API Security & Threat Detection Programme

The Problem

Enterprises had no visibility into API attack patterns. Traditional security tools missed sophisticated attacks. The security operations team was drowning in false positives and had no structured incident triage process — which meant real threats were lost in noise.

My Contribution

I mapped the current-state security operations workflow, identified the gap between raw alert volume and actionable incident intelligence, and documented the functional requirements for the behavioral anomaly detection and triage system. I facilitated workshops with security operations and engineering teams to define alert classification categories and automated remediation boundaries. I authored the incident triage process and operational runbook for the security operations team, ensuring system outputs were actionable for analysts across varying levels of technical depth. I applied ITSM best practices — incident, change, and problem management — throughout the programme design.

The Solution

Requirements-led security programme: current-state security ops mapping, alert classification definition, automated remediation scope specification, incident triage workflow design, and an ITSM-aligned operational runbook for the security team.

Results

• 98% of attack attempts detected
• <1 second detection latency
• Median detection time: 200+ days → under 5 minutes
• 87 unique attack patterns identified in first 6 months
• 94% of attacks auto-remediated before data loss
• $2M+ in breach costs prevented

Tech Stack