Cyber Security Incident Response
Resume:
Vamsi Krishna C
Sr. Cyber Security Engineer
Email: **********@*****.***
Phone: +1-732-***-****
PROFESSIONAL SUMMARY:
• Over 7+ years of experience in Cyber Security Engineering, specializing in threat detection, vulnerability assessment and incident response in cloud and on-premises environments.
• Proficient in implementing security protocols such as SSL, TLS and IPSec to safeguard data integrity and confidentiality.
• Extensive experience with firewall technologies (Palo Alto, Fortinet) and intrusion detection/prevention systems (Snort, Zeek) to enhance network security.
• Proficient in SAST, DAST, SCA, IAST, and container image scanning, and skilled in collaborating with developers and application teams to remediate security findings and close gaps efficiently.
• Adept in validating scan results, triaging false positives, and integrating security into the DevSecOps pipeline using tools like Jenkins, GitHub Actions, Terraform, and Ansible.
• Well-versed in risk acceptance workflows, exception documentation, and compliance with regulatory standards including NIST, ISO 27001, HIPAA, and PCI-DSS.
• Technically fluent in Python and JavaScript ecosystems and experienced in integrating security across CI/CD pipelines to protect applications from code to container.
• Adept at collaborating with cross-functional engineering teams to validate encryption, authentication, and physical device security controls while maintaining compliance with global healthcare regulations.
• Skilled in Security Information and Event Management (SIEM) solutions like Splunk and IBM QRadar for effective security monitoring and incident management.
• Expertise in cloud security practices and tools (AWS, Azure) ensuring compliance and security across cloud environments.
• Strong knowledge of Identity and Access Management (IAM) solutions, enhancing user authentication and authorization processes.
• Proficient in vulnerability assessment tools (Nessus, Qualys) and incident response strategies to mitigate security risks.
• Experienced in scripting and automation using Python and Ansible to improve operational efficiency and security workflows.
• Comprehensive understanding of compliance standards, including NIST and ISO ensuring adherence to industry best practices.
• Specialized in security monitoring, SOAR integration, incident response, cloud security, vulnerability management, and regulatory compliance (NIST, CJIS).
• Skilled in deploying and managing SIEM (Splunk, QRadar) and SOAR platforms, automating security operations, and reducing incident response times.
• Skilled in deploying and managing SIEM (Splunk, QRadar), endpoint security (CrowdStrike, Defender ATP), vulnerability scanners (Nessus, Qualys), and next-generation firewalls (Palo Alto, Cisco).
• Knowledgeable in cloud-native security tools and architectures, ensuring secure management of cloud resources across AWS, Azure, and GCP.
• Demonstrated success in designing and implementing robust security solutions that protect critical data and ensure business continuity.
• In-depth knowledge of Cybersecurity attack vectors, threat intelligence, and remediation techniques to proactively combat new and evolving threats.
• Proficient in the integration of security solutions into organizations’ overall risk management strategies to minimize the attack surface and improve security posture.
• Proven track record of improving organizational security maturity through the deployment of security automation and advanced monitoring systems.
• Expertise in developing and implementing incident response plans, coordinating teams to minimize damage and recover quickly from cyber-attacks.
• Proven track record in developing secure software and integrating security into the Software Development Life Cycle (SDLC).
• Excellent communication and collaboration skills, fostering strong relationships with cross-functional teams and stakeholders to ensure comprehensive security measures are implemented.
• Strong analytical and problem-solving abilities, adept at identifying vulnerabilities and developing effective remediation strategies under pressure.
TECHNICAL SKILLS:
Firewalls
Palo Alto, Fortinet, Azure Firewall, Web Application Firewalls, ModSecurity
Security Protocols
SSL, TLS, IPSec, VPNs
Intrusion Detection/Prevention
IDS, IPS, Snort, Zeek (Bro), CrowdStrike
Security Information and Event Management (SIEM)
IBM QRadar, Splunk, Azure Sentinel Endpoint Security: Endpoint Detection and Response (EDR), Antivirus solutions (Kaspersky, Carbon Black, Symantec DLP)
Cloud Security
AWS CloudTrail, AWS Config, AWS Security Hub, AWS GuardDuty, AWS WAF, Microsoft Defender for Cloud, Azure Key Vault
IAM Tools
AWS IAM, Ping Identity, Okta, Azure Active Directory
Cryptography
AES, RSA, SHA-2, Public Key Infrastructure (PKI)
Scripting and Automation
Ansible, Python, Bash, PowerShell
Cloud Platforms
AWS, Microsoft Azure
Vulnerability Assessment
Qualys, Nessus, OpenVAS
Network Security
TCP/IP, DNS, DHCP, ARP, VLANs
Development Security
Secure Software Development Life Cycle (SDLC), DevSecOps, CI/CD pipeline
Testing Tools
Kali Linux, Metasploit, VirusTotal
Threat Detection
AWS GuardDuty, Azure Monitor
Monitoring and Analysis
Nagios, Amazon CloudWatch, Wireshark, Security Orchestration, Automation and Response (SOAR) tools
Network Services Management
Load balancers, DHCP, DNS configurations Management Tools: JIRA, TestRail
PROFESSIONAL EXPERIENCE:
Client: Amazon, Seattle, WA June 2024 – Till Date
Role: Lead Cyber Security Operations Specialist (Cyber Fusion Center/Cyber security operations center) Level 2&3 Incident Response, Threat Hunting, Risk Management
Description: As a Security Engineer on Threat Detection, research emerging-threats to extract new detection ideas and build high confidence detections that proactively identify threats across log data at Exabyte scale. Working closely with Incident Response, Threat Hunting, Threat Intelligence, and Red team to obtain threat models of known threats to deliver detections enabling rapid response. TD will also look to see you develop innovative methods utilizing the latest techniques to rapidly detect threats at scale. Your expertise will be used to defend the data of Amazon's millions of customers against the most critical threats.
Responsibilities:
• Manage the Team of 3 Members (North American division), directed and helping them for day-to-day SOC Supported activities and Security Operations various task.
• Design and develop security architectures for cloud and cloud/hybrid-based systems, Application security. Partnered and managed security service providers.
• Lead the team that identifies security risks and creation of security architecture requirements and mitigation strategies.
• Help develop the Fusion Center mindset and follow the sun model.
• Conducted proactive threat-hunting activities across network environments, analyzing data from SIEM systems to identify unusual patterns, anomalies, and potential indicators of compromise (IOCs).
• Developed and implemented threat-hunting playbooks and strategies, leveraging techniques such as hypothesis-based hunts and TTP (Tactics, Techniques, and Procedures) analysis aligned with the MITRE ATT&CK framework.
• Utilized packet capture and network traffic analysis tools to examine endpoint and network behaviors, identify malicious activity, and reduce dwell time for undetected threats.
• Collaborated with incident response teams to investigate and contain threats, correlating data from endpoint, network, and application logs to uncover sophisticated attacks.
• Led complex incident investigations and response efforts for advanced cyber threats, including malware outbreaks, lateral movement detection, and data exfiltration attempts, utilizing SIEM tools (e.g., QRadar, Splunk).
• Conducted in-depth forensic analysis on compromised endpoints and network systems, employing tools like Wireshark and packet capture to trace attack vectors and identify root causes.
• Strong malware analysis expertise and taken a step for the containment, eradicated the Malware.
• Author incident status updates and closure reports to leadership.
• Produce postmortem reports to identify lessons learned and recommendations.
• Hands-on experience with automation and playbook development for SOAR platforms, preferably XSOAR.
• Design, develop, guide and review automation use cases to be released on the Cortex Marketplace.
• Utilized XSOAR’s case management features to track, manage, and resolve security incidents effectively, ensuring all incidents were documented and remediated in a timely manner.
• Created training materials and documentation for SOC teams on how to use XSOAR for automated incident response and orchestration.
• Gather requirements, initiate innovative ideas, collect feedback from stakeholders and develop compelling use cases - Following release, promote the solution and help customers onboard it.
• Work with partners on product use cases, API documentation questions, playbooks and joint product offering.
• Focus on the development, maintenance, and delivery of new Security Orchestration and Automation content including custom RESTful API integrations, SOAR Playbooks, Automations/Scripts, Jobs, dashboards, reports, widgets, and code via Continuous Integration/Continuous Delivery pipelines adhering to an Agile development practice.
• Provide technical guidance regarding risks and control measures associated with new and emerging technologies.
• Providing technical leadership, guidance, and direction to the application security team.
• Leading the cyber incident response process to ensure timely triage, analysis, containment, eradication and return to service for high severity or long running incidents.
• Developed Alert triage incident response methodologies to respond Zero-day threats.
• Helped coordinating Pen testing activities and lead the efforts to mitigate the risk, threat.
• Designed, implemented, and managed Symantec Data Loss Prevention (DLP) solutions to protect sensitive data and ensure regulatory compliance.
• Conducted risk assessments and gap analysis to identify and address potential data leakage vulnerabilities across the organization. Stayed abreast of the latest security threats, vulnerabilities, and industry best practices to enhance the effectiveness of vulnerability management processes.
• Developed and executed PowerShell scripts to automate routine security tasks, such as user account management, system audits, and incident response, improving efficiency and reducing manual errors.
• Created custom PowerShell modules to enhance security monitoring and reporting, providing real-time alerts and detailed logs of suspicious activities.
• Implemented PowerShell scripts for system hardening and compliance checks, ensuring adherence to industry standards and reducing vulnerabilities.
• Developed Python scripts to automate threat detection and response processes, enhancing the organization's ability to quickly identify and mitigate security threats.
• Implemented machine learning algorithms in Python to analyze large datasets and detect anomalous behavior, improving the accuracy of threat identification.
• Creating and managing user groups in the identity and access management system. Enforcing company policies and procedures related to identity and access management.
• Deliver and Designed solutions for Perimeter Defense (Email/SMTP Gateways) like, CISCO IronPort, Proofpoint, CrowdStrike, CASB, Exabeam XDR.
• Identify Potential Risk indicators from the environment by running the Threat hunt searches and participated in building threat hunting program for an organization and identified critical log sources and drive efforts to enable those into Exabeam XDR to identify Risk indicators, outliers.
• Participate in threat hunting activities using tools and data available; make recommendations to enrich data sources for more accurate correlation.
• ISO 21434 standard or other standards such as ISO 27001 ISO 21434, and UN ECE R155 TLS, wireless communication protection, firewalls, secure boot Experience configuring and fluent with POSIX based OS(s) e.g., Linux, QNX, etc.
• Assessment guidance/standards used; NIST SP 800-30, NIST 800-53, NIST 800-171, ISO27002, ISO27005, to ensure regulatory compliance and proper assessment of risk.
• Develop documentation for new/existing policies and procedures in accordance with Risk Management Framework (RMF), NIST SP 800-30 requirements.
Client: JPMorgan Chase - Columbus, OH, USA Mar 2022 – May 2024
Role: Sr. Cyber Security Engineer
Description: Executed creative security solutions, design, development, and technical troubleshooting with the ability to think beyond routine or conventional approaches to build solutions and break down technical problems. Minimizes security vulnerabilities by following industry insights and governmental regulations to continuously evolve security protocols, including creating processes to determine the effectiveness of current controls. Conducts discovery, vulnerability, penetration testing, and threat scenarios on multiple organizational assets to identify and assess if vulnerabilities are present, and executes threat modeling for multiple applications including external applications interacting with the internal JPMorgan Chase network.
Responsibilities:
• Configured and maintained IP network infrastructure (VPNs, VLANs, Cisco devices) and firewalls to protect organizational assets across LAN/WAN environments.
• Administered RHEL, CentOS, and Ubuntu systems, implementing system hardening, patching, and security best practices in bare-metal setups.
• Designed and implemented advanced firewall solutions (Palo Alto, Fortinet) and IP network configurations to secure enterprise infrastructure, integrating Cisco networking devices and SNMP for monitoring.
• Developed Zero Trust Architecture and threat modeling frameworks to proactively secure cloud (AWS, Azure) and on-premises environments.
• Managed Kubernetes and Docker container security, integrating with AWS/GCP cloud platforms to ensure secure application deployments.
• Conducted vulnerability assessments (Nessus, Qualys) and penetration testing, aligning remediation efforts with threat modeling outcomes.
• Enforced Azure cloud security (Key Vault, NSGs, and Defender) and IAM protocols (Okta, Azure AD) to secure identities and resources.
• Managed SIEM platforms (Splunk, Azure Sentinel) and EDR tools (CrowdStrike) for real-time threat detection, log analysis, and incident response.
• Automated security workflows using Python and Ansible, optimizing patch management, system hardening, and vulnerability remediation processes.
• Leveraged AWS services (CloudTrail, GuardDuty, WAF, and IAM) and Azure (Defender, NSGs) for cloud security, ensuring compliance with NIST and ISO standards.
• Integrated DevSecOps practices into CI/CD pipelines, securing Kubernetes-based deployments and enforcing secure SDLC principles.
• Conducted system hardening and patching on RHEL/CentOS systems in bare-metal and virtualized environments (VMware), enhancing operational resilience.
• Collaborated with network engineering teams to configure VLANs, DNS, and TCP/IP protocols, ensuring secure and efficient data transmission.
• Managed RHEL/Linux systems, performing patching, system hardening, and security configurations in bare-metal and virtualized environments.
• Implemented IP networking solutions (TCP/IP, DNS, and VLANs) and Cisco device configurations to enhance network security and performance.
• Automated security tasks with Python and PowerShell, improving threat detection and response efficiency across endpoints and networks.
• Led patch management initiatives to ensure all systems and applications are up-to-date with the latest security patches.
• Implemented Mobile Device Management (MDM) solutions to secure and manage mobile devices accessing corporate resources.
• Conducted continuous monitoring and analysis of endpoint security with Endpoint Detection and Response (EDR) tools to mitigate risks.
• Leveraged AWS CloudTrail and AWS Config for monitoring and auditing AWS account activity and resource configurations.
• Utilized AWS Security Hub and AWS GuardDuty for threat detection and incident response within cloud environments. Developed and enforced policies for Cloud Access Security Brokers (CASB) to secure cloud applications and data.
• Managed AWS Identity and Access Management (IAM) to securely control access to AWS services and resources. Implemented AWS Key Management Service (KMS) to manage encryption keys to protect sensitive data.
• Conducted AWS Inspector assessments and monitored performance with Amazon CloudWatch to ensure cloud security compliance. Configured AWS WAF (Web Application Firewall) to protect web applications from common threats and vulnerabilities.
• Implemented Cloud Security Posture Management (CSPM) to assess and improve cloud security across AWS environments.
• Ensured secure application development practices through a comprehensive Secure Software Development Life Cycle (SDLC). Conducted thorough Application Security Testing (SAST/DAST) to identify vulnerabilities in code before deployment.
• Led Risk Management initiatives, including threat modeling and vulnerability assessments, to identify and mitigate potential risks.
• Developed and maintained incident response plans to ensure effective handling of security incidents and minimize impact.
• Collaborated with teams to establish and enforce security policies and ensure compliance with industry standards and regulations.
• Conducted training and awareness programs on Identity and Access Management (IAM) principles, including Multi-Factor Authentication (MFA) and Single Sign-On (SSO) practices, to enhance organizational security awareness.
• Conducted penetration testing (Kali Linux, Metasploit) and vulnerability scans (OpenVAS), ensuring compliance with NIST and ISO 27001 standards.
• Monitored and secured IP networks using Cisco devices, SNMP, and Intrusion Detection Systems (Snort, Zeek) to detect and mitigate threats.
• Administered Linux (RHEL, CentOS) and Windows systems, applying patches and hardening techniques to maintain secure configurations.
• Utilized SIEM tools (IBM QRadar) and EDR solutions for malware analysis, threat detection, and centralized log management.
• Developed Python and Bash scripts to automate security processes, enhancing operational efficiency and response times.
• Conducted vulnerability assessments (Nessus) and penetration testing to identify and remediate security gaps in systems and networks.
• Configured and managed IP network services (DNS, DHCP, VLANs) and firewalls (ModSecurity) to secure organizational infrastructure.
Client: Kaiser Permanente, Pleasanton, CA, Apr 2020 - Jan 2022
Role: Cyber Security Engineer
Description: Responsible for providing support for customers (users), and assigned applications and/or information systems, including software implementation, cross-functional integration, complex configuration, and testing. Involved in solution design support efforts and research initiatives for translating requirements into workable technical solutions, and supporting the evaluation of third-party vendors as directed.
Responsibilities:
• Developed and implemented cloud security strategies in Azure environments to safeguard sensitive data and ensure compliance with industry standards.
• Deployed SIEM tools (Azure Sentinel, IBM QRadar) and EDR solutions (Carbon Black) for threat detection, malware analysis, and incident response.
• Automated security operations using Python scripts and Ansible playbooks, streamlining CI/CD pipeline security within Azure DevOps.
• Developed cloud security strategies for Azure, securing infrastructure with NSGs, VPN Gateway, and Defender for Cloud.
• Led incident response and threat detection efforts using SIEM tools and Wireshark for network traffic analysis, identifying vulnerabilities via threat modeling.
• Led incident response efforts to identify, investigate and remediate security incidents, enhancing the organization's security posture and minimizing potential risks.
• Utilized network security protocols such as SSL/TLS, VPNs and firewalls to establish secure communications and protect organizational data from unauthorized access.
• Conducted thorough risk assessments and management to identify vulnerabilities, evaluate potential threats and recommend mitigation strategies for ongoing security improvements.
• Performed penetration testing and ethical hacking using Kali Linux tools like Nmap to uncover and address security weaknesses before they could be exploited by malicious actors.
• Implemented and managed security information and event management (SIEM) tools to monitor, analyze and respond to security events and incidents in real-time.
• Applied symmetric and asymmetric encryption techniques, including AES and RSA, to ensure secure data transmission and storage across various platforms.
• Conducted vulnerability assessments to identify potential security gaps, utilizing OWASP Top 10 vulnerabilities as a benchmark for application security.
• Enforced the CIA triad principles (Confidentiality, Integrity, and Availability) in all security practices to maintain robust security controls across the organization.
• Leveraged SQL skills to enhance database security ensuring data protection and integrity through effective querying and monitoring techniques.
• Utilized packet analysis tools like Wireshark to dissect and analyze network traffic, identifying malicious activity and ensuring compliance with security policies.
• Automated security tasks using scripts to enhance efficiency and effectiveness in threat detection and response operations.
• Implemented access management controls, including Multi-Factor Authentication (MFA) and Role-Based Access Control (RBAC), to ensure secure access to critical resources.
• Deployed and managed intrusion detection and prevention systems (IDS/IPS) to monitor and protect the network from potential threats and vulnerabilities.
• Familiarized with operating systems and platforms, utilizing virtualization tools like VMware to simulate environments for testing and development of security measures.
• Adhered to established security frameworks and compliance standards, such as the NIST Cybersecurity Framework and ISO 27001/27002, to promote organizational security best practices.
• Oversaw Endpoint Detection and Response (EDR) solutions to provide continuous monitoring and threat detection across all endpoints within the organization.
• Implemented Data Loss Prevention (DLP) strategies to protect sensitive information from unauthorized access and data breaches.
• Maintained a strong understanding of networking fundamentals, including TCP/IP, DNS and HTTP/HTTPS protocols, to enhance security measures across the organization's infrastructure.
• Utilized PowerShell for basic scripting and automation tasks to streamline security operations and improve overall efficiency.
• Employed vulnerability scanners like OpenVAS to proactively identify and address potential security weaknesses in systems and applications.
• Utilized exploit frameworks to simulate attacks, assess system defenses and recommend enhancements to the security architecture.
• Possessed a comprehensive understanding of the OSI model to diagnose and resolve network security issues effectively.
• Administered RHEL, CentOS, and Ubuntu systems, implementing system hardening and patching to ensure robust security controls.
• Deployed Splunk and EDR tools (CrowdStrike) for real-time security event monitoring and threat detection.
• Developed PowerShell scripts to automate SSL/TLS certificate management and security task execution.
• Supported PKI implementation and VPN configurations, ensuring secure remote access and data integrity.
• Collaborated with cross-functional teams to enhance the security framework, providing insights on best practices and emerging threats.
• Maintained up-to-date knowledge of security trends and technologies, participating in continuous professional development to stay ahead of potential threats.
Client: Edward Jones Investments, St. Louis, MO, Feb 2018- Mar 2020
Role: Cyber Security Analyst
Description: Evaluate the security posture of existing security infrastructure to identify gaps, inefficiencies, and areas for improvement. Collaborate with enterprise stakeholders to implement, configure, and improve security solutions across systems, networks, and applications. Develop and maintain systems, security policies, procedures, and standards aligned with industry best practices. Design and secure network architecture/solutions (segmentation, firewalls, and zero-trust).
Responsibilities:
• Conducted malware analysis through reverse engineering and sandboxing techniques, identifying malicious behaviors and potential threats to the network.
• Utilized Virus Total for comprehensive malware scanning and analysis, contributing to enhanced threat intelligence and response strategies.
• Managed network security measures, including configuring VPNs and firewalls, to safeguard sensitive data and maintain secure communication channels.
• Deployed and monitored Intrusion Detection/Prevention Systems (IDS/IPS) to detect and respond to suspicious activities in real-time.
• Developed Python and Bash automation scripts to streamline security processes and improve operational efficiency.
• Administered various operating systems, including Linux, Windows and MacOS, to ensure robust security configurations and compliance.
• Leveraged Security Information and Event Management (SIEM) tools like IBM QRadar for centralized log analysis and incident detection, enhancing overall security posture.
• Implemented endpoint protection strategies by deploying antivirus solutions and Endpoint Detection and Response (EDR) tools to safeguard devices against threats.
• Managed Identity and Access Management (IAM) solutions, such as Okta, to control user access and enhance security protocols across the organization.
• Conducted regular vulnerability assessments using tools like Nessus to identify and remediate security weaknesses within systems and applications.
• Ensured data protection through effective data encryption methods, including SSL/TLS, VPNs and AES encryption protocols.
• Monitored network traffic using Intrusion Detection tools like Snort and Zeek (Bro) to identify potential security incidents and respond appropriately.
• Led incident response efforts, including threat detection, incident reporting and log analysis, to manage and mitigate security breaches effectively.
• Utilized penetration testing tools, such as Metasploit, to assess the security posture of systems and identify vulnerabilities before they could be exploited.
• Collaborated with cross-functional teams to develop and implement security policies and procedures that align with industry best practices and regulatory requirements.
Client: Yash Technologies, Hyderabad, India May 2015 - Aug 2016
Role: Security Engineer
Responsibilities:
• Developed and implemented comprehensive incident response strategies and playbooks to enhance organizational security posture and effectively manage security incidents.
• Managed SSL/TLS configurations and SSL certificate lifecycles to ensure secure communications and protect sensitive data.
• Utilized cryptographic algorithms, including RSA, SHA-2 and AES, to secure data transmission and storage across multiple platforms.
• Administered VPN solutions and configurations ensuring secure remote access and data integrity for users across various locations.
• Monitored and analyzed security events using Splunk to identify and respond to potential threats in real-time, leveraging Endpoint Detection and Response (EDR) tools such as CrowdStrike for enhanced visibility.
• Configured and maintained network services, including DNS, HTTP/HTTPS, ARP and DHCP, to ensure optimal network performance and security.
• Managed and configured firewalls, load balancers and Web Application Firewalls (WAF) like ModSecurity to protect network resources and applications from external threats.
• Developed and maintained scripts using PowerShell to automate security tasks and improve system efficiency.
• Deployed and managed Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), such as Snort, to proactively identify and mitigate security threats.
• Implemented and maintained a robust Public Key Infrastructure (PKI) to ensure secure communications and authenticate users and devices.
• Administered Linux systems, including CentOS, Ubuntu and RedHat, to maintain security controls and monitor system health.
• Utilized TCP/IP protocols to effectively manage network communications and troubleshoot connectivity issues.
• Configured and maintained VLANs and subnetting to enhance network security and segmentation.
• Managed user identities and access controls within Active Directory (AD) to ensure secure and efficient resource access.
• Utilized anti-virus and anti-malware tools to protect systems from malicious software and maintain a secure computing environment.
Education:
Bachelors: B.E in Computer...
Contact this candidate