Security Analyst Cyber

Madhu Bhavana

Cyber Security Analyst

****************@*****.*** +1-773-***-****

PROFILE SUMMARY

Experienced cybersecurity professional with over 5 years of hands-on experience protecting networks, systems, and data from emerging threats. Skilled in risk assessment, incident response, and implementing effective security controls. Passionate about staying ahead of evolving cyber threats and helping organizations build strong, secure environments. Recently completed a cybersecurity certification and looking to apply technical and analytical skills in a real-world environment.

Driven Cyber Security Analyst with comprehensive experience defending complex IT infrastructures against evolving threats. Adept at threat detection and analysis, consistently identifying malicious patterns and mitigating risks across enterprise networks.

Well-versed in vulnerability management, from proactive scanning to remediation, reducing risk across cloud and on-premises assets.

Specialized in incident response, contributing to containment and recovery efforts while supporting forensic investigations to identify root causes.

Proficient with SIEM and threat intelligence platforms, correlating diverse log sources to detect anomalies and escalate threats in real-time.

Skilled in securing cloud and hybrid environments through access controls, encryption, and compliance-driven policies across AWS, Azure, and GCP.

Experienced in automating detection and response workflows through scripting and orchestration tools to enhance operational efficiency.

Collaborative in cross-functional environments, promoting security-by-design in business and IT initiatives.

Effective at translating technical threats into business-aligned risks for executive and operational teams.

Supportive of organization-wide security awareness efforts to reduce human error and insider risk.

Strong analytical mindset, interpreting threat patterns and refining defense strategies based on real-world attack scenarios.

Well-versed in compliance frameworks including NIST CSF, ISO 27001, GDPR, and PCI DSS.

Skilled in drafting clear policies, incident reports, and risk assessments to aid audits and ensure documentation readiness.

Continually learning and integrating modern threat intelligence and tooling to enhance detection and resilience.

TECHNICAL SKILLS

Cloud Security: AWS IAM, Security Groups, CloudTrail, GuardDuty, Config, Docker, Kubernetes, Lambda

SIEM/SOAR: Splunk Enterprise Security, CrowdStrike Falcon, Elastic Security, Cortex XSOAR (basic)

Incident Response: Threat Hunting, Malware Analysis, Digital Forensics, NIST IR, Playbook Development

Vulnerability Management: Nessus, Qualys, Burp Suite, OWASP ZAP, Vulnerability Scanning, Penetration Testing

Threat Intelligence: MITRE ATT&CK, STIX/TAXII, TIPs, OSINT, Dark Web Monitoring

Network Security: Palo Alto Firewalls, Cisco ASA, Suricata, Snort, VPN (IPsec, OpenVPN), Wireshark, nmap

Automation/Scripting: Python, PowerShell, Bash, Ansible

Compliance & Frameworks: NIST CSF, ISO 27001, GDPR, PCI DSS, SOC 2

Endpoint Security: EDR/XDR, HIDS, Antivirus/Anti-malware

Database Security: SQL Injection Prevention, Access Control, Auditing, Encryption

CERTFICATIONS

CompTIA CySA+ (Cybersecurity Analyst) CS0-003

Microsoft Certified: Azure Security Engineer Associate (AZ 500)

EDUCATION

Masters in Computer Science, Chicago State University.

PROFESSIONAL EXPERIENCE

Watermark Bank, Oklahoma City, OK Mar 2024 – May 2025

Cyber Security Analyst

Directed security operations in a dynamic AWS cloud environment, ensuring robust protection of critical infrastructure and sensitive data.

Engineered and deployed security monitoring with Splunk Enterprise Security, enabling real-time threat detection and analysis with custom alerts and dashboards.

Executed proactive threat-hunting using the MITRE ATT&CK framework and threat intelligence platforms to identify and neutralize APTs.

Conducted comprehensive vulnerability assessments and penetration tests on AWS infrastructure using Nessus and Qualys, driving timely remediation with IT and DevOps.

Automated incident response playbooks using Palo Alto Cortex XSOAR, accelerating incident response and reducing resolution times.

Configured and maintained AWS security services, including IAM, Security Groups, CloudTrail, Config, and GuardDuty, ensuring best practices for cloud and hybrid environments.

Analyzed and reverse-engineered malware to identify attack vectors, strengthening the organization’s threat response and detection capabilities.

Designed Python and CloudFormation scripts to automate detection, scanning, and policy enforcement, optimizing security workflows across environments.

Led complex incident investigations, collaborating across teams to contain, mitigate, and resolve security breaches effectively.

Developed and delivered targeted security awareness training, significantly reducing phishing risks and reinforcing a proactive security culture.

Deployed and tuned XDR solutions, enhancing endpoint visibility and automating behavioral anomaly detection.

Applied best practices for container security, hardening Docker and Kubernetes deployments across the CI/CD pipeline.

Drafted and maintained security documentation, including incident reports and policies, supporting audit readiness and operational transparency.

Performed forensic analysis on compromised systems, including memory/disk imaging and timeline reconstruction, to inform threat mitigation.

Automated integration workflows between merging systems using Azure Functions, Logic Apps, and Service Bus, streamlining data consolidation and minimizing manual handoffs during M&A activities.

Developed secure API-driven connectors and ETL pipelines to automate the migration of financial and user data across platforms during mergers, ensuring data integrity and compliance with organizational policies.

Optimized network security configurations (firewall rules, IDS/IPS, VPNs), enforcing segmentation and access control policies.

Utilized real-time and curated threat intelligence feeds (STIX/TAXII, OSINT) to craft detection rules and enrich alerts in SIEM.

Supported hybrid environments by aligning AWS and on-prem security controls with NIST CSF and ISO 27001 frameworks.

Environment: AWS Cloud (IAM, Security Groups, CloudTrail, Config, GuardDuty, EKS), Splunk Enterprise Security, Palo Alto Cortex XSOAR, MITRE ATT&CK, Threat Intelligence Platforms (TIPs), Nessus Professional, QualysGuard, Python, CloudFormation, XDR, Docker, Kubernetes

Ailoitte, India Oct 2021 – Jul 2023

SOC Analyst

Investigated security alerts and anomalies across hybrid Windows and Linux environments, using Elastic Security and IDS/IPS tools (Suricata, Snort) for real-time threat detection and analysis.

Performed vulnerability management using Nessus Professional and QualysGuard, conducting scans, prioritizing findings, and coordinating remediation with system owners.

Contributed to incident response activities, assisting with triage, root cause analysis, containment, and recovery across cloud and on-premises assets.

Configured and optimized SIEM detection rules, reduced false positives, and enhanced log correlation to improve response accuracy and visibility.

Applied threat intelligence from internal and external TIPs to enrich investigations and strengthen detection use cases aligned with the MITRE ATT&CK framework.

Assessed and documented cloud-specific security risks in AWS environments, aligning controls with best practices in IAM, security groups, and logging (CloudTrail, GuardDuty).

Developed and maintained incident response playbooks and SOPs, ensuring repeatable, standardized procedures for various attack scenarios.

Executed internal security audits and policy reviews, supporting ISO 27001 and GDPR compliance efforts and strengthening overall governance.

Evaluated web application security posture using Burp Suite and OWASP ZAP, identifying injection flaws, authentication issues, and misconfigurations.

Enhanced endpoint visibility and protection through effective deployment and tuning of antivirus, EDR, and host-based intrusion detection systems (HIDS).

Analyzed network traffic via Wireshark and tcpdump, identifying lateral movement attempts and unauthorized data exfiltration patterns.

Documented post-incident analysis and lessons learned, feeding insights into detection engineering and vulnerability mitigation processes.

Partnered with cross-functional IT and infrastructure teams to ensure secure configurations and timely patch deployment across systems.

Participated in red/blue team exercises to test detection capabilities and improve response coordination in real-time scenarios.

Environment: Windows/Linux Servers, AWS (CloudTrail, GuardDuty, IAM), Nessus, QualysGuard, Elastic Security, Suricata, Snort, Burp Suite, OWASP ZAP, Wireshark, tcpdump, ISO 27001, GDPR, MITRE ATT&CK, EDR/HIDS

Codewave, India Jun 2020 – Sep 2021

Network Engineer

Assisted in managing network devices such as routers, switches, and firewalls to maintain reliable connectivity and secure communication within small to medium business environments.

Supported configuration and monitoring of VPNs and access control lists (ACLs) to help enforce network access policies.

Monitored basic network performance and security logs, escalating potential issues to senior staff for further investigation.

Performed routine system administration tasks on Windows Server, including user account management and software updates.

Delivered first-level technical support for network and system-related issues, documenting solutions to improve team knowledge sharing.

Helped configure firewall rules and policies under supervision to protect network perimeter from unauthorized access.

Participated in basic vulnerability scanning and patch management activities, assisting in identifying and reporting security risks.

Assisted in deploying endpoint protection and intrusion detection systems, supporting overall security posture.

Maintained network documentation, including configurations and maintenance logs, ensuring accurate records for operational continuity.

Supported network segmentation projects by applying security controls to isolate sensitive areas within the network.

Collaborated with IT and security teams during incident response efforts, providing network information and assisting in remediation tasks.

Environment: Cisco Routers & Switches, Firewalls (basic Palo Alto or Cisco ASA), VPN (IPsec, OpenVPN), Windows Server Domain, IDS/IPS (Suricata, Snort), Endpoint Protection, Vulnerability Scanners (Nessus or Qualys)

Contact this candidate