Incident Response Cybersecurity Engineer
Resume:
Adarsh Suresh
Cybersecurity Engineer
PROFESSIONAL SUMMARY
A cybersecurity professional with over 7 years of experience in incident response, network protocols, and advanced Azure security operations, demonstrating end-to-end expertise in cloud, compliance, and Zero Trust architectures.
Proficient in Microsoft Defender for Cloud, Azure Security Center, and Sentinel (SIEM), with extensive exposure to XDR/EDR, compliance frameworks (GDPR, NIST, HIPAA, ISO 27001), and infrastructure hardening techniques, ensuring a robust posture through continuous improvement.
Skilled in leveraging Microsoft Purview for governance, CyberArk, and Thycotic for privileged identity management, Nessus for vulnerability assessment, and F5 BIG-IP GTM for load balancing and security.
Proficient in scripting with KQL, PowerShell, and Python to automate incident response, alerting workflows, and configuration management.
Adept at implementing Zero Trust strategies by enforcing Just-In-Time access, role-based access controls, MFA, and Azure AD policies, while performing in-depth log analysis (Splunk, Azure Sentinel) to detect and neutralize threats proactively.
Configured and managed BGP, OSPF, and switching in Azure Virtual Network using Cisco Cloud Networking and FortiGate solutions, ensuring optimal routing, high availability, and secure network segmentation.
Orchestrated comprehensive incident response workflows, automating detection, containment, and remediation with Azure Logic Apps, Sentinel, and EDR/IDS/IPS tools. Leveraged anomaly detection (Proofpoint, Microsoft Defender) to preemptively address insider threats and advanced persistent attacks.
Configured and managed Microsoft Defender for Endpoint, Cloud, Identity, and Microsoft 365 Defender, minimizing the attack surface through privileged identity solutions (CyberArk, Thycotic) and enforcing Zero Trust-based policies.
Maintained secure network architectures across F5 BIG-IP, Citrix, VMware, and Cisco platforms, applying in-depth knowledge of TCP/IP, DNS, VPNs, firewalls, and network security groups to prevent DDoS attacks, unauthorized intrusions, and ensure resilient connectivity.
Applied advanced analytics, SPL, regex, and custom dashboards in Splunk and Azure Sentinel for proactive threat hunting, correlating logs from firewalls, endpoints, and cloud assets to enable early incident detection and streamlined triage.
Utilized PowerShell, Python, and KQL to automate provisioning, access management, policy enforcement, and remediation tasks, reducing operational overhead and enhancing response times.
Oversaw device fleet management with Intune and Autopilot, ensuring seamless deployment, patch management, and compliance while leveraging GPOs, SRP, and application whitelisting to uphold endpoint security.
Configured and maintained VMs/Containers/App/Function, VNets, NSG/ASG, Load Balancers, App Gateway, and service endpoints in Azure, implementing redundancy strategies, monitoring performance metrics, and enforcing secure configurations for critical enterprise resources.
Partnered with IT, network, and compliance teams to integrate advanced security solutions, align with ITIL best practices, and refine incident management protocols, facilitating cross-functional workshops to drive ongoing improvements and policy enhancements.
Education:
MS in Cybersecurity
BS in Electronics & Communications
Certifications:
Microsoft Security Operation Analyst (Azure SC-200)
Microsoft Security Engineer (AZ-500)
Microsoft Fundamental (AZ-900)
Splunk Core User (Splunk 2023)
Identity and Access Administrator Associate (SC 300)
CompTIA Security (2025)
FortiGate Operator 2024
Technical Skills:
Security Tools
Microsoft Sentinel, Wazuh, Zscaler, Purview, Priva., Entra-ID (Azure -AD), Qualys Guard, Nessus, Tenable, Splunk, Qradar, Proof point, F5 BIG IP, Netskope Admin, Wireshark, Pulse Secure (VPN), New Relic, Active Directory, Nozomi networks, CyberArk, SailPoint, Genesys Admin, Fortinet Network GUI, NMAP
Security Awareness Tools
Proofpoint, Knowbe4, PhishMe, SANS Hackers News, Bleeping Computer, CVE Org, Recorded Future, Feedly
Frameworks & Standards
NIST, ISO 27001, MITRE, PCI-DSS Standards
Networking & Protocols
Cisco Web Security Appliances, Network Protocols, VLANs, TCP/IP, DNS, DHCP, VPC, OSI Model
Operating Systems
Windows, Linux, Ubuntu
Scripting Languages
Python, Bash scripting, KQL, YAML, PowerShell, JSON
Professional Work Experience
Capital One, New York, NY Jan 2024 - Present
Senior Cybersecurity Engineer
Responsibilities:
Led and managed biweekly SOC status call meetings with various stakeholders
Skilled in configuring and managing virtual machines, redundancy zones, VNets, network security groups, and service endpoints to optimize security and performance in Azure environments
Leveraged SIEM(Sentinel) and IDS/IPS tools for real-time threat detection, analysis, and automated response workflows, including triaging containment, and mitigation of security incidents
Implemented CSPM strategies to identify and remediate misconfigurations, ensuring compliance and hardening cloud resources against vulnerabilities
Proficient in Microsoft Defender for Cloud, Azure Security Centre, and Azure Sentinel (SIEM) to monitor, detect, and respond to security threats across multi-cloud and hybrid environments
Designed and optimized high-speed optical networks using DWDM and SONET technologies to enhance data transmission efficiency, scalability, and redundancy for enterprise and telecom environments.
Deployed and monitored Microsoft Defender for Endpoint, Cloud, Identity, and Microsoft 365 Defender to safeguard hybrid environments and detect advanced persistent threats.
Conducted in-depth investigations leveraging Microsoft Defender for Cloud Security Posture Management (CSPM), consistently maintaining a Secure Score of 88% by implementing proactive security measures. Monitored and analyzed anomalous user behavior patterns through advanced alerting mechanisms, mitigating insider threats by enforcing role-based access control, conditional access policies, and Just-In-Time (JIT) access to sensitive resources.
Created and maintained incident response workflows using Logic Apps for automating alerts and playbooks within Microsoft Sentinel.
Utilized Azure Key Vault to manage secrets, certificates, and encryption keys, ensuring access is tightly controlled in line with Zero Trust principles.
Implemented CIS Benchmarks across cloud and on-premises environments to enforce best practices for security configurations and compliance.
Enabled and monitored compliance rules for various data classifications, ensuring adherence to organizational and regulatory policies such as GDPR, HIPAA, NIST 800-53, and ISO 27001.
Deep understanding of protocols like TCP/IP, DNS, and VPNs; experienced in configuring firewalls and managing secure network architectures
Managed Microsoft Purview for compliance and governance, ensuring adherence to regulatory standards across cloud resources
Worked on designing, implementing, and troubleshooting a wide range of Network Performance Issues and Password reset requests.
Worked with Cisco Citrix, VMware, and L2/L3 network troubleshooting as media assistance and Re-Imaged Enterprise laptop making it 80% efficient with workflow.
Creating new Virtual machines through Azure for Organizational Units and student requests for Enterprise Tenants.
KKR Global Investment Firm, New York, NY April 2023- Dec 2023
Senior SOC Analyst
Responsibilities
Regularly monitored and investigated network traffic using Azure XDR, reducing potential security breaches by 40% through proactive threat detection and response.
Conducted bi-annual security assessments utilizing Intune endpoint analytics, identifying and patching 85% of system vulnerabilities, strengthening overall security resilience.
Developed and implemented advanced security policies informed by Azure XDR insights, leading to a 30% decrease in email phishing attacks and improved organizational security.
Collaborated with IT teams to leverage Intune for vulnerability management, ensuring 100% timely patching of software vulnerabilities across all endpoints.
Delivered comprehensive security awareness training, incorporating real-world scenarios derived from Azure XDR data, which improved adherence to company protocols by 60%.
Aspire Tech Service and Solution, New York, NY Sep 2022- Mar 2023
SOC Analyst
Responsibilities
Monitored, analyzed, and responded to over 1,000 security events monthly from various organizational sources using Azure XDR, achieving a 99% incident identification rate and enhancing overall security posture.
Reviewed and optimized SOC processes, leveraging Azure XDR analytics and Intune endpoint data to achieve a 30% faster mitigation of potential threats and vulnerabilities.
Participated in 50+ incident response activities, leveraging Azure XDR’s threat intelligence and Intune’s endpoint insights to ensure timely containment and recovery, minimizing business impact.
Collaborated with a cross-functional team of 15 professionals, configuring Azure XDR and Intune security tools to reduce false-positive alerts by 40%, streamlining alert prioritization.
Delivered regular and ad hoc reporting to upper management using Azure XDR dashboards and Intune endpoint analytics, reducing the time spent on incident review meetings by 20%.
Deloitte, Hyderabad, India Mar 2020 – Jun 2022
Information Security Analyst
Responsibilities:
Configured and monitored F5 BIG-IP GTM to optimize DNS traffic routing based on geo-location and server availability, ensuring high performance and resilience during high query volumes and DDoS attacks.
Collaborated with IT and security teams to integrate Proofpoint's Advanced Threat Protection with existing security infrastructure, improving overall defense mechanisms.
Leveraged Azure Defender for Cloud to continuously monitor and detect abnormal behavior or potential attacks on the network, using anomaly detection to identify unauthorized activities.
Implemented playbooks to automate responses to common incidents like suspicious user logins, credential stuffing, and external access attempts.
Enforced disk encryption and secure boot policies using Azure Disk Encryption and BitLocker to protect sensitive data on endpoints, ensuring data protection across all trusted zones.
Monitored network traffic patterns using Azure to detect potential threats, including lateral movement, unauthorized data exfiltration, and traffic from malicious sources, ensuring timely identification and mitigation of security risks.
Utilized Microsoft Defender for Cloud for data loss prevention (DLP) alert analysis and hardening Zero Trust Network Access (ZTNA) policies
Implement secure mechanisms such as OAuth2, JWT (JSON Web Tokens), or API keys using Azure AD.
Administered Privileged Access Management (PAM/PIM) using CyberArk and Thycotic, securing sensitive accounts by implementing strict access controls and monitoring privileged user activity.
Implemented agents to collect logs from internal systems and integrated them with security information and event management (SIEM) platforms like Azure Sentinel, enabling real-time monitoring and detection of potential security incidents.
Conducted comprehensive policy reviews and access reviews using Azure CIS and Azure Active Directory Identity Governance, ensuring compliance with CIS benchmark
Led Endpoint Detection and Response (EDR) initiatives, overseeing the installation and management of endpoint sensors for enhanced threat visibility and proactive defense mechanisms.
Executed firmware upgrades and performed in-depth system health and hardware performance analysis.
Participated in cross-functional brainstorming sessions to generate innovative solutions for emerging IT and security challenges, contributing to the development of more efficient incident response strategies.
Set up SSL inspection to decrypt and analyze encrypted traffic, ensuring proper certificate management and deployment of the Netskope CA certificate across end-user devices.
HCL Technologies, Hyderabad, India Jul 2017 – Feb 2020
IT Support Engineer
Responsibilities:
Investigate cases where users are denied access to sensitive applications due to policy violations or suspicious activity.
Provided Level 1 and Level 2 IT support to diagnose, troubleshoot, and resolve technical issues for end-users, ensuring minimal downtime.
Responded to and resolved hardware, software, and network issues via remote tools, on-site support, and ticketing systems such as ServiceNow and BMC Remedy.
Deployed and maintained software applications, ensuring compliance with licensing requirements.
Monitored and maintained system performance using tools like Splunk.
Managed user accounts, group policies, and permissions in Active Directory to maintain secure and efficient user access.
Create exceptions for certain URLs based on business needs, ensuring critical resources are accessible while still maintaining security using Forcepoint.
Ensured alignment with ITIL processes for service management and continuous improvement in incident management practices
Designed and created custom reporting dashboards using WFM platforms to track vulnerability trends, improving visibility into organizational security posture.
Provisioned, configured, and managed virtual machines (VMs) in environments such as VMware, Hyper-V, and Microsoft Azure to support organizational needs.
Led Microsoft Intune configuration for both Windows and mobile device management, streamlining Autopilot deployments to enhance the end-user experience and ensure seamless device provisioning.
Managing Microsoft Intune admin portal for MDM management for profiles, service devices and handling device wipe or provisioning requests through admin portal.
Conducted advanced log analysis and event correlation using Splunk Processing Language (SPL) to investigate security incidents and identify malicious activity across multiple data sources (firewall, network, endpoint).
Utilized Rex commands and Regular Expressions to extract, parse, and analyze data from raw logs for deeper investigation and custom reporting.
Administered Active Directory and user account management, enabling ADFS and SSO to facilitate secure single sign-on access for corporate applications, while overseeing SRP and Application Whitelisting to maintain strict security policies.
Implemented Group Policy Objects (GPOs) to enforce security configurations and automate user and computer management, significantly improving domain-wide security compliance.
Maintained PowerShell scripts to automate administrative tasks like user provisioning, access management, and Policy upgrades greatly enhancing operational efficiency.
Monitored platform health and implemented modifications as required, following IT change management processes to ensure service continuity. Restricted access to non-business websites through whitelisting, handling requests to manage allow and deny lists.
Contact this candidate