Vijayalaxmi Halagali
IT Security Analyst
Hyderabad
Summary
- Provide Information Security Operations Center (ISOC) support.
- Experience working with global teams across multiple time zones, cultures, and languages and providing on call support.
- Analyzing the incidents from EDR's such as Crowdstrike and MS defender. Adding IOC's to EDR on regular basis, also experienced in Remediation activities using RTR and creating custom IOA's.
- Analyzing the phishing Emails which are reported by the employees using tool like o365 and Proofpoint and performing phishing campaign and sending the security awareness trainings using Knowbe4.
- Analyzing the DLP related incidents and identifying any possible data leakage, taking the quick actions to mitigate data leakage using Symantec DLP and Microsoft DLP solution.
- I have actively participated in the POC of FortiSOAR solution and presently managing the FortiSOAR by creating Playbooks, configuring Integration and troubleshooting activities.
- Monitoring and responding to Cloud infrastructure logs such as AWS Cloudtrail, Cloudwatch, AWS Gaurdduty, Defender for Cloud etc.
- Having experience in analyzing the raw logs, PCAPS using Wireshark and PaloAlto Panoroma and writing the regular expressions to extract fields out of it from the parsing point of view.
- Having experience in providing completed incident response, performing RCA, and acting as Incident Commander.
- Handing CAB and SDR meetings for change requests and security design review.
- Having experience on CSPM tool Checkpoint Cloudgaurd for assessment of security posture of AWS and Azure environments.
- Monitor multiple security alert sources, eliminate false positives from Splunk, Sentinel SIEM, based on the impact and nature of the Security incident triage significant security events.
- Review automated daily security events, identify anomalies and escalate critical security events to the appropriate IT Team and follow up as required.
- Performing daily Health check of the SIEM to make sure all the devices are reporting the logs into SIEM and troubleshooting accordingly.
- Good understanding of MITRE ATT&CK framework -Threat Hunting, Incident Detection and Response, use case engineering, Designing and implementing IR Playbooks, Curating Threat Intelligence.
- Developing the security content like Reports and Dashboards, use cases and fine tuning the use cases.
- Performing Threat hunting activities using EDR and SIEM based on Hypothesis and IOC's.
- Creating the incident reports and send across to the management.
- Conduct thorough investigative actions based on security events (Real-time incidents: SQL injection, cross-site scripting, Trojan, server attacks, etc.) and remediate as dictated by standard operating
procedure. - Conducting the Vulnerability assessment, prioritizing based on CVSS and working on patching the vulnerabilities using Qualys VM.
- Dashboards, reporting, & KPIs Perform routine (daily, weekly, monthly, quarterly, & yearly) reporting on our security events, trends, and system hygiene & posture, such as on our IaaS environments & critical SaaS environments.
- Build the system & configuration components needed to capture the metrics by which security hygiene, monitoring & alerting health, and security program effectiveness are measured.
- Presenting daily status report to the management and completing the action items requested by the management.
- Track our KPI elements over time such that KPI trends can be determined & used as feedback to the security program design
- Having experience in malware analysis using both manual and sandbox.
Overview
6
6
years of professional experience
5
5
Certification
Work History
IT Security Analyst - SOC
Computer Generated Solutions Inc.
06.2020 - Current
- Provide Information Security Operations Center (ISOC) support.
- Experience working with global teams across multiple time zones, cultures, and languages and providing on call support.
- Analyzing the incidents from EDR's such as Crowdstrike and MS defender. Adding IOC's to EDR on regular basis, also experienced in Remediation activities using RTR and creating custom IOA's.
- Analyzing the phishing Emails which are reported by the employees using tool like o365 and Proofpoint and performing phishing campaign and sending the security awareness trainings using Knowbe4.
- Analyzing the DLP related incidents and identifying any possible data leakage, taking the quick actions to mitigate data leakage using Symantec DLP and Microsoft DLP solution.
- I have actively participated in the POC of FortiSOAR solution and presently managing the FortiSOAR by creating Playbooks, configuring Integration and troubleshooting activities.
- Monitoring and responding to Cloud infrastructure logs such as AWS Cloudtrail, Cloudwatch, AWS Gaurdduty, Defender for Cloud etc
- Having experience in analyzing the raw logs, PCAPS using Wireshark and PaloAlto Panoroma and writing the regular expressions to extract fields out of it from the parsing point of view.
- Having experience in providing completed incident response, performing RCA, and acting as Incident Commander.
- Handing CAB and SDR meetings for change requests and security design review.
- Having experience on CSPM tool Checkpoint Cloudgaurd for assessment of security posture of AWS and Azure environments.
- Monitor multiple security alert sources, eliminate false positives from Splunk, Sentinel SIEM, based on the impact and nature of the Security incident triage significant security events.
- Review automated daily security events, identify anomalies and escalate critical security events to the appropriate IT Team and follow up as required.
- Performing daily Health check of the SIEM to make sure all the devices are reporting the logs into SIEM and troubleshooting accordingly.
- Good understanding of MITRE ATT&CK framework -Threat Hunting, Incident Detection and Response, use case engineering, Designing and implementing IR Playbooks, Curating Threat Intelligence.
- Developing the security content like Reports and Dashboards, use cases and fine tuning the use cases.
- Performing Threat hunting activities using EDR and SIEM based on Hypothesis and IOC's.
- Creating the incident reports and send across to the management.
- Conduct thorough investigative actions based on security events (Real-time incidents: SQL injection, cross-site scripting, Trojan, server attacks, etc.) and remediate as dictated by standard operating procedure.
- Conducting the Vulnerability assessment, prioritizing based on CVSS and working on patching the vulnerabilities using Qualys VM.
- Dashboards, reporting, & KPIs Perform routine (daily, weekly, monthly, quarterly, & yearly) reporting on our security events, trends, and system hygiene & posture, such as on our IaaS environments & critical SaaS environments
- Build the system & configuration components needed to capture the metrics by which security hygiene, monitoring & alerting health, and security program effectiveness are measured
- Presenting daily status report to the management and completing the action items requested by the management.
- Track our KPI elements over time such that KPI trends can be determined & used as feedback to the security program design
- Having experience in malware analysis using both manual and sandbox.
Security Analyst
Deloitte US (Under The Payroll Of Shell Infotech)
04.2019 - 05.2020
- Experience working with global teams across multiple time zones, cultures, and languages and mostly supported MNC clients.
- Good understanding of threat hunting techniques, alongside the activities required to mitigate any
cyber threats. - Good understanding of security operations, incident response and threat intelligence.
- Experience in using vulnerability assessment tools, conduct vulnerability assessment to identify
potential weaknesses and recommend appropriate countermeasures. - Having experience in analyzing the raw logs, PCAPS and writing the regular expressions to
extract fields out of it - Track and respond to all incoming alerts from the SOC, the MSSPs, and the systems monitored directly by the Security Operations team
- Perform tier 2 triage of all escalations from the SOC & MSSPs, tier 1 triage of all alerts that are directly monitored, and work with Security Engineering for all escalations beyond the Security Operations team
- Experience of deploying security patches via centrally managed solutions
- Solid understanding and experience of networking, Windows Server and Desktop OS, Microsoft
M365 suite. - Experience of working with a SEIM and SOAR tool
Associate Consultant
Aujas Networks Pvt Ltd
04.2018 - 04.2019
- Working on the QRADAR SIEM providing operations support at the Security Operations Center for
different member firms. - Monitoring the customer network using IBM SIEM tools – Qradar.
- Performing Real-Time Monitoring, Investigation, Analysis, Reporting and Escalations of Security Events
from Multiple log sources. - Act as first level support for all Security Issues
Monitor SIEM alerts, Analyze events in SIEM and raise security incidents in Ticketing tool –Service Now,JIRA - Investigating security violations, attempts to gain unauthorized access, virus infections, etc.
Coordinate responses to security incidents in a timely manner - Worked with various teams across the organization to improve security posture
- Exposure to Documentation and Reporting
Education
Bachelor of Engineering - Electronics And Communications Engineering
M S Sheshagiri KLE College of Engineering
Belgaum, India06.2017
Skills
SIEM : Splunk, AZURE Sentinel, Qradar, Logrythm
EDR/XDR : Crowdstrike, Defender, Carbonblock
Email Gateway : Microsoft o365, Proofpoint
Malware Analysis : Falcon Sandbox, Joe Sandbox
Vulnerability Assessment : Qualysgaurd, Nessus
ITSM : Service Now, Jira, BMC Remedy
IDS/IPS : Cisco Firepower, PaloAlto
Data loss prevention : Symantec DLP
Packet Analyzer – Wireshark, TCPDump
Cloud : AWS Cloudwatch, Cloudtrial, VPC, Azure
OSINT Tools: MxToolbox/Abuse IPDB/VT/URL Void/Any Run/ Cyber Chef, Sysinternals, PE studio
SOAR: FortiSOAR
Threat Intelligence : Threatstream Anomali, Recorded Future, Virustotal, MISP, AllienVault OTX
Accomplishments
- Achieved star of the month from CGS for completing SOAR implementation.
- Successfully done the implementation of Threatstream Anomali and Sandbox.
Certification
- CEH v10
- Fortinet NSE
- Qualysgaurd
- Splunk Core User
- AZ-900
Languages
English
Bilingual or Proficient (C2)
kannada
Bilingual or Proficient (C2)
Telugu
Advanced (C1)
Hindi
Advanced (C1)
Timeline
IT Security Analyst - SOC
Computer Generated Solutions Inc.
06.2020 - Current
Security Analyst
Deloitte US (Under The Payroll Of Shell Infotech)
04.2019 - 05.2020
Associate Consultant
Aujas Networks Pvt Ltd
04.2018 - 04.2019
Bachelor of Engineering - Electronics And Communications Engineering
M S Sheshagiri KLE College of Engineering
Similar Profiles
Mehnaz Ashfak ShaikhMehnaz Ashfak Shaikh
Business Analyst at Computer Generated Solutions Private Limited.Business Analyst at Computer Generated Solutions Private Limited.
Glenda A. BurrusGlenda A. Burrus
Designated Resolution Officer at Computer Generated SolutionsDesignated Resolution Officer at Computer Generated Solutions
Edrina CarswellEdrina Carswell
Technical Training Instructor at CGS Computer Generated SolutionsTechnical Training Instructor at CGS Computer Generated Solutions
Rupesh GopisettyRupesh Gopisetty
Market Research Executive at Taxilla IT Solutions Private LimitedMarket Research Executive at Taxilla IT Solutions Private Limited
Adithya BuddhirajuAdithya Buddhiraju
Game Tester at The QubeGame Tester at The Qube