Sign in

Information Security Engineer

Dubai, Emirate of Dubai, United Arab Emirates
April 16, 2020

Contact this candidate


Revanth Bobba


***,*** ******* *, ********* Gardens Street 1, Dubai-122002

+971-**-***-**** revanth543 revanth-bobba-045086bb @Revanth03896318

“If something sounds too good to be true… there’s probably a scammer behind it.” Professional Summary

Currently working as a ES-Information AssuranceOfficeratEGA.Having about 5 years of professional experience specializing in incident response andmanagement,OSINT, forensic investigation, vulnerability management, threat hunting and intelligence gathering. I aspire to serveanorgani- zation with sincerity and determination to succeed. I aim to occupy a responsible and challenging position in an organization by keeping abreast with the latest developments in Information Security. Work Experience

Emirates Global Aluminium Jebel Ali, Dubai


• Part of Enterprise Security team at EGA, managing and over-sighting the SOC monitoring/operations of L1,L2 team of on-shore and off-shore.

• Working along with the Red-team, Preparing the scope and attack scenario’s for every month to asses the security posture of EGA and blue team capabilities.

• Performing internal and external threat hunting, preparing the reports for management with the identified anomalies along with the action plans. Also doing period scanning on all of EGA assets with other team members.

• Performing POC operations (or) security tools(such as vectra, mcafee EDR, CISCO Email gateway ..etc) evaluation’s to fulfil the security gaps observed in SOC operations.

• Mapped all the SIEM use-cases with mite framework to understand the risk posture from APT attacks perspective and preparing new use-cases to have better coverage for all technique’s and tactics used by APT groups. also preparing the necessarySOP’salignedwiththeNISTframework,

• Working on the security card alerts to reduce the external threat posture of EGA. And managing internal bug-bounty program. Sophos Group plc. Ahmedabad, India


• As part of internal GCIRT members will handles the critical cyber security alerts and incidents generated by SIEM/Proxy/AV/BRO/IDS and IPS using the standard operational documents/playbooks/flow-charts which designed based on theNIST,MITRE, Cyber Kill Chain frameworks. The SOP’s will varywith the Industry (SOX, PCI, HIPPA.. etc

• IR activities performed such as:–> Splunk ES: use-case design, building search queries and dashboard creation, implementation and fine- tuning. –> Sophos Central: end-point protection, malware events, agents monitoring, group policies, application control, web-proxy manage- ment –> Sophos UTM: IDS/IPS events related to external web-attacks, scanning and exploitation command and control/bot traffic

• Hunting andReducingthenewthreatandattackvectorsthatimpactstheorganizationeitherInternal(or) Externally.–>Wiki and Jira: identifying the wiki directories with sensitive content. –> Google Dorks,and Dark-Web: by using open sources identifying the potential sensitive files, vulnerabilities of organization. –> Digital Shadows: third-party risk management tool which provides the parking domains, vulnerable certs, brandmisuse,passworddumps–>Devops andAutomation:building custompythonscriptstoautomatetheintelligencegathering.Integrating IOC’s to the SIEM which gathered from public and private intelligence source’s

• Phishing and Spam Automation: Handling phishing email submission from the end-users and taking containment steps. creating SPF, DKIM, DMARC records for the domains to protect from the spoofing. –> Phish Threat: phishing simulation, spear -phishing and purple-team simula- tion, quarterly campaign’s and reporting to board members –> Tines: phishing automation, standard replies, e-mail banner implementation, Security use-case automation

Metmox Software Solutions Pvt Ltd. Hyderabad, India INFORMATION SECURITY SR. ANALYST IT SECURITY ANALYST Sept. 2015 - Jun. 2018

• Incident Handler: As part of L2 SOC team member, will handles, re-mediate, escalate the potential security incidents reported by L1 tier SOC members. Also worked on log sources integration and reports creation.–> QRADAR: offenses analysis, correlation searches creation, reporting, attending fine-tune and CIRT meetings.

• Proxy Management: Working with the network team on proxy installations, Region/Department policies, URL categorization, UBA events. Also working on the predefined threat categories in proxy such as Botnet Call back, Spyware Callback,Malicious Content, XSS, SQL, Cookie stealing.. etc.–> Zscaler: Working along with the network team and integrating ZEN/Proxy nodes to the Palo-alto and Juniper firewalls over ipsec/GRE tunnel.

• Endpoint Detection and Response: EDR tool identify and mitigates the potential ATP, Ransomware attacks.–> Tanium: Identifies and stops all ATP level attacks, power-shell executions and registrymodifications, patch management, good source for inventorymanagement.

• Third-Party Risk: Third-Party risk tool provides the security rating for the organization based on the external threat vectors observed. This risk scores will calculated based on the industry type.–> Bitsight: Worked on third-part risk management tool which reports mis-configured a) SPF b) DKIM c) SSL/TLS certificate issues d) Potential open ports e) UBA events f)HTTP headers –> SNR: Creating Security Notification reports to the management for the external feeds.

APRIL 8, 2020 SEC-UR-RITY - YOU ARE AT THE CENTER. 1 Honors & Awards


2019 CISO Security Award, Identified potential Zero day attack in organization SOPHOS, U.K 2018 Quarterly Flyer, Got best performer award for the Q3 2018 SOPHOS, IT 2017 Security Specialist, Received Security coin from the client Stryker, U.S.A EXTERNAL

2018 HOF, Received Hall Of Fame - Bug-Bounty 2018 Hoodies, Responsible Disclosures for multiple websites Bug-Bounty 2020 Money Prize, Responsible Disclosures for IKEA, resulted bug-bounty of 300 Euro’s Bug-Bounty POC and SME

Sky-High Cloud Management

DLP MANAGEMENT Jan. 2017 - Jul. 2017

• Worked on the CASB infrastructure to mitigate the potential data theft from the internal systems and identifying the inside attackers. Created the regular expressions for the potential PII and sensitive information to track the users are uploading downloading/uploading externally Carbon Black, Protect Wise - Endpoint Response Sensors and Agents EDR Oct. 2016 - May. 2017

• Security End-point detection and monitoring tool to identify the ATP events and Torrent activity, TOR, Device Isolation

• Performed agent installation and prepared custom IOC and yara rules to detect the potential anomalies on the end assets Security Training’s and Certification

2019 Trained and Certified, EDR - Recloak certified specialist India 2018 Trained and Certified, SOPHOS certified security engineer India 2018 Trained and Certified, Splunk Fundamentals 1 and 2 India 2017 Trained and Certified, ECSA - EC-Council certified security analyst India 2017 Trained and Certified, Cybrary - End-user PII and Security Fundamentals India 2016 Trained and Certified, Qualys certified vulnerability specialist India 2016 Participated, Finalist - Tech challenge 3.0 Capgemini India 2016 Trained and Certified, IBM MSS Security Incident Response India 2015 Trained and Certified, OCJP - Oracle Certified Java Programmer India Extracurricular Activity

Participated several CTF’s) India


• Got 92 Rank in NULL-CON - GOA, 2017.

• Own CTF challenge in organization - conducted by client. Blog Writer and Bug-Bounty India


• blog reader and writer.

• Performing OSINT, exploitation on third-parties and reporting responsible disclosures.

• Dark web Hunting.

• updating my knowledge with current attack threat vectors. APRIL 8, 2020 SEC-UR-RITY - YOU ARE AT THE CENTER. 2

Contact this candidate