial services, IT and government sectors.

Recognized for driving measurable improvements in incident response maturity, forensic investigation depth, and regulatory compliance (SEBI · RBI · PCI DSS).

Extending continuous support to the Government of Tamil Nadu as a Cyber Forensic Expert (Volunteer) under the Ministry of Home Affairs, working alongside the Tamil Nadu Police, CBCID and Narcotics Control Bureau in cybercrime investigations, capability building and digital evidence analysis.

Trained and mentored 50,000+ cybersecurity professionals and police officers through workshops, capability-building programs and hands-on DFIR training, strengthening cyber readiness across enterprise and law enforcement communities.

profile.json

{
  "name": "Subash Jaganathan",
  "role": "Sr. Cyber Security Consultant",
  "company": "4i Apps Solutions",
  "location": "Coimbatore, IN",
  "experience": 6+,
  "education": "MCA Cyber Security",
  "clearance": "Govt & BFSI engagements",
  "status": "ACTIVELY_HUNTING"
}

02. ls /arsenal

Security Domains

DFIRSOC OperationsMemory ForensicsMobile Forensics Cloud ForensicsMalware REThreat HuntingThreat Intel OSINTDark Web ForensicsPurple TeamingAI Security Pen TestingData RecoveryGRC

SIEM & EDR / XDR

SplunkIBM QRadarMS SentinelELK StackWazuh CrowdStrike NG-SIEMInnspark CrowdStrike FalconDefender XDRCortex XDRSentinelOne Trend Micro Vision OneHeimdalVelociraptorSysmonCortex XSOAR

DFIR Toolkit

CellebriteMagnet AxiomFTK ImagerVolatility 3Redline BelkasoftOxygen ForensicsAutopsyVelociraptorKAPE EZ ToolsSANS SIFTChainsawHayabusaPlaso / log2timeline TimesketchCyberChefR-StudioPC-3000

Malware Analysis & RE

GhidraIDA Prox64dbgPEBearREMnuxFLARE VM Any.runJoe SandboxVirusTotalYARA / SigmacapaDetect-It-Easyoletools

Network & Threat Intel

WiresharkZeekSuricataNetworkMinertcpdumpSecurity OnionArkime MISPOpenCTIAlienVault OTXGreyNoiseShodanCloudSEK MITRE ATT&CKOSINT Framework

VAPT, Cloud & AI

NessusRapid7 InsightVMBurp SuiteOWASP ZAPQualysAcunetix NmapSQLMapCheckmarxScoutSuiteProwler AWSAzureOracle CloudAWS GuardDutyDefender for Cloud LLM SecurityMCPAgentic AI SecurityClaude API PythonC / C++Assembly (x86/x64)Ruby

Frameworks & Compliance

MITRE ATT&CKNIST CSFISO 27001OWASPZero Trust SSDLCCyber Kill ChainSEBIRBIPCI DSS

03. ls ~/open-source

Tools I build and maintain for the DFIR community, used in real enterprise incident response.

malware scanner

hawkscan

Offline, explainable malware scanner for any file on any OS. Combines static analysis, heuristics and YARA rules to flag malicious files with clear, human-readable reasoning for every verdict.

PythonMIT

4+

windows-dfir-toolkit

Professional Windows IR evidence collection toolkit: automated triage acquisition of volatile data, event logs, registry hives and forensic artifacts for enterprise incident response.

PowerShellMIT

5+

Linux-DFIR-Toolkit

Enterprise-grade Linux DFIR & incident response toolkit for rapid artifact collection, live response and triage across production server fleets.

ShellMIT

framework

unified-dfir-framework

Enterprise-grade unified framework bringing DFIR, SOC operations, threat intelligence and malware analysis workflows under one roof.

FrameworkApache-2.0

04. git log --career

Senior Cyber Security Consultant

Sep 2025 - Present

4i Apps Solutions Pvt. Ltd.

Lead EDR/XDR monitoring & threat response with CrowdStrike Falcon: behavioural detection analysis, alert triage, host containment and remediation to minimize attacker dwell time and lateral movement.
Drive end-to-end Incident Response engagements across endpoint, identity, network, cloud & application layers, covering scoping, forensic evidence acquisition, root-cause analysis, containment, eradication and post-incident reporting.
Conduct memory, disk and live-response forensics with Volatility, KAPE and Velociraptor, reconstructing attack timelines to support legal and compliance requirements.
Perform Cloud IR & SOC operations across AWS and Oracle Cloud, investigating cloud-native threats, misconfigurations, IAM abuse and anomalous workload, storage and compute activity.
Run hypothesis-driven & IOC-based threat hunting across endpoint, identity, network and cloud telemetry, mapped to MITRE ATT&CK to surface stealthy persistence missed by automated controls.
Enrich detections and IR with threat intelligence (AlienVault OTX, GreyNoise, CloudSEK); manage risk-based vulnerability management across 200+ servers with false-positive validation and remediation tracking.
Lead email security operations: phishing, malicious attachment/URL analysis, BEC investigation and spoofing prevention (SPF/DKIM/DMARC).
Deliver AI Security assessments: LLM threat modeling, prompt-injection testing and agentic-AI workflow evaluation; built Claude API and MCP integrations to accelerate SOC triage and investigation.
Drove measurable reduction in MTTD/MTTR through continuous detection-use-case tuning and IR playbook improvements.

Cyber Security Consultant

Aug 2023 - Sep 2025

Ernst & Young LLP (Big 4)

Delivered incident response & remediation for enterprise clients across India and international geographies, ensuring swift containment and recovery from ransomware and APT campaigns.
Analysed & attributed multiple APT campaigns targeting Indian government clients, mapping adversary TTPs to MITRE ATT&CK and delivering classified technical reports with remediation roadmaps.
Performed Windows, Linux, mobile and cloud forensics (Azure AD sign-in logs, AWS CloudTrail, storage access patterns) for unauthorized-access and data-exfiltration investigations.
Conducted malware analysis & reverse engineering to extract IOCs and TTPs, plus dark web forensics, brand monitoring and proactive threat intelligence for banking & government sectors.
Engineered detection rules and custom correlation logic across multiple SIEM platforms tailored to client-specific threat landscapes; led ransomware recovery and data restoration.
Supported a foreign client with full-spectrum DFIR, SOC, MXDR deployment and brand monitoring while managing concurrent engagements under Big 4 delivery timelines.
Presented investigation reports, executive summaries & remediation roadmaps to client CISOs, IT leadership and legal teams.

Information Security Analyst - AM Grade I

Feb 2023 - Aug 2023

Equitas Small Finance Bank

Ran SOC operations with IBM QRadar & CrowdStrike for an RBI-regulated bank: log analysis, SIEM monitoring, incident triage, alert escalation and threat response.
Performed risk-based vulnerability assessments on 3,000+ servers, network devices and endpoints with Tenable Nessus, and 90+ application security assessments (Web & Android) aligned to RBI / PCI DSS.
Conducted DFIR investigations including ransomware malware analysis with successful decryption of sensitive files during active incidents, restoring business continuity.
Executed Purple Team assessments simulating real-world adversary techniques to validate and strengthen detection and response across SOC and IR teams.
Integrated and tuned SIEM log sources across firewall, EDR, WAF and database platforms, improving detection coverage and reducing false positives.
Participated in 2 RBI-IDRBT Cyber Drills, validating incident-response readiness and demonstrating regulatory compliance.

Security Analyst

Jul 2021 - Feb 2023

Information Security Governance Pvt. Ltd. (CAMS - Vendor)

Performed risk-based vulnerability assessments on 1,200+ servers, network devices and endpoints, plus 60+ application security assessments, for one of India's largest financial infrastructure organizations.
Conducted OSINT, threat hunting & cyber forensics for India's largest mutual fund company and a major bank: social profiling, email/phone enumeration, leaked-database discovery and exposed-asset identification.
Investigated web attacks, server attacks, email crimes and dark web activity with evidence collection, artifact analysis and threat actor attribution.
Delivered ransomware malware analysis with file decryption and data recovery across HDD, SSD, RAID and cloud during active IR engagements.
Hardened Web Application Firewalls to full block mode for external-facing applications, reducing application-layer attack exposure; delivered enterprise security awareness training.

Security Analyst

May 2020 - Jun 2021

Techbylanz Business Solutions

Performed application security & periodic vulnerability assessments across Windows and Linux backend servers for banking-sector clients using Nessus & Qualys.
Executed penetration testing of external-facing banking applications, identifying exploitable vulnerabilities and delivering detailed findings with remediation guidance.
Ran quarterly and half-yearly assessments across the sensitive banking application portfolio, with VAPT reporting aligned to RBI & PCI DSS audit requirements and KPI/KRI reporting.
Conducted root-cause analysis of security incidents and drove remediation with development teams; delivered secure-coding awareness training.

05. grep -r "impact"

0+

Years in the Trenches

0+

Organizations Recovered from Breaches

0+

Servers Assessed & Secured

0+

Web & Mobile Apps Tested

0+

Fraud Cases Dismantled

0+

Morphed Images Taken Down

0+

Professionals & Police Officers Trained

0+

Industry Certifications

Government & Law Enforcement Ally

Extending dedicated support to the Tamil Nadu Police, Special Branch CBCID and the Ministry of Home Affairs as a volunteer Cyber Forensic Expert, supporting takedown operations against online scammer networks and assisting agencies with threat actor tracking, account seizure and attacker attribution through OSINT, dark web intelligence and digital forensics.

Educator at National Scale

Trained 50,000+ cybersecurity professionals and police officers through hands-on workshops, DFIR bootcamps and capability-building programs, raising investigation readiness across law enforcement and enterprise security teams.

Confidential Case Work

Investigated and resolved numerous cybercrime cases for individuals and government agencies, spanning financial fraud, account compromise, harassment and data theft. Case specifics remain protected under confidentiality and non-disclosure obligations.

20+ Organizations Recovered via IR & Forensics

Led end-to-end incident response and digital forensic investigations for 20+ organizations across banking, financial services, government and enterprise sectors, covering ransomware recovery, APT containment, insider threat investigations and data breach response. Restored business continuity, preserved chain-of-custody evidence and delivered post-incident reports to C-suite and legal teams. Engagements protected under NDA.

Victim Protection at Scale

Helped identify and remove 1,000+ digitally manipulated images used in cybercrime, and dismantled 200+ fraudulent loan app cases, recovering evidence and preventing further financial harm.

Open-Source DFIR Builder

Author of the Windows IR Evidence Collection Toolkit and Linux DFIR Toolkit on GitHub, actively used by the security community for enterprise incident response. github.com/subashjaganathan ↗

06. tail -f community.log

Beyond client engagements, I contribute to the wider security community as a speaker, educator and curriculum advisor.

Conference Speaker

Speaker at security conferences and blue-team forums, sharing real-world Digital Forensics & Incident Response experience: triage, evidence preservation, timeline reconstruction and coordinating response under pressure.

Curriculum Advisor

Invited as an industry expert to academic boards and curriculum committees, helping align cybersecurity programs with the evolving threat landscape and industry expectations.

Academic Collaboration

Engaged with universities as an external examiner and evaluator, reviewing final-year cybersecurity and engineering projects and mentoring the next generation of security practitioners.

Knowledge Sharing

Author of free, in-depth security resources spanning threat hunting, detection engineering and DFIR, mapping adversary techniques to practical detection queries. Active writer and contributor on emerging AI-security threats.

07. ./verify --credentials

Forensics & IR

CHFI - Computer Hacking Forensic Investigator EC-Council
iOS Forensics Belkasoft
Android Forensics Belkasoft
Windows Forensics Belkasoft

Offensive Security

CEH - Certified Ethical Hacker EC-Council
CNSS - Certified Network Security Specialist ICSI

Cloud & Network

AZ-500 - Azure Security Engineer Associate Microsoft
CCZT - Certified Cloud Zero Trust Cloud Security Alliance
NSE 1 & NSE 2 - Network Security Expert Fortinet

AI Security

Certified LLM Security Professional Red Team Leaders
Claude Code in Action Anthropic
Building with the Claude API Anthropic
Intro to Model Context Protocol Anthropic
Intro to Agent Skills Anthropic

Master of Computer Applications - Cyber Security

Amrita Vishwa Vidyapeetham (NAAC A++), Coimbatore

9.3/10

B.Sc - Software Systems

Sri Krishna Arts and Science College, Coimbatore

8.5/10

08. ssh subash@contact

Open to senior DFIR and SOC leadership opportunities. Whether it's an active incident, a threat hunt, or building IR capability from scratch, let's talk.

EmailSubashsj1908 [at] gmail [dot] com PhoneRequest via email ResumeRequest via email LinkedInlinkedin.com/in/subash-j GitHubgithub.com/subashjaganathan Instagram@subash_0fficial Linktreelinktr.ee/subashjaganathan

Coimbatore, Tamil Nadu, India