SOC Analyst · Security Researcher · Builder of AI-Powered Security Tools

I'm an Integrated MCA graduate from Kerala, India, specialising in cybersecurity and secure application development. I don't just study security — I build tools that automate the boring parts of it.

My work sits at the intersection of AI and defensive security: SOC automation, IAM governance, penetration testing frameworks. If something can be done with a local LLM and a Python script, I'll build it.

Currently hunting for SOC Analyst / Security Analyst roles in India. CEH v13 in progress. Active on TryHackMe.

These are the ones worth looking at. Each one solves a real problem.

KAALI simulates a real SOC workflow end-to-end. It ingests raw security logs (Linux auth.log, Suricata IDS), detects anomalies like brute-force attempts, correlates multi-stage events into incidents, enriches them with threat intel from AbuseIPDB and VirusTotal, then calls Google Gemini to act as a senior analyst — generating MITRE ATT&CK-mapped summaries and remediation steps. A React dashboard surfaces everything for human review.

What it actually does:

• Parses and indexes real security logs into Elasticsearch in real-time
• Detects brute-force, lateral movement, and account compromise patterns
• Correlates individual alerts into incident chains (e.g. failed logins → successful login = Account Compromise)
• Generates executive-grade AI incident reports with ATT&CK mapping
• Auto-blocks attacker IPs via iptables on critical incidents

Enterprises run thousands of IAM roles consumed by services, not humans. These Non-Human Identities are almost always over-provisioned — they carry wildcard permissions but use a handful of API calls. Ghost-Protocol closes that gap.

What it actually does:

• Discovers every NHI role (EC2, Lambda, etc.) across your AWS account
• Correlates allowed permissions against real CloudTrail usage over 30 days via Athena
• Sends the delta to a local LLM (Ollama/Llama 3) which generates a scoped least-privilege replacement policy
• Quarantines high-risk identities immediately with a non-destructive Deny-All permissions boundary — no accidental deletions

Cloud security + AI + zero dependency on third-party LLM APIs. Everything runs locally.

Production-grade pen testing framework with LLM-powered module orchestration. Not a script wrapper — a full agentic loop that plans, executes, and reasons about findings.

What makes it different:

• AI orchestration: the LLM selects and sequences k_* modules based on target context, not a static scan order
• FAISS vector index for retrieval-augmented analysis — findings from past sessions inform current reasoning
• Complete audit trail: every action, finding, reasoning chain stored in SQLite/PostgreSQL
• Multi-format reports: JSON, HTML, PDF
• Production hardened: rate limiting, input validation, Fernet encryption, JWT auth, 70%+ test coverage
• Docker + Kubernetes manifests included

Security Analyst Intern — Red Team Hacker Academy (VAPT, vulnerability assessment, security tooling)

Software Developer Intern — Zoople Technologies (full-stack development, React, Node.js)

Security      →  Wireshark · Nmap · Burp Suite · Metasploit · SIEM tools · MITRE ATT&CK
Cloud         →  AWS (IAM, CloudTrail, Lambda, Athena) · Oracle Cloud
Languages     →  Python · JavaScript · TypeScript · Java
Web           →  React · Next.js · FastAPI · Node.js · PostgreSQL · Supabase
AI / ML       →  Ollama · Gemini API · FAISS · LangChain-style RAG
OS            →  Linux (primary) · Windows

• KAALI — adding automated SIEM-style dashboards and multi-source log correlation
• Ghost-Protocol — multi-account AWS support and Terraform policy export
• CEH v13 practical labs and exam prep
• Actively applying for SOC Analyst / Security Analyst roles across India

If you're hiring for SOC / Security Analyst roles or want to collaborate on security tooling — reach out.

• 📧 theearjunl@gmail.com
• 💼 linkedin.com/in/thearjunl
• 🌐 Open to roles in Kerala, broader India, and remote-first positions