cybersecurity analyst
Resume:
VAMSI ABHIRAM GURU
Security Operation Center(SOC)/Cybersecurity ANALYST
351-***-**** *************@*****.*** LinkedIn Github SUMMARY
● SOC/Cybersecurity Analyst with 2+ years of experience in safeguarding enterprise systems through security monitoring, incident response, and vulnerability management.
● Adept at using SIEM tools (Splunk, Datadog) for threat detection and event analysis, with hands-on expertise in performing security audits and risk assessments.
● Proficient in cloud security (AWS, Azure) and implementing robust access control policies, encryption, and multi-factor authentication.
● Strong understanding of security frameworks like ISO 27001 and SOC 2, with a proven ability to collaborate with cross-functional teams to develop security policies and ensure compliance. SKILLS
Programming Language: Python, Bash, SQL
Security Tools & Technologies: SIEM (Splunk, Datadog), Nessus, OpenVAS, IAM (OAuth2.0, JWT), Vulnerability Scanning, Incident Response, EDR Tools, Nmap, Wireshark, Network Stumbler, Log Management Networking & Protocols: TCP/IP, DNS, HTTP, HTTPS, DHCP, Subnetting, Firewalls, VPN Configuration, Network Hardening, Routers, Gateways, OSI layers
Cloud Security: AWS ((EC2, IAM, Lambda, S3, DynamoDB, Athena, CloudWatch, Redshift), Azure (Security Center, Data Factory, Data Lake, Blob Storage, Azure DevOps, Databricks) Operating Systems: Linux, Windows Server, Unix Administration, Active Directory Certifications: Microsoft Azure Developer Associate, ISC2 Certified in Cybersecurity, CompTIA Security+ EDUCATION
Master of Science in Computer Science Aug 2022-May 2024 University at Buffalo, Buffalo, New York
Bachelor of Technology in Electronics and Communication Engineering Vellore Institute of Technology, Tamil Nadu, India EXPERIENCE
CYBERSECURITY ANALYST, South Central Indian Railways, Andhra Pradesh, IN Jul 2020 – Jul 2022
● Monitored and analyzed network traffic, IDS/IPS, and security event logs using Splunk ES, ensuring the detection and prevention of malicious network activity.
● Investigated and resolved potential security intrusions, including root cause analysis and recovery plans, while conducting detailed forensic analysis of network packets, DNS, malware, and proxy logs.
● Processed daily threat intel, blocking malicious domains, IPs, and MD5 hashes, and used McAfee DLP Manager to safeguard sensitive data and ensure compliance.
● Created and managed security alert notifications, developed dashboards and reports for threat detection, and analyzed phishing and malicious email alerts to mitigate risks.
● Developed use cases for automating security tools and processes, tuned detection systems to reduce false positives, and contributed to the refinement of overall SOC operations.
● Provided incident response support, collaborated with teams to address vulnerabilities, and created action plans to resolve security issues while maintaining clear documentation.
● Performed vulnerability assessments with Nessus and OpenVAS, identifying and mitigating high-risk vulnerabilities across over 500 servers and network devices.
● Designed and implemented AWS security configurations, including IAM policies, S3 bucket permissions, and CloudWatch monitoring, preventing unauthorized access and data breaches. PROJECTS
SOC Automation Project
● Built a home lab simulating a SOC environment using Wazuh (SIEM/XDR), TheHive (case management), and Shuffle (SOAR).
● Automated threat identification, containment, and eradication with custom scripts, and designed a logical diagram for clarity.
● Configured seamless communication between servers and endpoints, simulating telemetry (e.g., Mimikatz) to trigger Wazuh alerts for testing detection capabilities.
● Integrated Wazuh, TheHive, and Shuffle for automated alert handling, case management, and analyst notifications.
● Created workflows to track alert ownership and demonstrated real-world scenarios like analyzing IDS alerts for Cobalt Strike. Active Directory Security and Monitoring Project
● Built an Active Directory lab with Windows Server 2022, Windows 10, Kali Linux, Splunk, and Ubuntu Server VMs.
● Configured Active Directory, promoted Windows Server to a domain controller, and integrated Sysmon for event logging.
● Used Splunk to ingest telemetry, create alerts, dashboards, and reports from security events. Simulated brute force attacks with Kali Linux and tested Atomic Red Team scenarios to analyze telemetry.
Contact this candidate