JYOTHI NAGARAJU

Email: ad33ya@r.postjobfree.com Phone: +1-972-***-****

PROFILE SUMMARY

Highly skilled and results-driven Cyber Security Operations Centre (SOC) Analyst with 6 years of experience safeguarding critical infrastructure and sensitive data against cyber threats. Equipped with a comprehensive understanding of security protocols, incident response methodologies, and threat intelligence analysis. Experienced in utilizing cutting-edge technologies and tools to proactively detect, mitigate, and prevent security breaches. Strong communication and collaboration skills, working closely with cross- functional teams and stakeholders to ensure a cohesive and proactive security posture. I am actively seeking to leverage my expertise and experience to improve the overall security posture of a dynamic organization and contribute to its cyber security operations.

Key qualifications include:

• Experience with defence-in-depth security solutions such as SIEM, E-Mail Gateway, CASB, Antivirus, Firewall, and IPS/IDS.

• Expertise in promptly acting on cyber threat intelligence.

• Demonstrated ability to analyse complex security incidents, develop effective countermeasures, and implement robust security solutions.

• Oversaw the monitoring and response to security incidents, ensuring prompt and effective resolution to minimize potential risks.

• Recommended, developed, and implemented change requests to enhance security posture and improve performance.

• Conducted in-depth research on security trends, new methods, and techniques to pre-emptively eliminate the possibility of system compromise.

• Actively participated in continuous improvement initiatives, contributing insights and recommendations for optimizing security processes and tools.

• Committed to staying current on new threats and industry best practices to stay ahead of changing cyber threats.

• Knowledgeable in analysing various log formats from diverse sources.

• Basic knowledge of Malware Analysis and strong familiarity with OWASP.

• Work experience in analysing phishing emails.

• Knowledge of Networking Technologies including TCP/IP, DHCP, DNS, routers, network ports, and protocols.

Overall, I am a proactive and skilled SOC Analyst dedicated to enhancing organizational security through proactive monitoring, incident response, and collaboration with diverse team. PROFESSIONAL EXPERIENCE

Senior Security Analyst

June 2020-Present

CVS Pharmacy

Cumberland, Rhode Island

• Analyses, investigate and respond to security events and incidents from IDS/IPS, SIEM, Firewall, Azure Sentinel, DLP, Malware analysis and forensic tools (MDE, MCAS, O365).

• Gathered, analysed, and interpreted threat intelligence from various sources to identify emerging cyber threats and vulnerabilities.

• Produced actionable intelligence reports and briefings, providing insights into the evolving threat landscape, and recommending proactive measures to mitigate risks.

• Conducted in-depth incident investigations, analysing malware samples, network traffic, and system logs to determine the scope and impact of security incidents.

• Regulatory work with the Tier 2 Incident Response Team to discuss and potentially escalate critical incidents after initial triage.

• Assisted in the design and implementation of security controls, including firewall rules, intrusion detection systems, and endpoint protection solutions.

• Participated in incident response activities, providing threat intelligence support to incident responders and aiding in the attribution and tracking of threat actors.

• Provided timely and detailed incident reports to senior management and stakeholders, highlighting key findings, lessons learned, and recommendations for improving the organization's security posture.

• Ensure software is patched and able to protect from threats.

• Documents results of cyber threat analysis and subsequent remediation and recovery in an effective and consistent manner.

• Conducted post-incident analysis and provided recommendations for improving security controls and response procedures.

• Utilize various Threat intelligence tools to collect latest IOCS and update in SIEM.

• Preparing daily/Weekly/Monthly reports and security advisory covering both management and compliance specific devices.

• Analyse network traffic to determine if security alerts are true positive or false positive and perform research on malware through best practice such as Microsoft Defender for Endpoint

(MDE) to track possible root cause.

• Investigate Cloud app alerts includes impossible travel, mass file deletion and creation...etc.

• Implement Advanced hunting queries in KQL (Kusto query language) in EDR/SIEM

(MDE/Azure Sentinel)

Security Analyst

OCT 2017-JUNE 2020

Dell

Bangalore, India

• Part of 24/7 monitoring and analysis of security events and alerts to identify potential threats, vulnerabilities, and indicators of compromise.

• Utilized SIEM platforms and other security tools to investigate and triage security incidents, ensuring timely response and resolution.

• Collaborated with cross-functional teams to customize Splunk searches, alerts, and data models, contributing to the continuous improvement of the security monitoring infrastructure.

• Developed and maintained playbooks within Phantom SOAR to automate repetitive tasks, ensuring consistent and standardized incident response procedures.

• Real Time Log analysis from different log sources such as Firewalls, IDS/ IPS, Application servers, EDR, and responding to intrusion.

• Conducted regular security assessments and vulnerability scanning, identifying and remediating security gaps and weaknesses in the organization's infrastructure.

• Investigate TAP and Cloud app alerts.

• Perform header analysis on user reported phish mails and O365 reported phish mails and take necessary actions.

• Analyse malware/spam/phishing or any other malicious content on user reported emails.

• Presented findings and recommendations to senior management, enabling proactive decision making and the implementation of targeted security controls.

• Escalates and hands off to team members and leadership based on defined threat and priority determination.

• Develop and maintain clear and concise documentation during an event. Prioritize the alert based on the log generated device and its impact.

• Create suppression rules on the false positive cases based on legit IOCs.

• Write advance hunting queries in EDR and SIEM to get full detailed events of an alert. Implement new alert rules for the on-going threats based on vulnerabilities.

• Creating an incident ticket with device owners and Tracking Security incidents to closer by coordinating with different teams.

• Work closely with affiliates to constantly monitor security threats and defense.

• Utilizing threat intelligence tools to support the daily cyber security operations, and produce intel analysis of threat actors, IOCS, and vulnerabilities.

• Keep updates on global threats and vulnerabilities and follow up on the IT remediation action. EDUCATION

Bachelor of Technology- from GVR&S College of Engineering and Technology in 2019 CERTIFICATION

CompTIA CySA+

SKILLS

• Proficient in working with SIEM platforms including Azure Sentinel and Splunk for effective security event management.

• Experience with MDE (Microsoft Defender for Endpoint) and CrowdStrike for proactive threat detection and response.

• Knowledge of Carbon Black and Microsoft Defender for robust protection against malware and other security threats.

• Familiarity with MCAS (Microsoft Cloud App Security) for securing cloud-based applications and data.

• Competence in utilizing Office 365 for e-mail gateway security measures.

• Proficiency in utilizing software tools such as Infoblox, Jira, Confluence, GitLab, Nagios, and SolarWinds for efficient infrastructure management and monitoring.

• Skilled in working with various operating systems including Windows, Linux, and macOS for comprehensive security administration and configuration.

• Knowledge of KQL (Kusto Query Language) for efficient database operations and analysis.

• Proficient in using a variety of tools including PuTTY, WinSCP, Notepad++, Win Merge, FileZilla, and Wireshark for tasks such as remote access, file transfer, text editing, comparison, and network traffic analysis.

• Experience with VMWare for virtualization technologies and management.

• Familiarity with cloud platforms such as AWS and Azure for secure and scalable cloud-based solutions.

• Competent in utilizing Bash as a command-line shell for efficient automation and scripting. Proficiency in using Git for version control and collaborative development.

Contact this candidate