Cybersecurity Analyst Cloud Security

Yoga Sai Midde

Cybersecurity Analyst

***************@*****.*** 817-***-**** USA https://www.linkedin.com/in/yoga-sai-midde SUMMARY

Dedicated Cybersecurity Analyst with 3+ years of experience in SOC operations, threat detection, incident response, and vulnerability management. Proficient in SIEM platforms (Splunk, SOAR) to enhance threat detection and response while reducing false positives. Skilled in vulnerability assessments, penetration testing, and securing cloud and on-premises environments. Experienced in implementing security frameworks (NIST, ISO 27001, HIPAA, PCI-DSS, SOX) and collaborating with teams to strengthen security strategies. Expertise in cloud security (AWS, Azure, GCP), endpoint protection, and security automation to reduce risks and improve efficiency. SKILLS&INTERESTS

• Programming & Scripting: Python, PowerShell, Bash, C, C++, Java, JavaScript, SQL, R, Ansible

• Virtualization & Cloud Security: VMware, Hyper-V, VirtualBox, AWS, Azure, GCP, IaaS, PaaS, SaaS, DevOps, Compliance

• Cloud Security:AWS, Azure, GCP, IaaS, PaaS, SaaS, DevOps, Cloud Security Compliance

• Security Tools and Technologies:Firewalls, IDS/IPS, SIEM (Splunk, ArcSight, FireEye, McAfee), SOAR, IDS/IPS, EDR/XDR

(CrowdStrike, SentinelOne), Incident Response, Log Analysis, Threat Detection, Vulnerability & Penetration tools(Nessus, OpenVAS, Tenable.io, Metasploit, Burp Suite, Kali Linux, SQL Map, Nmap, OWASP ZAP, Netcraft), Digital Forensics(FTK Imager, Autopsy, Volatility, OSINT), Antivirus (McAfee, Symantec), Snort, Wireshark, Email Security, Patch Management (SCCM), Data Loss Prevention.

• Security Frameworks and Methodologies:NIST, ISO 27001, COBIT, ITIL, MITRE ATT&CK, HIPAA, PCI-DSS, SOX, FIPS, GRC, BCP, DRP, OWASP, Agile methodology.

• Cryptography:SSL/TLS, AES, RSA encryption protocols, OpenSSL, GnuPG (GPG), PyCrypto, CryptoJS

• Security Protocols and Standards:SSL/TLS, IPSec, SSH, HTTPS, AES, RSA, TCP/IP, UDP, DNS, NetBIOS, SNMP, TLS, VPNs, FTP

• Other Tools:Power BI, Tableau, MS Office, Advanced Excel, Web Technologies (HTML, CSS, React, JavaScript, .NET, XML, JSON )

• Operating Systems: Windows, Linux, macOS, Unix, Ubuntu, Oracle RELEVANTWORKEXPERIENCE

PNC Financials Texas, USA

Cybersecurity Analyst Sept 2023–Jan 2025

• Leveraged SIEM platforms (Splunk, SOAR) for real-time threat detection and incident response across cloud and on-premises environments, reducing mean time to detect (MTTD) by 45% and improving incident resolution time by 35%.

• Performed SIEM alerts, IDS/IPS data, network traffic with Splunk, identify and respond to 50+ security incidents with zero false negatives.

• Implemented and optimized Tenable.io and Tenable.sc vulnerability management programs, scanning 100+ systems, reducing risk exposure by 30%, improving patch deployment speed by 40%, and achieving a 65% reduction in critical vulnerabilities.

• Built an excellent exposure on NIST, PCI-DSS, HIPAA, SOX, Zero Trust, Cyber Kill chain, MITRE ATT&CK, CI/CD pipeline.

• Conducted vulnerability assessments with Nessus, Nmap, and OpenVAS, prioritizing remediation based on risk severity, and applied Zero Trust, MITRE ATT&CK, and Cyber Kill Chain to strengthen threat modeling and incident response

• Conducted web application security assessments using OWASP Top 10 guidelines and Utilized Burp Suite to identifying, remediating and documenting 10+ vulnerabilities, including SQL injection and XSS, through a bug bounty program.

• Built a strong exposure on OWASP Top 10 methodologies, apply them to identify and mitigate common web application security risks.

• Conducted SAST and DAST to identify vulnerabilities and recommend remediation strategies, enhancing system and network security.

• Monitored customer profiles for suspicious activities, identified security vulnerabilities, and collaborated with teams to implement immediate remediation solutions to enhance application security and protect user data.

• Conduct internal audits of and information security controls to ensure compliance with industry standards. Assess cloud environments (AWS, GCP, Azure) for vulnerabilities, recommend improvements, document findings, and support remediation efforts with cross-functional teams

• Designed and implemented secure cloud infrastructure by identity and access management, monitoring for incidents, and ensuring continuous improvement of cloud security technologies collaborated with cross-functional teams to enhance security processes.

• Designed and implemented robust security architectures using Azure security tools and frameworks, while managing IAM solutions to ensure secure and efficient user access control.

C-Edge Technologies India

IT Security Analyst Mar2020–Jul2022

• Designed and Implemented a centralized log management system using Splunk, improving threat detection capabilities by 60% and reducing investigation time by 45%

• Monitored security alerts with SIEM tools, responded to incidents, coordinated containment, documented incidents, and collaborated with teams to improve incident response and security posture.

• Conducted proactive threat hunting using advanced tools like Splunk, CrowdStrike, SentinelOne, and EDR solutions to identify and mitigate potential vulnerabilities before exploitation..

• Documented security breaches, assessed damage, prepared detailed reports with corrective actions, and creating GRC documentation and controls for PCI-DSS and HIPAA compliance.

• Installed and managed critical security software, including firewalls and encryption tools, to protect sensitive organizational data and ensure compliance with security policies.

• Developed security policies and automate compliance monitoring for PCI-DSS, HIPAA using SOAR tool, reducing false positives by 50%.

• Conducted 30+ web application vulnerability assessments, identifying and patching 95% of critical vulnerabilities within 48 hours within SLA timeframe to improve security posture.

• Performed source code reviews for 7 critical applications, identifying and collaborating with development teams to remediate 25+ security flaws before production deployment.

• Conducted OSINT gathering, vulnerability assessments, and penetration tests across web, cloud, and IoT environments using tools like Burp Suite and Metasploit, and contributed to security awareness by analyzing spear-phishing attacks.

• Collaborated with the security operations team to analyze penetration test findings, develop mitigation strategies, and contribute to incident response improvements using frameworks such as MITRE ATT&CK and Cyber Kill Chain.

• Conducted internal audits on information security controls to ensure compliance, mitigate risks, and enhance organization security posture.

• Conducted internal IT audits, ensuring compliance with PCI-DSS, HIPAA, and NIST frameworks, reducing compliance gaps by 25%.

• Implemented robust security frameworks like NIST, ISO, SOC2, PCI-DSS mitigating vulnerabilities and enhance security posture by 25%.

• Monitored network traffic for security threats, implemented firewalls and IDS/IPS, and responded to incidents to maintain network integrity and network infrastructure.

EDUCATION

The University of Texas at Dallas, USA-Master’s degree, Cyber Security Technology and Policy CGPA – 3.6 Reva University, India-Bachelor’s Degree in Computer Science CGPA – 3.5 CERTIFICATIONS

CompTIA PenTest+

CompTIA Security+

CompTIA Network Vulnerability

Assessment Professional (CNVP)

EC - Council Web Application Security

Testing with Google Hacking

(ISC) Certified in Cybersecurity (CC)

EC-Council Digital Forensics essentials

(DFE)

EC-Council Malware Analysis

Fundamentals (MAF)

EC-Council SQL Injection Attacks and

Black HatPython: Python for

Pentesters

EC-Council Dark Web, Anonymity,

and Cryptocurrency

EC - Council Practical Wireshark

UCertify – Digital Forensics

Investigations

Cisco – Introduction to Cybersecurity

Introduction to Packet Tracer

Contact this candidate