Nirali Shah
Mountain View
Summary
Security engineering leader with a robust background in building and scaling security programs. Established a comprehensive detection and response framework from the ground up, leading a global team and ensuring integration with engineering processes to enhance security without hindering business velocity.
Overview
15
15
years of professional experience
Work History
Information Security Manager
Jazz Pharmaceuticals Ltd.
Palo Alto
01.2020 - Current
- Started with basically nothing and built a full detection & response program — tooling, processes, playbooks, team — from scratch
- Grew and managed a global security team, handling hiring, onboarding, and day-to-day development of engineers across time zones
- Owned the security roadmap and made the calls on where to invest time and resources, always trying to reduce real risk without slowing the business down
- Worked closely with engineering to get security thinking baked into how we build and ship, not bolted on at the end
- Led incident response from detection through remediation — including the uncomfortable conversations with leadership and the work to make sure the same thing doesn't happen twice
- Navigated compliance and audit cycles in a regulated environment, coordinating with legal, compliance, and external auditors without it becoming a full-time job
- Evaluated and rolled out an AI-powered SOC platform — did the POC, made the build-vs-buy call, and saw it through to production
- Deployed CrowdStrike AIDR and tuned it to actually fit our environment, not just the default config
- Built out a UEBA + IAM integration that enabled risk-based authentication and meaningfully cut down on alert noise
- Replaced a lot of manual reporting with automated dashboards so leadership could see what was actually happening in real time
- While building out security metrics, got hands-on exposure across a broad set of domains — vulnerability management, IOC-based threat detection, fraud security, SSPM, and pentesting — which gave me a much more well-rounded view of the overall security posture and where the real gaps were
- Independently built small AI-powered applications to automate repetitive security workflows — including alert enrichment, log summarization, and early-stage threat triage — using Python and LLM APIs, which deepened hands-on familiarity with how AI tools behave in practice and where they need guardrails
- Global biopharmaceutical company operating under strict regulatory requirements including HIPAA-adjacent data handling, SOC-level audit expectations, and enterprise security standards.
Security Engineer
Meta (Facebook App)
Menlo Park
01.2019 - 01.2020
- Built detection for insider threats at a scale most security teams never deal with
- Wrote automation that cut down the repetitive parts of investigation work so analysts could focus on what actually needed human judgment
- Built data pipelines that pulled signals from across the stack — found a lot of things that were falling through the cracks
- Learned a lot about what it means to move fast in a large engineering org and how to work with product and infrastructure teams who aren't always thinking about security first
Security Engineer (Customer-Facing)
Gurucul Solutions LLC
Greater Los Angeles
01.2016 - 01.2019
- Was the main technical person customers talked to — from early conversations about their environment all the way through deployment and tuning
- Presented to everyone from SOC analysts to CISOs, and got comfortable adjusting how I communicate based on who's in the room
- Deployed UEBA for enterprise clients, which meant understanding their specific threat landscape and building detection logic that actually fit their environment
- Brought customer feedback back to the engineering team in a way that was useful — not just 'the customer is unhappy' but here's the actual gap and here's what we should do about it
- Had to get up to speed on new environments and client contexts constantly, which made me a lot better at learning quickly and asking the right questions early
Systems Engineer
Infosys Technologies Ltd.
Pune
01.2011 - 01.2013
- Developed SQL queries, shell scripts, and JSP modules for enterprise web apps to enhance performance and streamline deployment testing
Education
Master of Science - Engineering
California State University
Long Beach, CABachelor of Technology - Engineering
Nirma University
Ahmedabad, IndiaSkills
- Cloud Security
- Security architecture
- Threat Modeling
- Incident Response Management
- Risk Assessment Framework
- DevSecOps
- Security Automation Tools
- Threat detection
- Security policy development
- IAM
- IDP
- Risk-Based Authentication
- Data Protection Strategies
- Compliance (HIPAA, SOC 2, GRC)
- Incident Monitoring
- SIEM management
- Threat intelligence
- CrowdStrike
- Splunk
- Security Process Automation
- Data loss prevention
- Machine Learning Applications
- Python
- Bash
- AWS
- Kubernetes
- SQL Server
- Power BI
- Tableau
- Team leadership
- Cross-functional collaboration
- Critical thinking
- Process improvement
- Social engineering defense
- Access management
- Social engineering defense
- Threat intelligence
- Cloud security
- Security policy development
Websites
Projects
- D&R Program from Zero, No prior infrastructure → full detection & response function spanning DLP, UEBA, behavioral analytics, and automated triage
- AI SOC Platform, POC through production — reduced analyst workload with automated correlation and response
- UEBA + IAM Integration, Risk-based authentication enterprise-wide — less noise, better signal
- Insider Threat Detection Pipeline, Automated detection with self-closing capabilities — cut investigation time significantly
- CrowdStrike AIDR, Tuned to our environment, not just out of the box — reduced MTTR across the SOC
- Cloud Network Analytics on AWS, Real-time visibility into network behavior for the security operations team
- AI-Powered Security Micro-Apps, Built small LLM-based tools for alert enrichment, log summarization, and threat triage — practical, hands-on AI development outside of vendor platforms
Timeline
Information Security Manager
Jazz Pharmaceuticals Ltd.
01.2020 - Current
Security Engineer
Meta (Facebook App)
01.2019 - 01.2020
Security Engineer (Customer-Facing)
Gurucul Solutions LLC
01.2016 - 01.2019
Systems Engineer
Infosys Technologies Ltd.
01.2011 - 01.2013
Master of Science - Engineering
California State University
Bachelor of Technology - Engineering
Nirma University