Raman Velpoori

Roles and Responsibilities:

• Oversaw and evaluated security events using SIEM platforms like Splunk, Microsoft Sentinel, and QRadar.
• Executed real-time threat detection and incident response utilizing Cortex XDR, FortiSASE, and FortiCASB.
• Analyzed suspicious Azure AD login attempts and account breaches, employing Azure AD, Entra ID, and Office Defender Cloud.
• Executed phishing investigations utilizing O365 Defender, Proofpoint, and KnowBe4, escalating confirmed threats.
• Established and managed incident tickets through Jira and ServiceNow, ensuring SLA adherence.
• Executed malware analysis, IOC correlation, and endpoint triage using CrowdStrike, SentinelOne, and Cortex XDR.
• Collaborated with Threat Intelligence tools, including Digital Shadows, to monitor external threats aimed at the organization.
• Facilitated vulnerability remediation and reporting through Nessus, coordinating with IT teams for effective patching.
• Engaged in threat hunting utilizing the MITRE ATT&CK framework, producing comprehensive, deep-dive reports.
• Recorded SOPs, IR workflows, and an enhanced SOC knowledge base for improved incident handling.
• Managed incident response activities, including the investigation and reporting of security breaches.
• Monitored network traffic for suspicious activity to prevent cyberattacks and data breaches.
• Partner with various teams across the organization to strengthen the security posture.

Roles and Resposibilities:

• Continuous security monitoring, investigation, and triage of security events and alerts using SIEM platforms (Splunk, QRadar, Microsoft Sentinel) to identify potential threats and escalated incidents, correlating events from endpoints, network, and cloud sources.
• Conducted end-to-end incident response activities, including initial triage, containment, root cause analysis, remediation, and comprehensive documentation for various attack vectors, such as malware, phishing, insider threats, and unauthorized access attempts.
• Implemented and tuned detection rules, use cases, and response playbooks to enhance alert accuracy and reduce false positives across SIEM, EDR (SentinelOne, CrowdStrike, Cortex XDR), IDS/IPS, DLP, and cloud security tools.
• Investigated and remediated email threats (e.g., phishing, business email compromise) using Proofpoint and Google Workspace (GWS) Admin consoles, ensuring the swift mitigation of malicious campaigns.
• Performed vulnerability assessments with Tenable Nessus, generating detailed reports, supporting remediation, and collaborating with IT teams to close security gaps across endpoints and cloud environments.
• Utilized threat intelligence platforms (BitSight, Flashpoint, Digital Shadows) to proactively gather tactical and strategic insights, enrich alerts, and optimize incident handling and risk assessment.
• Managed security tickets and incident workflows via ServiceNow and Jira, ensuring accurate, timely escalation, and resolution with cross-functional stakeholders.
• Maintained security tools and integrations across AWS, Azure AD, Entra ID, Office Defender, FortiCASB, FortiSASE, Netskope, Logic Apps, and ELK, ensuring robust monitoring and continuous improvement in line with security best practices.
• Delivered timely, clear security incident reports and recommendations to management and customers, fostering a culture of transparency and ongoing improvement.
• Participated in threat hunting, proactive investigations, and periodic security awareness campaigns to stay ahead of evolving tactics, and improve organizational resilience.
• I worked in 24/7 support.