Cybersecurity Analyst Incident Response

Kartheeka Neelakantam

Contact No: 217-***-****

Email ID: ***********@*****.***

PROFESSIONAL SUMMARY:

Detail-oriented and proactive Cybersecurity Analyst with one year of experience in monitoring, detecting, and responding to security incidents. Proven ability to utilize SIEM tools, conduct vulnerability assessments, and implement security protocols to protect organizational assets. Seeking to leverage my skills in threat analysis and incident response to enhance security measures. Committed to continuous learning and staying updated with the latest cybersecurity trends and technologies. Good analytical, problem solving, communication skills and can work independently as a member of a team.

TECHNICAL SUMMARY:

Operating systems Linux (RHEL, CentOS, Ubuntu), Windows variants, Mac OS Infrastructure as a service Amazon Web Services (AWS) SIEM Splunk, ELK, Azure Sentinel

Continuous Monitoring Log Stash, Cloud Watch

Security tools CyberArk,1Password, FortiGate, Zscaler, ServiceNow SecOps, CIS, CrowdStrike

Version Control Tools Git, SVN, Bitbucket

Vulnerability Management Rapid7, Qualys

Scripting Languages Bash, Shell, Python, Java, Java Scripts, Ruby, YAML, HTML, CSS Database MySQL, Oracle, Cassandra, AWS RDS

Application/Web Servers Web logic, WebSphere, Tomcat, JBoss EDUCATIONAL:

• Masters in Computer Science, NJIT

• Bachelors in Computer Science, JNTU

CERTIFICATIONS:

• Security+

PROFESSIONAL EXPERIENCE:

Client: PayPal, Austin, TX Dec 2023 - PRESENT

Role: Cybersecurity Analyst

Responsibilities:

• Worked extensively in Cybersecurity operation center including SIEM deployments, configurations, threat analysis, threat intelligence, incident response activities, SOAR.

• Responsible for onboarding multiple infrastructure, applications log to Splunk, Elastic SIEM, collecting logs from multiple sources by installing universal forwarders, elastic unified agent in operating systems.

• Configure the managed security rules in elastic SIEM platform, created dashboards, alerts and notifications.

• Proactively working on identifying the SIEM false positive and finetune the managed security rules accordingly.

• Involved in L2, L3 On-call support activities related to Security Operations Center (SOC).

• Integrated SIEM with multiple tools including threat intelligence tools like threat connect to collect the indicators of compromise, ServiceNow, Endpoint detection and Response.

• Extensively worked on security incident response activities including incident creation in ServiceNow, root cause analysis, mitigation, documentation, working with appropriate network, security teams to tighten the edge firewalls ports, rules, access policies.

• Enabled the AWS Infrastructure logging and injecting the logs to Splunk platforms by using universal forwarders and deployment manager servers.

• Created and modified the Incident Management playbooks for the most critical security incidents.

• Regularly worked with multiple teams including application team, platform team, DevOps teams to gather the requirements from audit, security, and compliance standards.

• Created SIEM policies, added integrations, send the agent information to appropriate teams for deployment, log validation, retention activities.

• Enabled all the AWS Infrastructure logging including Cloud trail, AWS Config, ELB Logs, VPC Flow logs, S3 access logs, Cloud watch logs.

KnackHook IT Services, India Jul 2021 – Jan 2022

Role: Cybersecurity Analyst

Responsibilities:

• Worked as part of the dedicated security operations team to support incident managements, Logging and Monitoring and improve the overall security posture.

• Based on the request from multiple teams, created security, dashboards, alerts and notification.

• Involved in insight Rapid7 Vulnerability management Scans, top 10 vulnerabilities, prioritize the vulnerabilities, reports and audits.

• Created Kibana data views, namespaces and Kibana Query Language filters.

• Based on the request received triggered the Rapid7 scans to the scan the infrastructure including operating systems, network devices, applications based on the pre-defined templates including CIS (Center of Internet Security), HIPPA, PCI-DSS.

• Involved in Patch management process for windows and Linux environments.

• As part of cloud team, supported the Splunk platform to create/delete the users, assigning roles and installing forwarders for multiple servers.

• Strong knowledge of security, blue team, security operation center defensive practices, incident response activities, vulnerability management activities as part of L2 support.

• Good knowledge on basic networking including TCP/UDP, Ports, Security Groups.

• Frequently Validated the Cloud infrastructure to meet internal compliance standards.

Contact this candidate