Security Analyst Information

Kushal Kumar Polu

+1-206-***-****

**************@*****.***

www.linkedin.com/in/kushal-kumar-polu-4358591bb

Sr. Information Security Analyst

Security Certifications:

AZ-900 Certified Microsoft Azure Fundamentals

AZ-500 Certified Microsoft Azure Security Engineer

GCP Google Cloud Network Engineer (Professional)

CISSP Acknowledged for successful completion of CISSP training with acquired certification, currently dedicated to achieving CISSP certification to amplify cyber Security competencies.

Work Experience

Sr. Information Security analyst - DigiTech Labs - Redmond, Wahington Apr 2024 – Present

Client: Pfizer

• Monitor Security events and alerts to detect and respond to potential Security incidents. Investigate and analyze Security breaches and provide incident response support.

• Manage and maintain Security tools such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection and Prevention Systems), and endpoint Security solutions.

• Develop and maintain Security policies, standards, and procedures. Ensure compliance with regulatory requirements and industry best practices.

• Conduct thorough investigations of Security incidents to determine root causes and recommend corrective actions.

• Develop and maintain Security metrics to measure the effectiveness of Security controls. Generate regular reports for management on Security incidents, trends, and metrics.

Cybersecurity Engineer - Wells Fargo Feb 2021 – Mar 2024

•Expertise in implementing and managing Data Security solutions and technologies, including Microsoft Purview Insider Risk Management, Microsoft Purview Data Loss Prevention, and Microsoft Sentinel.

•Experience performing routine work within MSFT Defender for Identity and Office 365: Managed and monitored security incidents and events within MSFT Defender for Identity and Office 365, ensuring timely response and resolution.

•Demonstrated ability to respond to and mitigate Information Security incidents and events, following established incident response procedures.

•Proficient in using security software and tools, including CrowdStrike endpoint protection, Microsoft Defender, and SIEM, to enhance security posture and protect against cyber threats.

•Familiar with NIST 800 series standards and ISO 27001/2 frameworks, ensuring adherence to security policies and procedures.

•Proficient in identifying and understanding various attack vectors and their effect on technologies, implementing appropriate countermeasures.

•Implemented security solutions on Azure, focusing on Identity and Access Management (IAM), Multi-Factor Authentication (MFA), and Single Sign-On (SSO), enhancing security posture and user experience.

•Demonstrated expertise in Azure Active Directory (Azure AD), Azure AD B2C, and related authentication/authorization components, proficient in configuring and managing security protocols including SAML, OAuth, and OpenID.

•Utilized strong scripting and automation skills, including PowerShell and Azure CLI, to streamline IAM processes and ensure efficient management of Azure security solutions.

•Applied deep understanding of cloud security principles to design and implement secure IAM architectures, mitigating risks and ensuring compliance with industry standards.

•Experience with Azure Sentinel for monitoring, alerting, and automation, leveraging its capabilities to enhance security monitoring and incident response.

Cyber Security Analyst - JP Morgan & Chase Oct 2015–Feb 2021

• Senior Support Engineer in Global Identity Access Management (IAM) App-ops team.

• Expertise in implementing and managing Identity Governance solutions to enhance Security and compliance.

• Led deployment of CyberArk components (PSM, EPV, CPM, PAM) across Windows and Linux servers in large-scale environments.

• Integrating PAM solutions with high assurance level for on-premises, off-the-shelf, and cloud-based applications.

• Collaborating with Infrastructure Management teams to ensure seamless introduction of PAM solution.

• Updating Active Directory roles and Group Policy Objects (GPOs) for privileged accounts, ensuring Security policy adherence.

• Standardizing on-site and virtual training sessions for agencies.

• Worked closely with architecture team in performing asset inventory and validating agency assets for effective access management.

• Developing custom scripts and automation workflows using CyberArk's Application Identity Manager (AIM).

• Responsible for conducting regular risk assessments and vulnerability scans of CyberArk environments.

• Designing and implementing multi-factor authentication (MFA) mechanisms within CyberArk solutions.

• Led implementation of CyberArk Privileged Access Management solution for multiple clients.

• Designing and developing CyberArk connection components as per the project requirements.

Information Security Analyst – IBM Nov 2012 - Dec 2014

Client: Mead Jhonson Nutrition (MJN)

• Implemented IAM solutions including SSO, MFA, and RBAC. Provided first-level support for user requests across various services.

• Provisioned privileged accounts in EPV (Add/Modify/Delete/Resets).

• Experienced in vaulting accounts from multiple platforms (Windows, Database, Unix, Mainframe, etc.).

• Collaborated with sales and customer support teams to ensure RBAC met customer needs.

• Conducted audit and root cause analysis of escalated queries.

• Ensured error-free onboarding of accounts to EPV and correct vaults on CyberArk.

• Resolved P1/S3 calls and identified root causes for issues.

• Performed daily BAU resets and monitored PSM Server.

• Managed Sev-1, Sev-2 incidents, taking ownership until resolution.

• Hands-on experience in project planning, risk assessment, and mitigation.

Skills & Certifications

Skills:

Cloud Platforms – AWS, Azure, GCP

Migration Tools: Azure Migrate, ASR and MAPS

SIEM: Splunk

Project Management: Azure DevOps

Operating Systems: VMware, Windows, and Kali Linux

Monitoring: Azure Monitor and Log Analytics.

Security: Azure Sentinel, Microsoft Purview

Frameworks: NIST, CIS, ISO 27001, ISO31000

Programming Languages: Python MYSQL Linux/Unix (for sysadmin)

Security Standards PCIDSS, HIPPA, FISMA

Education

MELBOURNE INSTITUTE OF TECHNOLOGY Melbourne, Australia 2008-2010

Masters and Certificate III in Business and Technology

CVSR COLLEGE OF ENGINEERING Hyderabad, India 2004-2008

Bachelor’s in Mechanical Engineering

Contact this candidate