Cyber Security Vulnerability Management

Sai Koushik

Email: ************@*****.***

Phone: 786-***-****

Cyber Security Engineer

Professional Summary

With over 8+ years of experience as a Cybersecurity Engineer, proven track record in designing, implementing, and managing robust security solutions to protect organizational assets. I specialize in identifying vulnerabilities, conducting risk assessments, and deploying cutting-edge security measures to safeguard data integrity, confidentiality, and availability. My expertise spans across firewalls, intrusion detection/prevention systems (IDS/IPS), SIEM, encryption, threat intelligence, and cloud security. I have successfully led cybersecurity initiatives for large-scale enterprises, ensuring compliance with industry standards like ISO 27001, NIST, and GDPR. Adept at incident response, swiftly while collaborating with cross-functional teams to enhance security postures. My technical proficiency includes penetration testing, vulnerability management, and integrating automated security tools to streamline processes.

Technical skills

Skill Category

Specific Skills/Tools

SIEM Tools

Splunk, Sentinel

End Point Security

CrowdStrike Falcon, Microsoft Defender

Vulnerability Management

Qualys, Rapid7, Tenable Nessus, Nmap, Nexpose, Wireshark, OWASP

Security Tools

Guard iCore, McAfee Vulnerability management solutions, Nessus, SolarWinds, LogRhythm, Tenable, Proofpoint

IPS/IDS

McAfee IPS, Secure Works IDS/IPS, SNORT

Security Policies & Compliance

Development, updating, and enforcement of security policies, standards, and methodologies; Compliance with best practices and regulatory requirements

Firewall

Cisco ASA, Firepower Module (context firewalls), ACLs, IPSEC, Palo Alto, Panaroma, Checkpoint Firewall, Fortinet Firewall (Traffic Shaping)

Email Security

Managing email security operations, using Proofpoint for scam and spam identification, Microsoft Defender for phishing threat analysis

Network Security Concepts

Knowledge of TCP/IP protocol stack, HTTP/HTTPS

Network Management

Wireshark, SNMP, SolarWinds NCM+NPM, Live NX

Platforms/Applications

Continuous Monitoring Vulnerability Management, Web Application Scanning, Threat Protect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management, and Compliance, SolarWinds, Burp suit, NMAP, Wireshark, Kali, App Dynamics

Frameworks

NIST,MITTRE,SOC2,SOX,PCI

Work Experience

Expedia group Aug2022-Till Now

Sr. Security Analyst Mimi FL

Worked in the development and refinement of detection techniques, including IDS signatures, EDR signals, and SIEM rules, to proactively identify and mitigate complex cybersecurity threats, aligning with the first layer of defense responsibilities.

Experienced with Office 365 DLP, Bluecoat web sense, Proofpoint, Trend Micro, and Splunk Cloud SIEM security tools to monitor network environment.

Worked on tools like Information security and Group Policy, McAfee Data Loss Prevention, Symantec End- Point Protection Manager, Symantec Endpoint Encryption, Windows Server Update service, Websense Proxy, Syslog’s, GFI.

Experience with AWS and Azure cloud environments.

Implemented comprehensive security measures to protect sensitive data, reducing vulnerabilities by

Oversee Vulnerability assessment/penetration testing of scoped systems and applications to identify system vulnerabilities.

Prioritize vulnerabilities/assets from Tenable Nessus and Tenable IO that should be patched during maintenance cycles.

Extensive experience with Splunk for custom rule configuration and for creating advanced queries, visualizations, and dashboards, aligning with the role's requirement for SIEM system expertise and Splunk ES as a bonus.

Identified and resolved any false positive findings in assessment results.

Utilized CrowdStrike to investigate and analyze malware on endpoint computers.

Took an active part in the gathering, analysis, and communication of threat intelligence through the intelligence process.

Mapped detection strategies to the MITRE ATT&CK framework, ensuring comprehensive coverage of tactics, techniques, and procedures (TTPs) used by threat actors.

Resolved incidents such as MFA bypass, credential theft, phishing & brute force attacks, Privilege escalations, account take over, and insider threats using CrowdStrike Falcon Protection.

Automated deployment pipelines and monitoring for FaaS applications, increasing efficiency and reliability.

Collaborated with threat intelligence and engineering teams to refine detection mechanisms and bridge identified detection gaps.

Conducted threat hunting activities utilizing existing data sources to identify and mitigate potential security threats proactively.

Onboarded and optimized new log sources, enhancing the ability to detect and respond to advanced cyber threats.

Assisted in identifying security risks and exposures by participating in Cyber security reviews,

evaluations, and risk assessments.

Led the review and feedback process for threat intelligence information, ensuring high-quality data from the CTI Cyber Threat Intel team, which is vital for quick and effective incident response and analysis.

Internal Network Vulnerability Assessments to enhance the Information Security culture of an organization through identifying, analyzing, and reporting the gaps

Implemented and managed EDR solutions, monitoring endpoints for anomalies and coordinating with patch management teams for immediate response, reflecting the ability to triage multiple security incidents effectively.

Sonatafy Technology Aug2020-Jul2022

Nearshore Software Development San Diego, CA Security Analyst

Experienced with DLP, Bluecoat web sense, Proofpoint, Trend Micro, Splunk and Azure Sentinel SIEM security tools to monitor network environment.

Excelled in the rapid detection and identification of cyber-attacks through analysis of trends, patterns, and signatures, utilizing a comprehensive suite of security tools including Firewall, IDS/IPS, Content Filtering devices, CrowdStrike Falcon, SEPM, Symantec, Zscaler DLP, and endpoint monitoring systems.

Worked with CrowdStrike Falcon Identity protection and Microsoft Defender for advanced ITDR solutions.

Conducted regular security audits and vulnerability assessments, enhancing overall system integrity and compliance.

Monitored and optimized FaaS performance metrics, achieving a 20% improvement in application responsiveness.

Integrated Azure AD with ITDR tools, enhancing identity management and security.

Managed the Azure Security Center and Azure Sentinel, enhancing the organization's ability to monitor and respond to security threats across the cloud environment.

Played a key role in developing and maintaining security documentation and reports related to Azure security, ensuring transparency and accountability to stakeholders.

Managed end-to-end tracking and resolution of security incidents, coordinating with MSSP, Networking, GRC, Investigation, and Security Architecture teams to achieve 100% SLA, leveraging the ServiceNow ticketing system for efficient incident management and reporting.

Played a pivotal role in the investigation and management of high-severity alerts related to Source Code and GDPR, demonstrating strong collaboration skills across various organizational teams.

Actively reviewed Threat Advisories, contributing to the network's security by blocking known Indicators of Compromise (IOCs) and enhancing the organization's defensive posture against emerging threats.

Deployed and managed security solutions for Microsoft 365 applications, including Microsoft Defender for Office 365, to protect against phishing, malware, and other cyber threats.

Ensured endpoint protection across devices connected to Microsoft 365, enhancing overall security and reducing potential attack surfaces.

Multi model Consulting on different frameworks & standards like ITIL, COBIT, SDI & ISO 2000, ISO 9001.

Oversaw email security operations, identifying and mitigating email scams and spam with Proofpoint and Zscaler, analyzing phishing threats using Microsoft Defender and open-source intelligence tools, and blocking malicious URLs in coordination with the networking team.

Led the implementation and management of Security Policies, Procedures, and Best Practices, significantly elevating the organization's security posture and compliance with industry standards.

Administered SIEM solutions, notably Splunk, to monitor, analyze, and respond to security incidents, ensuring robust defense mechanisms within the company's energy infrastructure.

Conducted thorough vulnerability assessments using Tenable Nessus to identify and mitigate risks related to configurations, patches, and credentials, enhancing the security framework.

Collabera Sep2018-Jul2020

Security Analyst Basking Ridge, New Jersey

Monitored and analyzed SIEM alerts using tools such as Splunk and IBM QRadar to assess incident urgency, initiating investigations, and coordinating remediation efforts.

Conducted in-depth log analysis with Splunk SIEM and escalated incidents through the Resilient ticketing system for prompt resolution.

Provided technical teams with actionable recommendations via the Jira ticketing system to enhance security measures.

Performed comprehensive cybersecurity risk assessments using Qualys Guard, ensuring thorough vulnerability identification and mitigation.

Managed the enterprise security infrastructure, including the configuration of File Integrity Monitoring systems, Data Loss Prevention (DLP) toolsets, and enterprise Antivirus solutions.

Integrated open-source and commercial Threat Intelligence feeds, incorporating Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) into various security technologies.

Developed custom use cases and runbooks/playbooks to improve out-of-the-box monitoring and reduce false positive alerts in detection systems.

Collaborated with cross-functional teams and global business units to analyze and respond to security incidents, bolstering the organization's overall security posture.

Conducted email threat analysis, recommending filtering rules to minimize phishing and malware risks.

Analyzed PCAP files to identify anomaly traffic using Wireshark, providing detailed incident reports and recommending corrective actions.

Qualcomm Apr 2016 – Aug 2018

Security Analyst San Diego, CA

Monitor and analyze SIEM alerts through Splunk and IBM QRadar to review incidents to assess their urgency and do investigation and remediation.

Conduct log analysis on Splunk SIEM solutions and escalate incidents via a Resilient ticketing system.

Provide recommendations to the technical teams via the Jira ticketing system.

Conducted comprehensive cybersecurity risk assessments utilizing Qualys guard.

Managing the enterprise infrastructure of the System Security team, such as configuration of File Integrity Monitoring systems, Data Loss Prevention (DLP) toolsets, enterprise Antivirus solutions, and endpoint encryption.

Monitor Open Source and Commercial Threat Intel feeds and integrate those IOCs, TTPs into various security technologies.

Enable out of the box monitoring use cases, develop runbooks/playbooks, and tune false positives alerts to improve the detection capabilities.

Coordinate with peers and stakeholders across global functional and business unit teams as needed to analyze and respond to adverse events and incidents and improve corporate security posture.

Familiarity with fundamentals of information security including network technologies and tools, identity, and access management.

Monitor and analyze the emails for threats including phishing and malware and make recommendation for email rules to minimize malicious or undesirable emails.

Experience in Protocol such as TCP/IP

Conduct analysis to determine the legitimacy of files, domains, and phishing emails utilizing online resources such as Virus Total, urlscan.io, AnyRun, and MX Toolbox.

Participating Daily and weekly scrum calls.

Prepare SNR reports based on the Recent attacks along with its IOC’s to the client.

Analyze PCAP files, narrow down anomaly traffic with Wireshark, examine the details of the infected hosts, and write IOC on executive summary reports.

Review existing policies and guidance to ensure compliance with the National Institutes of Technology (NIST) Risk Framework.

Strategize and deliver on immediate and long-term goals through teamwork and collaboration within the infosec group.

Education

NIIT University, Rajasthan, India 2012 – 2016

Bachelor of Technology in Computer Science and Engineering

Certifications and Training:

CompTIA Security +

Certified Ethical Hacker

Certified Network Security Specialist

Splunk Certified Cybersecurity Defense Analyst

Splunk Fundamentals

Google Cybersecurity Professional

Honors & Rewards:

Participated in Hackathon event Hosted by NIIT University.

Participated in various CTF competitions and Bug Bounties from different websites.

Led the team for operations in Ingenuity Fest Hosted by NIIT University.

Contact this candidate