Cyber Security Lead Analyst

Madhuri

945-***-**** ****************@*****.***

Personal Summary

Lead Analyst with over 5 years of experience in Cyber Security, specializing in SOC, Incident Response, Vulnerability assessment and Penetration testing. Expertise in Threat Monitoring & Detection using SIEM and SOAR Automation for automated playbooks for incident handling. Proven expertise in Application security testing identifying, analyzing, and mitigating security vulnerabilities in web applications. Strong understanding of OWASP Top 10, MITRE, NIST, ISO, & GDPR security frameworks.

Skills

SIEM: Microsoft Sentinel (SIEM), Microsoft Defender for Endpoint, Splunk

Security Frameworks: MITRE ATT&CK, NIST, ISO, GDPR EDR: Microsoft Defender for Endpoint

Security Tools: Burp Suite, Nmap, Metasploit, Kali Linux, Snort

SOAR: Microsoft Sentinel Automation

Vulnerability Tools: Veracode, Nessus, Rapid7

Scripting: PowerShell, Python

OSINT Tools: VirusTotal, Shodan

Methodologies: Agile Modeling, Kanban, SDLC model, Waterfall model

Web Technologies: HTML, XML, SOAP, WSDL, CSS, React, Angular

Defect Tracking Tools: JIRA Align

Database: MySQL, Oracle, SQL Server, Cassandra,

Couchbase, Postgres

CI/CD: Jenkins, Maven

Directories: LDAP, Active Directory

Cloud: AZURE, AWS

Work History

LEAD ANALYST CYBER SECURITY 05/2022 - Current

Amdocs

Working as a Lead Analyst in Cyber Security for the client, T-Mobile. Lead the response and investigation of advanced security incidents, including malware infections, unauthorized access, multiple login failures, and phishing attacks. Leveraging automation tools such as PowerShell, Python, and Azure Logic Apps to streamline vulnerability management, security alert triaging, and remediation tracking. Continuously monitor security events from SIEM, Microsoft Sentinel, Azure Entra ID Sign in logs, EDR, Defender for Endpoint, IDS/IPS, and cloud security tools.

Analyzing security events and alerts escalated from Tier 1 analysts, leveraging SIEM tools, Microsoft Sentinel, to identify malicious activities, vulnerabilities, and potential threats. Prioritizing the incidents based on severity, and triaging the incidents, containment, and remediation of incidents. Proactively search for Indicators of Compromise (IoCs) and Tactics, Techniques, and Procedures (TTPs) using frameworks like MITRE ATT&CK.

Developed custom queries using KQL (Kusto Query Language) and SIEM solution Microsoft Sentinel to triage into security events.

Worked with threat intelligence teams and IT teams to determine root causes and develop mitigation strategies. Maintained detailed incident logs and generated comprehensive reports for management, detailing incident findings, remediation actions, and lessons learned. Analyzed multiple failed logins, followed by a successful login, in sign-in logs, audit logs, and security logs via Microsoft Sentinel.

Performed malware analysis by verifying the IP and hash value in VirusTotal, and remediation by blocking the IP in the firewall and the hash value in EDR Microsoft Defender. Performed phishing email analysis by checking the sender IP, domain, and email header using Microsoft Message Header Analyzer and SCL Level. Remediate by blocking the IP, domain, and by running antivirus on the affected host.

Analyzed the security logs, Sign In logs, audit logs and alerts to detect unauthorized access, anomalies, and potential security breaches using Microsoft Sentinel. Utilized SOAR Playbooks for security incident response steps, including detection, analysis, containment, eradication and remediation.

Documented vulnerabilities, and created detailed reports for stakeholders. Analyzed threat intelligence feeds, such as VirusTotal, to identify potential attack vectors. Collaborated with cross-functional teams, including developers, product managers, and other stakeholders, to understand project requirements and priorities.

Documented findings with detailed proof-of-concept (PoC) exploits, and provided remediation steps. Categorized vulnerabilities based on severity: CVE and CWE—Critical, High, Medium, Low. Environment: Microsoft Sentinel, Microsoft Defender, Microsoft Azure, SIEM, SOAR, XDR, Office 365, Azure Entra ID

,Nessus, OSINT Tools, Burp Suite, Veracode, NMAP, Kali Linux, Metasploit Framework, Snort, MySQL, JIRA, Postgres, Cassandra, HTML, JavaScript, Kafka, Kubernetes, Postman. WEB APPLICATION PENETRATION TESTER 01/2020 - 10/2021 AT&T

Worked in CSO - Halo E IAM (Identity Access Management) in the enterprise vertical. My project was Identity Lifecycle Management.

Identifying the scope of the web application penetration test. Performed security testing to identify security vulnerabilities in web applications and APIs. Conducted automated vulnerability scans using Burp Suite. Performed manual exploitation and testing to identify and exploit OWASP Top 10 vulnerabilities, such as SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF). Performed tests for authentication flaws and broken JWTs. Performed testing on web applications for weaknesses in authentication mechanisms via commonly used credentials, conducting brute-force attacks with a word list using Burp Suite, and checking for clear-text passwords in logs.

Conducted parameter tampering tests using Burp Suite, and rate-limiting bypass tests. Conducted Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) using Burp Suite. Conducted tests for broken access control by privilege escalation and IDOR mechanism. Performed tests to identify SQL injection flaws, apply parameterized queries, and recommend safe coding practices to prevent malicious data insertion.

Performed a scan using Nmap to identify cryptographic failures Documented vulnerabilities, and created detailed reports for stakeholders. Analyzed threat intelligence feeds, such as VirusTotal, to identify potential attack vectors. Analyzing the vulnerabilities from SAST, DAST, and SCA scans, and working with development teams to remediate the vulnerabilities.

Environment: AWS, CloudWatch, Kibana, Postman, LDAP, Burp Suite, Nmap, Splunk, Metasploit, Kali Linux, PuTTY, SQL Developer, JIRA, Java, Splunk, Jenkins, POM, XML, MS Excel, HTML, JavaScript, XPath, Charles Proxy, Windows 10, Firefox, IE, Chrome, and Agile Methodology.

SR QA TEST ENGINEER 05/2012 - 03/2015

Samsung India Software Solutions

S Voice is an intelligent personal assistant and knowledge navigator, which is only available as a built-in application for the Samsung Galaxy models.

S Health is Samsung Health's monitoring application. S Health tracks user activity, nutrition, stress data, heart rate, and sleep, and delivers insights based on the user's progress. Understand and analyze the requirements of the S Voice app. Created test documentation, such as the Test Plan, Test Strategy, Test Case Summary Report, and Requirement Traceability for S Voice and S Health applications. Performed application functional testing, regression, and performance testing for S Voice and S Health applications on Samsung devices.

Performed manual testing of SOAP/REST services using the SOAP UI tool. Used the Property Transfer feature in the SoapUI tool to transfer the values from one response XML/JSON to another request.

Validated the responses using assertions: Contains, Not Contains, XPath, JSON Path, valid HTTP status codes, etc. Performing ad hoc testing, comprising various scenarios, and reporting defects. Performed functional testing in different network conditions (LTE, Wi-Fi). Involved in entire Defect Life Cycle, and used JIRA for logging/closing defects Participated in daily Agile Scrum, Sprint Planning, and Retrospective Sessions, and updated the team on the status of upcoming User Stories for a project.

Provided a weekly project report that includes Test Metrics and status reports Converting critical bugs into test cases.

Environment: Windows 7/XP, MS Office Suite, JIRA, DDMS, SDLC, Agile Methodology, SoapUI, Android 5.1, and Samsung Devices.

QA ENGINEER 03/2006 - 04/2008

Tieto

This is the partnership project with Ericsson Mobile Platform (EMP). This project deals with delivering a complete 3G phone to the third-party customers of EMP.

The project is committed to delivering 3G applications with sanity, system, performance, concurrency, stress, and load testing.

Complete application suit for the mobile is delivered. Manual testing on browser, messaging, email applications, and multimedia applications on a 3G handset. Preparing test case specifications for browser, messaging, email applications, and multimedia modules from SRS. Execution of sanity, system, regression, and UI test cases. Performed OTA testing, video calling, and streaming application testing on Ericsson devices. Performed retesting of applications on bug fixes in each released build. Execution of concurrency/interrupt test cases.

Sharing test reports and bug summary reports with the test lead. Bug tracking and reporting using Bugzilla.

Involved in peer reviews of test case specifications. Provided a weekly project report that includes Test Metrics and status reports Environment: Windows XP, Microsoft Office Suite, Ericsson handsets, Bugzilla, SVN, SDLC, Waterfall model. Education

Osmania University - Hyderabad, India Masters in Science Electronics

Certifications

CompTIA Security+

AWS Cloud Practitioner

SAFe® 5 Practitioner

Links

www.linkedin.com/in/madhuri-l-a318498

Contact this candidate