About | Dheeraj Maram - SOC Analyst & Threat Intelligence

About Me

Building toward a SOC or CTI analyst role with real tooling, real investigations, and output that holds up under scrutiny.

Dheeraj Maram

SOC analysis and threat intelligence is where I have focused my time: building tooling, running investigations, and studying how attackers operate. My approach is straightforward: start with the evidence, follow it to the technique, and produce something the next person in the chain can act on.

What keeps me interested is the analyst side of the problem: looking at evidence, understanding what an attacker is doing, and turning scattered technical details into something clear enough to escalate, prioritize, or explain.

LinkedIn GitHub

Investigation Experience

•Alert triage and SOC-style project work using Sigma rules, ATT&CK mappings, and coverage review
•Log and telemetry analysis with Elastic Stack, Sysmon, Windows event data, and network traffic
•Threat research tied to MITRE ATT&CK, malware behavior, IOC enrichment, and actor profiling
•Python used to support enrichment, parsing, reporting, and investigation workflows

Education & Certifications

•
New Jersey Institute of Technology
MS in Cyber Security and Privacy
2nd Place, YWCC Capstone Showcase
Recognized in December 2025
•
CVR College of Engineering
B.Tech in Information Technology
•
Cyber Security & Forensics Internship (2023)
C-DAC Hyderabad & JNTU-H

Key Accomplishments

600+

ATT&CK campaigns analyzed

3,000+

Sigma rules indexed

0.950

Attribution engine AUC

Live threat feeds ingested

ATT&CK Heatmap

Python CLI that ingests live threat feeds (ThreatFox, Feodo, MalwareBazaar, URLhaus, YARAify), maps malware families to ATT&CK techniques, checks Sigma and mthcht detection coverage, and exports a prioritized gap report plus a Navigator layer

CoverageIQ

Full-stack security platform (FastAPI, PostgreSQL, Next.js, Docker) that predicts attacker next moves from 600+ real ATT&CK campaigns and checks Sigma coverage for each predicted technique

APT29 Threat Actor Profile

Threat actor profile mapping APT29 activity to MITRE ATT&CK, correlating malware families, infrastructure, and reporting patterns into a defender-friendly CTI summary.

LLM Attribution Engine

CTI research pipeline that ranks and clusters pseudonymous alias profiles using stylometry, sentence embeddings, and entity overlap, achieving AUC 0.950 on synthetic data with explainable, multi-signal scoring

Core Competencies

Threat Intelligence

Alert Triage

Malware Analysis

SIEM Workflows

ATT&CK Mapping

IOC Enrichment

OSINT Collection

Reporting