Cybersecurity Analyst Risk Management

Pravalika Boini

Cybersecurity Analyst

New Haven, CT +1-203-***-**** ****************@*****.*** SUMMARY

Cybersecurity Analyst with 4+ years of expertise in cyber threat intelligence, risk management, security operations, and incident response.

Ability to identify, analyze, and mitigate cyber threats while implementing robust security frameworks to protect enterprise s ystems and sensitive data.

Proficient in SIEM solutions (Splunk, QRadar, ArcSight), intrusion detection & prevention (IDS/IPS), firewall management, and endpoint security.

Skilled in conducting penetration testing, vulnerability assessments, digital forensics, and malware analysis to proactively defend against evolving threats.

Extensive experience in cloud security (AWS, Azure, GCP), zero-trust architecture, and SOC operations.

Strong command of NIST, ISO, GDPR, HIPAA, and PCI-DSS compliance frameworks, ensuring regulatory adherence and risk mitigation.

Adept at developing and enforcing security policies, designing incident response plans, and leading red/blue team exercises to strengthen organizational cybersecurity postures.

Technical expertise includes Python, PowerShell, Bash scripting, and automation of security processes to enhance monitoring a nd response capabilities.

A proactive leader with exceptional analytical and communication skills, collaborating with cross -functional teams, C-suite executives, and external stakeholders to drive cybersecurity initiatives.

SKILLS

Methodologies: Agile, Waterfall

Programming Languages: Python, Java, C++, Power Shell, C, JavaScript, SQL Cryptography and Compliance: PCI, NIST, ISO 27001, IRAM2 standards Networking Protocols: TCP/IP, IPv4, VPN, HTTP, DNS, LAN/WAN, OSPF, BGP, UDP, HTTPS, IPSEC, NAT, Firewalls, IDS/IPS, Proxy Servers, OSI Model, DNSSEC, DDoS Mitigation

Security Tools: Nmap, Snort, TCP Dump, Nessus, Wireshark, Core Impact, OpenVAS, HIDS/HIPS, SIEM, Active Directory, DHCP, Splunk, Burp suite, SIM Tools, Vulnerability Scanning, Qualys, Nessus, OpenVAS, Metasploit, Wireshark, Zscaler, CyberArk, FTK Imager, Password Vault, Sentinel One, Absolute, Axonius Cloud Technology: AWS, Azure, Google Cloud, IAM, Security Groups, VPC, VPN Configuration, VMware, Hyper-V, Cloud Security, Identity & Access Management (IAM)

Incident Management & Compliance: OWASP, CIS Controls, NIST Cybersecurity Framework, Risk Management Framework (RMF), Threat Modeling, Data Loss Prevention (DLP) Strategies, ServiceNow, JIRA, Malware analysis, Packet analysis Firewall Administration: Cisco ASA and FortiGate

Repository Tools: MS SharePoint Server, Confluence, GitHub Database: MS SSMS, MySQL, AWS RDS

Reporting, Modeling & Analytics Tools: MS Office, MS Visio Other Tools: Vendor Management, Vendor Risk Management, Archer Tool Operating Systems: Ubuntu, Kali Linux, CentOS, Debian, Windows Server (2012, 2016, 2019), Windows 10/11 WORK EXPERIENCE

MetLife, USA, USA Cyber security Analyst Aug 2024 - Current

Spearheaded file system creation and maintenance, optimizing security and printer configurations while improving TCP/IP addressing, leading to enhanced network performance and reliability.

Executed active vulnerability scans and compliance checks using Nessus, validating application and OS configurations, which r esulted in improved security baselines and adherence to best practices.

Configured Multi-Homed BGP with multiple service providers, ensuring internet redundancy and increasing overall network reliability for busine ss continuity.

Performed detailed analysis using Splunk and online threat intelligence resources to assess the legitimacy of files and email s, significantly reducing false positives and enhancing threat detection accuracy.

Provided comprehensive assessment reports to business owners and vendor management teams, facilitating more informed decision-making regarding security risks and vendor selection.

Assisted teams in designing and developing management reports and interactive dashboards in Archer, increasing visibility and transparency in risk management and security metrics.

Converted AWS infrastructure to a serverless architecture using Terraform, streamlining deployment processes, reducing operational costs, and increasing the scalability and efficiency of cloud resources.

Enhanced expertise in cryptography, ensuring secure communication channels and implementing key security standards including PCI, NIST, ISO, and IRAM2 to meet compliance and best practices.

Applied Threat Modeling and Risk Assessment techniques, leading to a significant reduction in security risks and enhancing proactive defense strategies across the organization.

Infosys, Hyderabad, India System Engineer June 2021 - June 2022

Led the end-to-end deployment of Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA), ensuring seamless security for enterprise networks and achieving a 99.9% uptime rate.

Streamlined incident response workflows by implementing Zscaler dashboards for real -time monitoring, improving threat detection accuracy by 25%.

Configured and maintained web filtering policies using Zscaler, reducing unauthorized access and enhancing compliance with internalsecurity protocols.

Conducted proactive threat investigations, mitigating advanced persistent threats by analyzing traffic using tools like Snorby and Zscaler analytics.

Designed and enforced Zero Trust security policies, integrating Zscaler solutions with Active Directory and LDAP for secure, role-based access control.

Reduced troubleshooting time for network issues by 40%, leveraging Zscaler diagnostic tools to optimize performance across gl obal endpoints.

Collaborated with cross-functional teamsto implementsecure VPN solutions using Zscaler, enhancing remote workforce productivity.

Developed and executed training sessionsfor new hires, empowering teamsto maximize Zscaler tools and minimize operational ris ks.

Investigated and resolved P1 and P2 incidents, coordinating acrossteamsto minimize downtime and ensure swiftremediation.

Monitored and analyzed web traffic using Zscaler’s advanced analytics, ensuring secure accessto critical enterprise resources .

Enabled seamless integration of third-party applications with Zscaler platforms, improving organizational workflows and reducing compatibility issues.

Provided critical feedback to the Zscaler support team, contributing to the refinement of platform features and resolving ent erprise-level challenges effectively.

Freshworks Inc, India Cyber security Analyst Dec 2018 - May 2021

Analyzed network traffic using tools such as Wireshark and Splunk to detect unauthorized access, data exfiltration, and other security threats, improving the organization’s ability to respond to incidents in real time.

Configured and optimized firewalls (Cisco ASA, Palo Alto) to enforce stringent security policies and control network traffic, implementing access control rules that reduced attack surfaces and prevented unauthorized access.

Performed compliance audits to ensure adherence to industry standards and regulatory frameworks, including GDPR and HIPAA, successfully closing compliance gaps and mitigating legal risks.

Developed and implemented Zero Trust security frameworks to enhance protection against advanced threats, ensuring secure acce ss across all environments.

Led incident detection, investigation, and remediation efforts, utilizing tools like Wireshark for traffic analysis and Servi ceNow for workflow management.

Configured and maintained Zscaler solutions to provide secure web access and protect against malware and data loss.

Developed Python scripts to automate repetitive tasks, enhance security monitoring, and streamline processes.

Aligned security controls with business objectives by leveraging COBIT frameworks, ensuring technology and security strategie s were in harmony with organizational goals and risk management priorities.

Established a streamlined vulnerability patching process, achieving a 98% patch application rate on critical systems, reducin g exposure to known vulnerabilities and improving compliance with security best practices.

Reduced security incidents by 20% through proactive threat hunting using Metasploit and Burp Suite, identifying and remediati ng vulnerabilities before they could be exploited by adversaries.

Conducted comprehensive security testing of applications and infrastructure, using penetration testing tools to uncover and remediate vulnerabilities, strengthening overall security defenses.

EDUCATION

Masters in Cybersecurity and Networks University of New Haven, West Haven, Connecticut Bachelor of Technology in Information Technology Sri Indu college of engineering and technology, Ibrahimpatnam, Telangana CERTIFICATIONS

1) CompTIA Security Plus

2) Zscaler certified Cloud Administrator- ZIA, ZPA 3) Certified Specialist Qualys- Vulnerability Management Detection and Response, Cybersecurity Asset Management, Scanning Strategies and Best Practices.

4) Purdue Applied Cybersecurity Essentials certified. 5) Mastercard Cybersecurity virtual experience program on Forage - October 2024 PROJECTS

Cyber Forensic Challenge - University of New Haven

Led an advanced forensic investigation to analyze digital evidence and uncover cyber threats.

Conducted disk imaging, memory analysis, and data recovery using industry-standard tools such as Autopsy, FTK Imager, and Wireshark.

Identified security breaches, traced malicious activities, and reconstructed attack timelines to support incident response.

Ensured proper evidence handling by maintaining chain of custody and documentation best practices.

Delivered a comprehensive forensic report with actionable insights to strengthen security defenses and mitigate future risks. Ethical Hacking Research Project - University of New Haven

Conducted an in-depth research study on ethical hacking techniques, focusing on penetration testing methodologies, attack vectors, and defens ive countermeasures.

Analyzed real-world cyber threats and assessed security vulnerabilities using tools like Metasploit, Nmap, Burp Suite, and Wireshark.

Explored the impact of emerging attack techniques on modern security infrastructures and proposed advanced mitigation strateg ies.

Developed a comprehensive research report detailing findings, risk assessments, and proactive defense recommendations.

Demonstrated strong analytical skills, cybersecurity expertise, and a proactive approach to ethical hacking and security enha ncement.

Contact this candidate