Hello, my name is
Yuhan
Bulathsinhalage
Security Analyst
- yuhancybersec@gmail.com
- +64 452 273 793
About me
I am a Cyber Security Analyst with over 1.5 years of hands-on experience in Security Operations, specialising in SIEM monitoring, alert triage, and threat investigation.
I am a Cyber Security Analyst with over 1.5 years of hands-on experience in Security Operations, specialising in SIEM monitoring, alert triage, and threat investigation.
What I do
I work in Security Operations, specialising in SIEM monitoring, threat detection, and incident investigation across endpoint, network, and cloud environments. I focus on improving detection quality, reducing false positives, and strengthening response processes in fast-paced SOC environments.
SECURITY OPERATIONS
I perform real-time alert triage and investigation using Microsoft Sentinel and Splunk, analysing endpoint telemetry, Azure logs, and network activity to identify and respond to potential threats.
THREAT DETECTION & RESPONSE
I investigate phishing campaigns, suspicious processes, and behavioural anomalies using EDR platforms such as Microsoft Defender and CrowdStrike. I map detections to the MITRE ATT&CK framework to understand attacker tactics and improve response consistency.
DETECTION ENGINEERING & AUTOMATION
I build and tune SIEM detection rules, dashboards, and analytic alerts, and implement automation workflows to streamline investigations and reduce manual effort while improving alert accuracy.
My Experience
2025 – Present
Cyber Security Analyst – Security Operations
Security Operations
Perform real-time monitoring and alert triage across endpoint, network, and cloud environments using Microsoft Sentinel and Splunk. Investigate phishing campaigns, suspicious processes, and anomalous user activity by analysing Windows event logs, Azure AD sign-in data, and EDR telemetry. Contribute to detection tuning and false positive reduction while documenting structured incident response workflows.
2024 – 2025
SIEM & Threat Detection (Microsoft Sentinel)
Azure Sentinel (SIEM)
Configured and optimised Microsoft Sentinel environments, including data connectors, analytic rules, and workbooks. Built detection logic aligned to the MITRE ATT&CK framework and implemented automation workflows to streamline alert enrichment and response consistency. Conducted log correlation and behavioural analysis to identify potential compromise.
2024
Endpoint & Network Threat Investigation
Endpoint Investigation
Investigated endpoint telemetry using Microsoft Defender for Endpoint and CrowdStrike Falcon, analysing process trees, command-line activity, and persistence indicators. Performed network traffic analysis using Wireshark to identify malicious patterns, suspicious DNS activity, and potential lateral movement attempts.
2024
Vulnerability Management & Security Assessment
Vulnerability Management & Security Assessment
Conducted vulnerability scanning using Nessus and OpenVAS, assessed risk impact, and recommended remediation strategies. Contributed to structured reporting for both technical and non-technical stakeholders, supporting improved security posture and operational resilience.
