Cloud Security Cybersecurity Analyst
Resume:
SIVA THARUN KANKALAPATI
Kansas City, Missouri
816-***-**** ************@*****.*** https://www.linkedin.com/in/sivatharun/
CAREER SUMMARY
Experienced Cybersecurity Analyst with 8+ years in SOC operations, cloud security, and DevSecOps, specializing in threat detection, incident response, and vulnerability management. Led SIEM deployments and automated security workflows using Splunk, QRadar, and SOAR, improving detection and response efficiency. Proficient in AWS security services, Terraform, and secure CI/CD integration for enforcing cloud security controls. Skilled in container security, IAM, and real-time monitoring using tools like CrowdStrike, GuardDuty, and ELK. Focused on proactive threat mitigation, regulatory compliance (HIPAA, PCI DSS, NIST), and enhancing organizational security posture.
TECH SKILLS
Cloud & Infrastructure :
●AWS, Azure, GCP, PCF, Terraform, CloudFormation CI/CD & Automation :
●Jenkins, GitLab CI/CD, GitHub Actions, AWS
CodePipeline, CodeBuild, CodeDeploy, Ansible.
Containerization & Orchestration :
●Docker, Kubernetes (EKS/ECS), Docker Swarm, Helm Security:
●AWS Security Hub, GuardDuty, WAF, IAM, KMS, AWS Config, HashiCorp Vault, AWS Macie
Monitoring & Logging :
●Splunk, ELK Stack, Datadog, Grafana,
Prometheus, AWS CloudWatch, Kinesis Firehose, Elasticsearch
Build & Artifact Management :
●Maven, Gradle, Nexus, Artifactory Ticketing Tools :
●Jira, ServiceNow
Version Control & Scripting :
●Git, GitLab, GitHub, Bitbucket, Python, Bash, PowerShell, YAML Networking & Security :
●VPC, VPN, Firewalls, IDS/IPS, Zero Trust, TLS/SSL, PKI, Subnetting, ACLs, NACLs Compliance & Governance :
●NIST, ISO 27001, HIPAA, PCI DSS, SOC 2, GDPR
SDLC & DevSecOps :
●Agile, Scrum, DevSecOps, Shift-Left Security, Secure CI/CD, IaC, SAST, DAST, SCA Web & Application Servers :
●Apache, Nginx, Tomcat, WebLogic, AWS API Gateway, CloudFront Security Tools & Frameworks :
●Splunk, ELK, Wazuh, CrowdStrike Falcon, Snort,
Qualys, Burp Suite, OWASP ZAP, SonarQube,
Sigma, MITRE ATT&CK, NIST, ISO 27001
Secrets Management :
●HashiCorp Vault, AWS Secrets Manager, CyberArk Programming Skills :
●Java, Python, Bash,PowerShell
2024
2016
EDUCATION
MASTER OF SCIENCE: CYBER SECURITY AND INFORMATION ASSURANCE
University of Central Missouri, Lee's Summit, MO
BACHELOR OF SCIENCE: ELECTRONICS AND COMMUNICATION ENGINEERING
Saveetha School Of Engineering, India
CERTIFICATIONS
●AWS Security Specilaist- 531128c2d02a42ebabe716c860d8f7e0
●Finished Mastercard Cybersecurity Virtual Experience Program – Forage.
●Accomplished Tata Cybersecurity Security Analyst Job Simulation – Forage.
WORK EXPERIENCE
EQUINIX
Redwood City, USA
Senior Cyber Security Operations Analyst (SOC) 01/2025 to Current
●Monitored the security of critical systems (e.g., email, database, and web servers) and tracked changes to sensitive security controls, ensuring proper administrative action and timely reporting, contributing to network security.
●Analyzed SOC alerts using Splunk, correlated security events, and collaborated with stakeholders to resolve and mitigate threats, leveraging SIEM for enhanced incident response and log analysis.
●Investigated incidents of unauthorized access, ensuring proper containment and documentation, aligning with incident response best practices.
●Administered and monitored firewalls, IDS/IPS, and anti-virus systems to proactively detect and respond to security risks, enhancing overall network security.
●Escalated detections and threats as part of the incident response plan, ensuring timely analysis and resolution, utilizing EDR and SOAR for automated workflows.
●Developed and maintained SOC runbooks/playbooks, and contributed to the creation and testing of new security use cases, enabling threat hunting and effective incident response.
●Implemented a vulnerability management program using Qualys Guard, including asset classification, scanner setup, scan scheduling, and remediation reporting, ensuring continuous vulnerability management.
●Conducted monthly vulnerability scans on data center servers and delivered detailed remediation reports to relevant teams, enhancing the vulnerability management process.
●Executed vulnerability triage and prioritization using CrowdStrike Spotlight to focus on high-risk vulnerabilities, improving overall vulnerability management and EDR effectiveness.
●Resolved false positives in vulnerability assessments to improve accuracy and reduce unnecessary remediation effort, optimizing vulnerability management.
●Built and presented executive dashboards showing vulnerability trends and organizational risk posture, enabling senior leadership to make informed security decisions.
●Created vulnerability management policies aligned with NIST, PCI DSS, and ISO 27001 standards, ensuring compliance and best practices.
●Integrated cloud platforms with Active Directory (AD) and Single Sign-On (SSO), ensuring secure and centralized identity management, reinforcing identity and access management.
●Applied best practices in cloud security, including encryption for data at rest and in transit, safeguarding sensitive information and enhancing cloud security posture.
●Developed Splunk dashboards for real-time monitoring of firewall logs and critical security events, enabling proactive detection and response.
●Managed SIEM platforms, including lifecycle operations, content management, patching, and performance monitoring, ensuring robust log analysis capabilities.
●Generated detailed SIEM reports capturing metrics on log source integration, ingestion rates, and platform health, improving log analysis efficiency.
●Investigated ticketed events using logs from various sources, including firewalls, proxies, servers, and endpoints within the SIEM, supporting log analysis and incident response.
●Standardized deployment of Splunk Phantom SOAR across Windows and UNIX systems to automate incident response workflows, streamlining the incident response process.
●Automated AD replication health checks using PowerShell.
BLUE CROSS BLUE SHIELD - MO
Kansas City, USA
Cyber Security SOC Analyst 05/2024 to 10/2024
●Tuned and optimized Splunk correlation rules to detect AWS-native threats including credential misuse, EC2 abuse, and security group changes.
●Investigated alerts from AWS GuardDuty, CloudTrail, and VPC Flow Logs, mapping findings to MITRE ATT&CK cloud tactics for incident triage.
●Developed and maintained IR playbooks for cloud-based incidents (e.g., IAM key exposure, public S3 access, failed STS assumption attempts).
●Built dashboards in Splunk to monitor sensitive IAM changes, KMS key usage, and unauthorized service activations.
●Integrated least-privilege and Zero Trust monitoring indicators into IAM dashboards, correlating activity with KMS and CloudTrail artifacts.
●Participated in post-incident reviews, contributing to alert fatigue analysis and rule refinement.
●Built use cases aligned with MITRE ATT&CK techniques such as Credential Access (T1078) and Initial Access (T1071) for AWS workloads.
●Conducted root cause analysis on misfired alerts and false positives, adjusting log parsing and alert thresholds for higher signal fidelity.
●Conducted log onboarding QA for AWS services (Lambda, S3, Config), validating source health, field mapping, and timestamp alignment before SOC use case activation.
●Ingested AWS Config findings into Splunk to monitor drift from CIS AWS Benchmark controls and misconfigured IAM roles or public assets.
●Leveraged Wiz CSPM to identify IAM permission sprawl and container-level CVEs in production workloads, feeding findings into Splunk dashboards for security posture and compliance reporting.
●Integrated AWS Inspector and Qualys results into ServiceNow to help prioritize patching based on exploitability and asset criticality.
●Collaborated with Cloud Security to ingest CloudWatch metrics (e.g., Lambda invocation spikes, resource throttling) into Splunk for behavioral alerting.
●Ingested Zscaler ZIA logs to detect sensitive data uploads to unapproved SaaS platforms and exfiltration attempts from clinical and claims-related systems.
●Used IAM Access Analyzer and Trusted Advisor to review S3 access policies and assist investigations involving bucket exposure or cross-account permissions.
●Participated in quarterly access reviews, validating logs of privileged user activity to support access deprovisioning and least-privilege enforcement.
●Integrated CrowdStrike Falcon EDR telemetry into Splunk to correlate privileged user behavior with endpoint anomalies, aiding insider misuse detection and enhancing access review validation.
●Designed logic to alert on excessive IAM permissions, cross-region role assumption, and anomalous MFA activity across healthcare admin accounts.
●Contributed to secure CI/CD efforts by reviewing pipeline logging and advising DevOps on IAM best practices and AWS hardening in Terraform.
●Provided incident evidence and summary reports to support HIPAA and PCI DSS assessments, ensuring SOC alignment with audit frameworks.
●Coordinated with compliance teams to trace Splunk detections back to SOC responses during internal HIPAA audit.
●Hands-on experience with data encryption management across structured/unstructured data including KMS, TLS/SSL, PKI, and Vormetric/CipherTrust platforms.
●Strong background in compliance and risk management aligned with NIST, ISO 27001, HIPAA, and PCI DSS frameworks with audit reporting and documentation.
●Experience in vendor collaboration, encryption tool integration, and process automation to optimize security operations and ensure regulatory compliance.
DELTA AIRLINES
Atlanta, USA
AWS Security Specialist 08/2023 to 04/2024
●Designed and enforced IAM policies, implementing AWS IAM Role-Based Access Control (RBAC) and AWS Organizations SCPs for granular permission control.
●Automated security audits using AWS Config rules to detect misconfigurations in IAM, S3, and VPC security settings.
●Configured AWS WAF to protect web applications from SQL injection, XSS, and DDoS attacks, integrated with CloudFront for threat mitigation.
●Implemented AWS GuardDuty for continuous threat detection, monitoring for unauthorized activity across AWS accounts.
●Enforced AWS KMS encryption with automated key rotation for protecting sensitive data.
●Integrated AWS Config and AWS Security Hub to enable real-time compliance monitoring and security event detection.
●Applied VPC best practices including subnet segmentation, network ACLs, and VPC Flow Logs for improved network security.
●Eliminated SSH access to EC2 by deploying AWS Systems Manager Session Manager, enhancing operational access control.
●Developed AWS Lambda scripts to automate remediation of S3 misconfigurations.
●Conducted AWS security risk assessments, enforcing best practices across IAM, VPC, and Organizations SCPs.
●Successfully configured Amazon Kinesis Firehose to stream logs to Amazon Elasticsearch, enabling real-time analytics.
●Set up Security Hub to aggregate findings from GuardDuty, Inspector, and Macie, enhancing centralized threat visibility.
●Secured S3 buckets by enforcing KMS encryption, applying least privilege IAM policies, and enabling S3 Access Logging.
●Configured user access controls in Splunk and Datadog, allowing authorized users to perform query execution, log analysis, and visualization.
●Developed automated IAM role assignment workflows to maintain secure and scalable access across AWS accounts.
●Implemented AWS Shield Advanced and WAF together to defend against evolving cyber threats.
●Conducted penetration testing on AWS services to validate cloud security controls and identify gaps in the infrastructure.
PHILIPS INDIA LIMITED
BANGLORE, INDIA
DevSecOps Engineer 06/2019 to 07/2023
●Implemented Infrastructure-as-Code (IaC) using Terraform, AWS CloudFormation, and Ansible to automate the provisioning and management of cloud resources.
●Designed and implemented secure CI/CD pipelines using tools like Jenkins, GitLab CI/CD, AWS CodePipeline, and GitHub Actions.
●Integrated security tools such as SonarQube, Black Duck, and OWASP Dependency-Check to identify vulnerabilities during development and deployment.
●Orchestrated containers with Kubernetes (EKS, ECS) and Docker Swarm, and monitored container security using Trivy to ensure high availability, scalability, and secure deployments of applications.
●Enforced role-based access control (RBAC) and multi-factor authentication (MFA) to ensure secure access to cloud resources.
●Configured AWS WAF, AWS Shield, and API Gateway for web application firewall protection, securing applications from DDoS, SQL injection, and XSS attacks.
●Automated security monitoring and incident response using AWS Lambda, CloudWatch Events, and custom Python scripts to reduce manual intervention.
●Integrated SAST, DAST, and SCA tools into the CI/CD pipeline to automate vulnerability scanning and ensure secure code.
●Utilized AWS Config, AWS Security Hub, and AWS Control Tower to monitor and enforce security compliance and governance policies.
●Implemented real-time monitoring with tools like AWS CloudWatch, Prometheus, and Grafana to track system health, security incidents, and performance metrics.
●Used AWS GuardDuty for threat detection and AWS Macie for data classification and leakage prevention.
●Ensured data security by implementing encryption at rest and in transit using AWS KMS, TLS, and HashiCorp Vault for secrets management.
●Developed incident response plans and automated disaster recovery (DR) procedures to ensure minimal downtime during security events or system failures.
●Supported implementation and auditing of NIST 800-53 and NEI 08-09-based cybersecurity controls for Critical Digital Assets (CDAs) within nuclear and critical infrastructure systems.
●Provided vulnerability management and patching strategies using SIEM tools, compliance scanners, and led cyber incident response aligned with 10 CFR 73.54.
COGNIZANT TECHNOLOGY SOLUTIONS
BANGLORE, INDIA
Junior DevOps Engineer 03/2017 to 05/2019
●Automated processes with Terraform for infrastructure provisioning, and Ansible for configuration management.
●Terraform was used to manage AWS components, optimizing cloud architecture for cost and efficiency.
●Deployment time was reduced by 50% by implementing AWS CloudFormation for automated infrastructure provisioning.
●Python was used to create Ansible playbooks and roles to automate configuration tasks such as file management, package installation, and service setup.
●Developed custom Python modules and plugins to enhance infrastructure provisioning and expand the capabilities of IaC tools.
●Collaborated to create Jenkins pipelines and write Dockerfiles with the development teams.
●Jenkins and AWS CodePipeline were used to build CI/CD pipelines for automated testing and deployment.
●Used Python scripts to automate build, test, and deployment operations in CI/CD pipelines utilizing GitLab or Jenkins.
●Handled user access, branching, and GitLab repositories; effectively settled merge disputes.
●Managed version control using Git for consistent code integration, branch management, and collaboration.
●Kubernetes clusters on Amazon EKS and containerized applications on Amazon ECS were orchestrated for high availability.
●Used Docker for creating containers that facilitate consistent deployment and scaling of applications in Kubernetes and ECS.
●Auto-scaling groups and Elastic Load Balancers (ELB) were implemented to increase application reliability and enable dynamic resource scaling.
●For real-time monitoring, set up centralized logging with AWS CloudWatch Logs and Elasticsearch
●Created Grafana and CloudWatch monitoring dashboards to optimize performance.
Contact this candidate