Security Operations Analyst with 5+ Years Experience

TONY PRASHANTH GOOTAM

Security Operations Analyst

***********@*****.*** +1-334-***-**** Linkedin Github SUMMARY

Security Operations Analyst with 5 years of experience in SIEM monitoring, incident response, threat detection, and endpoint security across enterprise and municipal environments. Skilled in reducing false positives, improving detection coverage, and maintaining strong incident response SLAs. Experienced with Splunk, QRadar, EDR platforms, Active Directory hardening, and cloud security. Completed Master of Science in Management Information Systems and certified in ISC2 Cybersecurity (CC) and CompTIA CYSA+.

CORE COMPETENCIES

SIEM and Threat Detection

Splunk, IBM QRadar, alert tuning, correlation rule optimization, false positive reduction, MITRE ATT&CK, TTP analysis, malware triage, IOC analysis, lateral movement detection

Endpoint and Identity Security

EDR, DLP, Windows hardening, BitLocker, CrowdStrike Falcon, Microsoft Defender, Windows LAPS, Active Directory, Group Policy Objects, least privilege enforcement, user provisioning

Cloud and Virtualization Security

AWS CloudTrail, AWS GuardDuty, security groups, IAM, Azure fundamentals, AWS incident triage, VMware vSphere

Automation and Scripting

Python scripting for SOC workflows, IP reputation checks, log parsing, alert automation, Bash, basic SQL

Operating Systems

Windows 10 and 11, Linux Ubuntu and CentOS, macOS

Incident Response

Alert triage, Tier 1 and Tier 2 handling, ransomware investigation, phishing analysis, brute force detection, SQL injection analysis, root cause analysis, ServiceNow, SLA driven response

Network and Infrastructure Security

Network monitoring, firewall rule configuration, ACL configuration, PCAP analysis, Wireshark, Tcpdump, anomaly detection, Windows Server, Linux

Security Frameworks and Standards

NIST Cybersecurity Framework, NIST SP 800 61 Incident Response, MITRE ATT&CK, ISO 27001, CIS Controls

Security and Infrastructure Tools

Kali Linux, Metasploit Framework, Burp Suite, SolarWinds Orion, Nagios, ServiceNow

PROFESSIONAL EXPERIENCE

Security Operations Analyst, Gen Digital Inc

•Managed Active Directory infrastructure for more than 200 users, enforcing least privilege access and updating Group Policy Objects. Reduced unauthorized access incidents from 30 incidents each quarter to 20 incidents.

•Deployed EDR across more than 50 endpoints and achieved full security policy compliance. Improved detection coverage by adding 40 new detection rules. 09/2025 – Present

•Hardened Windows 11 workstations using BitLocker and baseline configurations, reducing attack surface by eliminating 15 high risk settings.

•Performed ongoing endpoint monitoring and resolved misconfigurations that improved incident readiness scores from level 3 to level 4 across departments.

•Collaborated with infrastructure teams to align security controls with NIST CSF requirements and municipal security standards.

IT Intern, City of Montgomery

•Managed Active Directory accounts for more than 200 users and updated GPO settings to strengthen identity governance and reduce unauthorized access alerts from 12 alerts each month to 6 alerts.

•Executed EDR deployment for more than 50 endpoints and increased endpoint protection visibility by adding 25 new monitoring checks.

06/2025 – 08/2025

•Configured Windows 11 systems with BitLocker and disabled unnecessary services, reducing security gaps by resolving 18 configuration issues.

•Collaborated with infrastructure and security teams on system hardening and security standardization.

SOC Engineer, Skillmine Technology Consulting

•Handled more than 1,000 SIEM alerts daily in Splunk and IBM QRadar, tuning correlation rules to reduce false positives from 100 alerts daily to 75 alerts.

•Investigated advanced Tier 2 incidents including ransomware, phishing, SQL injection, and brute force attacks while maintaining full SLA compliance across more than 200 incidents each year.

10/2021 – 12/2023

•Performed RCA using NIST and MITRE ATT&CK techniques and documented findings in ServiceNow while maintaining complete audit and evidence compliance.

•Conducted proactive threat hunting using MITRE ATT&CK and identified 30 new detection opportunities that improved SOC threat coverage.

•Developed Python scripts for IP checks, log parsing, and alert enrichment which reduced manual triage time by 15 minutes per incident.

•Mentored Tier 1 analysts on classification, escalation, and playbook execution improving team accuracy and knowledge retention.

NOC Engineer, Skillmine Technology Consulting

•Monitored more than 50 servers using SolarWinds and Nagios and detected infrastructure issues early, reducing alert noise from 20 alerts daily to 16 alerts.

•Configured ACLs on routers and firewalls to enforce segmentation and block unauthorized access which improved network security compliance by meeting 35 internal checklist requirements.

04/2020 – 09/2021

•Analyzed network logs and PCAP data for investigations and reduced threat assessment time by completing reviews 10 minutes faster for each incident.

•Resolved Tier 1 alerts and maintained uptime of 99 units per 100 units during active shifts.

•Collaborated with security and infrastructure teams, providing real time updates that improved communication efficiency by reducing wait times from 8 minutes to 5 minutes. IT Apprenticeship, Bharat Heavy Electricals Limited (BHEL)

•Resolved Tier 1 hardware and network tickets with 90 out of 100 issues completed on first contact.

•Provided support to more than 50 employees weekly with configuration, connectivity, and troubleshooting tasks.

03/2019 – 03/2020

•Documented recurring issues and created standard solutions which reduced repeat tickets from 40 per month to 30 per month.

EDUCATION

Master of Science, Management Information Systems, Auburn University at Montgomery 12/2025 CERTIFICATIONS

CompTIA Cybersecurity Analyst

(CySA Plus)

ISC2 Certified in Cybersecurity (CC) TryHackMe Defensive and Offensive Learning Paths

Contact this candidate