Cyber Security Analyst
Resume:
KALPIT PATEL - Cyber Security Specialist (SOC)
Security Architecture Vulnerability Management Cloud Security
(C) 614-***-**** E mail ID – *********@*****.*** Work Status – US Citizen
Information Security Analyst SOC Analyst Cyber security Operations Specialist
self-driven, multi-certified Team Lead Cyber Security Specialist with 8+ years of IT Industry experience primarily focused on Risk management, Secure and Design Architecture, Information Systems Security with active participation in Security Operations Centre (SOC) support activities, Security operations, Application security, Vulnerability Management. An insightful and results-driven IT professional with a passion for being the best Security Analyst and setup complex network environments with highest security standards. Successfully meets the challenge of remaining current with new and developing technology to participate in corporate IT security initiatives in support of business objectives.
Professional Summary
Architecture, Authored, directed the SOC Analyst and Engineering playbooks for functional areas such Threat Intelligence operations (collection, analysis, and dissemination), malicious code analysis, custom Source fire IDS signature analysis, Source fire Threat Feeds, Threat hunting activities, on boarding critical log sources.
Directed and presented current security controls, Security gaps and overall security programs to the stakeholder and defined the strategies to achieve a strong security for an organization.
Experience designed the cybersecurity Principals, policies and asses the security gaps and implemented best practices.
Designed principles like Defense in depth approach, least privileged, identity access management, Secure design.
Experience with enterprise-class security products such as web proxy, IDS/IPS, DLP, Firewall, End point protection solutions, SIEM, SOAR Platform, Cloud security, email security.
A fast-learner who was successfully able to create the database for my team’s website project in under a week by quickly learning the SQL programming language and then implementing my learnings to achieve the goal.
Worked in 24*7 running SOC department to analyze security incidents and log analysis to identify anomalies.
Hands-on experience with Threat Hunting activities like identification of Threat, mitigating threat and documented
Strong understanding of enterprise, network, system/endpoint, and application-level security issues and risks
Excellent knowledge of FISMA, HIPAA and NIST, PCI DSS, SOX Compliance usage, rules and regulations
Specialist in Consulting of different security solutions for all phases of solution cycle: Planning, Architecture, Design, Implementation, Deployment, Troubleshooting & Support, Handover and Documentation.
ISO 21434 and other UNECE R155 standards and Regulations experience in project management Assessments experience in Enterprise/TPRM etc domain.
ISO 21434 standard or other standards such as ISO 27001 ISO 21434, and UN ECE R155 TLS, wireless communication protection, firewalls, secure boot Experience configuring and fluent with POSIX based OS(s) e.g., Linux, QNX, etc.
TECHNICAL PROFICIENCIES:
Continuous Monitoring: Vulnerability Management, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance, Sourcefire, Rapid7, Splunk ES, Dmisto
Event Management: RSA Archer, Blue Coat Proxy, Splunk, NetWitness, LogRhythm, HP Arcsight
PenTest Tools: Metasploit, NMAP, Wireshark and Kali
Security Software: Nessus, Ethereal, NMap, Metasploit, Snort, RSA Authentication
DLP: McAfee and Symantec
Frameworks: NIST SP 800-171, ISO 27001/31000, HIPPA, HITRUST CSF, PCI DSS
Firewalls: Check Point, ISA 2004/2006, Palo Alto PA 3000/5000
Security Standards: NIST, PCI-DSS, HIPPA, SOX and ISO standards (ISO 27001)
Security Architecture:
EDUCATION:
M.S. in information Technology, University of Potomac, U.S.A. 2018.
Attended & completed Master of Science in Information Technology at the University.
B.E in Information Technology, Gujarat Technological University, India. 2015.
Successfully completed B.E at the Gujrat Technological University in 2015.
Security Analyst Training, Intellectual Point, Reston VA 2018.
Completed 6 Months Training on Security practices, detection, reporting, analysis, and incidents.
CERTIFICATES & ACHIVEMENTS:
COMPTIA Security+ SY0-501 2019.
Expert at populating security events that are populated in a Security Information and Event Management (SIEM) system.
Red Hat Enterprise Linux 6 2018.
Navigate, and use RHEL to its full capabilities, Including Making Directories, installing packages, updating, and installing.
Certified Ethical Hacker 2019.
Investigate intrusion, attempts, and perform in-depth analysis of exploits using Alien vault, Dark Trace, Active Directory Audit, Firewall Analyzer.
EC Council Security Analyst 2019.
Performed CTF challenges red team activities.
Certified Network Defender(C ND) 2020.
Microsoft Certified Cybersecurity Architect 2024
CISSP Learning ( In-Progress), accomplish by Oct 2024.
Attended Digital Natives Meetup: (1) Hands on Spunk Challenges.
(2) Red Hat Enterprise Linux
PROFESSIONAL EXPERIENCE
CITI Bank – Dallas, TX ( MSSP – LTI Mindtree)
Team Lead Cyber Security Operations Specialist (Cyber Fusion Center/Cyber security operations center) Level 2&3 Incident Response, Threat Hunting, Risk Management
Full-Time
August 2021 to Current
Manage the Team of 3 Members (North American division), directed and helping them for day-to-day SOC Supported activities and Security Operations various task.
Design and develop security architectures for cloud and cloud/hybrid-based systems, Application security. Partnered and managed security service providers.
Lead the team that identifies security risks and creation of security architecture requirements and mitigation strategies.
Help develop the Fusion Center mindset and follow the sun model.
Conducted proactive threat-hunting activities across network environments, analyzing data from SIEM systems to identify unusual patterns, anomalies, and potential indicators of compromise (IOCs).
Developed and implemented threat-hunting playbooks and strategies, leveraging techniques such as hypothesis-based hunts and TTP (Tactics, Techniques, and Procedures) analysis aligned with the MITRE ATT&CK framework.
Utilized packet capture and network traffic analysis tools to examine endpoint and network behaviors, identify malicious activity, and reduce dwell time for undetected threats.
Collaborated with incident response teams to investigate and contain threats, correlating data from endpoint, network, and application logs to uncover sophisticated attacks.
Led complex incident investigations and response efforts for advanced cyber threats, including malware outbreaks, lateral movement detection, and data exfiltration attempts, utilizing SIEM tools (e.g., QRadar, Splunk).
Conducted in-depth forensic analysis on compromised endpoints and network systems, employing tools like Wireshark and packet capture to trace attack vectors and identify root causes.
Strong malware analysis expertise and taken a step for the containment, eradicated the Malware.
Author incident status updates and closure reports to leadership.
Produce postmortem reports to identify lessons learned and recommendations.
Hands-on experience with automation and playbook development for SOAR platforms, preferably XSOAR.
Design, develop, guide and review automation use cases to be released on the Cortex Marketplace.
Utilized XSOAR’s case management features to track, manage, and resolve security incidents effectively, ensuring all incidents were documented and remediated in a timely manner.
Created training materials and documentation for SOC teams on how to use XSOAR for automated incident response and orchestration.
Gather requirements, initiate innovative ideas, collect feedback from stakeholders and develop compelling use cases - Following release, promote the solution and help customers onboard it.
Work with partners on product use cases, API documentation questions, playbooks and joint product offering.
Focus on the development, maintenance, and delivery of new Security Orchestration and Automation content including custom RESTful API integrations, SOAR Playbooks, Automations/Scripts, Jobs, dashboards, reports, widgets, and code via Continuous Integration / Continuous Delivery pipelines adhering to an Agile development practice.
Provide technical guidance regarding risks and control measures associated with new and emerging technologies.
Providing technical leadership, guidance, and direction to the application security team.
Leading the cyber incident response process to ensure timely triage, analysis, containment, eradication and return to service for high severity or long running incidents.
Developed Alert triage incident response methodologies to respond Zero-day threats.
Helped coordinating Pen testing activities and lead the efforts to mitigate the risk, threat.
Designed, implemented, and managed Symantec Data Loss Prevention (DLP) solutions to protect sensitive data and ensure regulatory compliance.
Conducted risk assessments and gap analysis to identify and address potential data leakage vulnerabilities across the organization. Stayed abreast of the latest security threats, vulnerabilities, and industry best practices to enhance the effectiveness of vulnerability management processes.
Developed and executed PowerShell scripts to automate routine security tasks, such as user account management, system audits, and incident response, improving efficiency and reducing manual errors.
Created custom PowerShell modules to enhance security monitoring and reporting, providing real-time alerts and detailed logs of suspicious activities.
Implemented PowerShell scripts for system hardening and compliance checks, ensuring adherence to industry standards and reducing vulnerabilities.
Developed Python scripts to automate threat detection and response processes, enhancing the organization's ability to quickly identify and mitigate security threats.
Implemented machine learning algorithms in Python to analyze large datasets and detect anomalous behavior, improving the accuracy of threat identification.
Creating and managing user groups in the identity and access management system. Enforcing company policies and procedures related to identity and access management.
Deliver and Designed solutions for Perimeter Defense (Email/SMTP Gateways) like, CISCO IronPort, Proofpoint, CrowdStrike, CASB, Exabeam XDR.
Identify Potential Risk indicators from the environment by running the Threat hunt searches and participated in building threat hunting program for an organization and identified critical log sources and drive efforts to enabled those into Exabeam XDR to identify Risk indicators, outliers.
Participate in threat hunting activities using tools and data available; make recommendations to enrich data sources for more accurate correlation.
ISO 21434 standard or other standards such as ISO 27001 ISO 21434, and UN ECE R155 TLS, wireless communication protection, firewalls, secure boot Experience configuring and fluent with POSIX based OS(s) e.g., Linux, QNX, etc.
Assessment guidance/standards used; NIST SP 800-30, NIST 800-53, NIST 800-171, ISO27002, ISO27005, to ensure regulatory compliance and proper assessment of risk.
Develop documentation for new/existing policies and procedures in accordance with Risk Management Framework (RMF), NIST SP 800-30 requirements.
Charter Communications – St. Louis, MO
Cyber Security Engineer (Security Operations center environment)
Full-Time
August 2020 – August 2021
Detection, triage, analysis and response to cyber-attacks and performed incident response activities at Level 2 and Level 3.
Designed and implemented automated incident response workflows using Cortex XSOAR, reducing response time and improving efficiency across security operations.
Developed and customized XSOAR playbooks for various security incidents, including phishing, malware detection, and insider threats, resulting in faster and more consistent incident handling.
Integrated XSOAR with SIEM, SOAR, EDR, and other security tools to create a unified security operations center, enabling seamless data flow and automated response actions.
Automated threat intelligence ingestion and enrichment processes using XSOAR, enhancing the organization’s ability to detect and respond to emerging threats.
Developed custom scripts within XSOAR to automate repetitive tasks, such as log analysis and report generation, streamlining SOC operations.
Developed Python scripts to automate security tasks such as log parsing, data extraction, and vulnerability scanning, reducing manual effort and increasing accuracy.
Created custom Python tools to address specific security needs, such as automated malware analysis, phishing detection, and network traffic monitoring.
Integrated various security tools and platforms via Python-based APIs, enabling seamless data exchange and enhancing overall security visibility.
Used Python to develop threat-hunting scripts that automate the detection of anomalies and potential security threats within large datasets.
Orchestrated security processes by connecting multiple security tools and APIs through XSOAR, improving overall threat detection and response capabilities.
implemented and Designed software application security controls and technical solutions to address security weaknesses.
Experience with investigating & managing major/complex cyber incidents end to end.
Developed custom SIEM deliverables in Splunk to meet customer needs in a variety of domains: IT security, financial, IT ops, human resources, physical security, etc.
Utilized PowerShell to streamline the deployment and configuration of security tools across multiple servers, ensuring consistent and secure setups.
Conducted forensic analysis using PowerShell to collect and analyze event logs and system information, aiding in the investigation of security incidents.
Continuously prepare for incidents by updating and maintaining incident response plans, playbooks and procedures.
Manage and participate in cyber related exercises such as table tops and cyber ranges.
Measure the effectiveness and performance of the incident response process through KRI and KPI metrics.
Wrote Python scripts to perform vulnerability assessments and penetration testing, identifying and addressing potential security weaknesses.
Leveraged Python for developing security dashboards and visualizations, providing actionable insights and improving the decision-making process for the security team.
Identify methods to continuously enhance the incident response process
Work closely with the SOC to drive development and collaboration
Assessment guidance/standards used; NIST SP 800-30, NIST 800-53, NIST 800-171, ISO27002, ISO27005, to ensure regulatory compliance and proper assessment of risk.
Performed incident response activities using Splunk ES on security incidents such as account compromise, unauthorized access, malware infections, PUP/PUA downloads, and phishing.
Correlated data from multiple sources (e.g., IDS/IPS, firewalls, endpoint security) to detect, triage, and respond to security incidents in real-time, minimizing business impact and threat dwell time.
Developed and refined threat-hunting procedures and detection rules within the SOC, aligning with the MITRE ATT&CK framework to enhance visibility into advanced persistent threats (APTs) and zero-day exploits.
Coordinated with threat intelligence teams to integrate new threat intelligence feeds and IOCs into the SOC environment, updating detection strategies for emerging threats.
Served as an escalation point for Level 1 and Level 2 SOC analysts, providing guidance on complex cases and performing incident validation for high-severity alerts.
Implemented and optimized use cases in the SIEM for anomaly detection, reducing false positives and enhancing alert accuracy for faster incident response.
Experience on-boarding cloud accounts into Prisma Cloud and configure Prisma Cloud settings and Integrated Prisma Cloud Compute Native Security Platform into CI/CD pipelines to continuously scan and monitor for security anomalies of host, container, and serverless functions.
MassMutual Life Insurance Company, Springfield, MA (Remote)
Sr. SOC Analyst (Security Operations Center Environment)Shift Team Lead (Level-2 and Level-3 Incident response)
Contract
March 2021 to July 2021
Lead a 2nd Shift in our 24*7*365 environment. Managed and supported 2 junior analysts.
Delivered detailed incident response reports and root cause analysis to executive management, providing recommendations to improve security posture and mitigate recurring threats.
Automated routine SOC processes and threat detection workflows using scripts (e.g., Python, PowerShell) to increase operational efficiency and reduce response times.
Conducted training sessions for junior SOC analysts on advanced security topics, including threat hunting, incident triage, and root cause analysis, enhancing overall SOC team capabilities.
Ran KQL Queries in Azure sentinel periodically to spot anomalies as part of Threat hunting program.
Train and Mentor SOC personnel
Creating an environment which drives knowledge sharing with teams across the Fusion Center.
Deploy, manage, configure policies, running an optimization with Cloud Platform EDR Solution Carbon Black Defense.
Created Dashboards, Alerts, Alarms, Reports in Azure Sentinel. On boarded Critical log sources into Splunk ES to spot anomalies proactively.
Investigate malicious phishing emails or proxies and perform corrective actions following SOPs and company policies.
Champion identifying Key risks indicators and report threat analysis to provide input on system process improvement as well as to determine anomalies or irregularities by malicious actors proactively; escalate concern for further investigation.
Spearhead in identifying risks, intrusion detection, and threat event management by utilizing quick incident response.
Participated in integrating and supporting development of XSOAR platform with Splunk ES.
Enforced emails using Agari Phishing response.
Monitored network traffic logs to identify all potential malicious RDP Connections. Developed Playbooks for Malware analysis, IDS/IPS Traffic, Okta suspicious logon investigating, RDP Connections investigating, WMI Attacks.
MiTek industries (Subsidiary of Berkshire Hathway) – Chesterfield, MO
Security Operations Specialist
Contract
July 2020 to March 2021
Risk analysis and security control gap analysis from an information & network security perspective.
Documented Information security policies and delivered the information security awareness training for an organization.
Responsible for the planning, design and implementation of application security architectures; oversees the implementation application security and ensures compliance with corporate cybersecurity policies and procedures.
Oversee the regular scanning of applications using various automated application security tool Checkmarx covering Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), etc.
Drive the efforts to create an alert investigation incident response guide/Playbook. Responsible for True positive Alerts triage, Dashboard creation for identifying more Risk indicators. Key member of incident response activities and enabling the MITRE Framework.
Ensured compliance with regulatory requirements by configuring vulnerability scans to address specific standards (e.g., PCI DSS, HIPAA, GDPR) relevant to the organization.
Implemented anomaly detection mechanisms within vulnerability scanning tools to identify suspicious or unauthorized activities during scans.
Oversee the integration of MDM systems with other enterprise security and management tools.
Implement and enforce security measures for mobile devices, including device encryption, access controls, and threat detection.
Ensure compliance with industry regulations and data protection standards related to mobile devices.
Worked using Splunk best practice standards for OWASP top 10 CIS CSC, DLP, Data classification, and Encryption standards for Contractors and employee.
Reviewed and coordinated the development of contingency plan (CP), continuity of operations (COOP), disaster recovery plan (DRP) and incident response plan (IRP).
Identified of all critical log sources are integrated or not and if not then will drive the efforts to integrate those to on boarded. Also done fine tune existing and create new use cases to have all potential Risk indicators identified holistically.
Used NIST 800 framework to develop cloud security incident response procedures.
Virginia Department of Health
Cyber Security Analyst
Contract
February 2019 – May 2020
McAfee ePolicy Orchestrator and HIPS Infrastructure and Management systems to more than 100K devices. Reviewed and designed security best practices for McAfee ePO, Anti-Virus, HIPS and DLP.
Monitored network traffic with McAfee Enterprise Security Manager (ESM) and helped to transition from McAfee ESM to Splunk.
Investigated and processed malware samples to research threat techniques and consulted with Anti-Malware vendors to develop defenses.
Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
Responsible for analyzing, responding, and providing recommendation for security incidents manually or automated forensic analysis tools.
Planned, performed, monitoring, analyzing and managing Grey Box, Black Box and Whitebox Application Security assessments using tools and manual analysis for OWASP Top 10 vulnerabilities
Planning, risk and control assessment of Sky-high CASB to enhance visibility to user interaction to enterprise data in the cloud.
Developed Cyber Security Standards on NIST Frameworks and insured their proper implementation to reduce the risk of vulnerability to IT assets.
Reviewed encryption logs and DLP logs to regulate use base technological risk violations.
Upgrade, managing and troubleshooting various issues with Cisco IPS.
Rules implementation, log analysis, logical troubleshooting and managing various Checkpoint Products-Power-1, UTM-1, Smart-1 appliances and Cisco ASA appliances.
ICICI Bank – Mumbai, India
Jr. SOC Analyst
Contract
May 2014 to August 2016
Managing security incidents in the organization, key member of Incident Response Team at Level-1.
Monitored Phishing emails which get reported by the user and create and assign tickets to analyze further.
Monitoring various event sources for possible intrusion, determine the severity and create correlation rules to detect thereat in SIEM.
Worked on SIEM for detecting malware and threat analysis on web-based URL filtering.
Work on assigned support tickets and answer end user support questions.
Analyze and respond to security threats from Firewall (FW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Antivirus (AV), Endpoint Detection and Response (EDR), Network Detection and Response (NDR), Email Security, Cloud Security, and other security threat data sources.
Perform day to day level-1 administration and support of security infrastructure tools and systems, including but not limited to SIEM, IDS/IPS, Anti-Virus, Anti-Malware, DLP, and other Network or System Monitoring tools.
References will be also provided upon request
Contact this candidate