Ramkumar Sankati

Security Associate

Sagility India Private Limited

06.2020 - Current

Experienced SOC analyst in – Microsoft ATP Defender & Crowdstrike falcon, O-365, Splunk SIEM, and Rapid7.
Knowledge of a breadth of security technologies and topics such as: Security Information and Event Management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Enterprise Anti-Virus, Sandboxing, Network[1]and Host- based firewalls.
In depth knowledge on creating ASR rules and managing the non compliance devices by using Intune.
Knowledge of Azure Entra which includes (Azure Active Directory, AAD Domain Services, AAD B2C, Azure Information Protection, SSO, MFA, etc.)
Experience in adding and deploying a client on boarding configuration file, Configuration Manager can monitor deployment status and Microsoft Defender ATP agent health.
Experience in creating the automation rules to auto close the false positive incidents in Azure sentinel
Experience in creating log analytic rules, knowledge on handling the palybooks and workbooks in the azure sentinel
Strong experience in managing Endpoint Agents over Windows and Linux operating systems, Active Directory integrations, Windows Event Logs.
Prepare Endpoint Compliance reports and initiate the remediation activities wherever required.
Experience in Rapid7 Vulnerability management tool to perform the Vulnerability scanning, reporting.
Analyse, contain, and eradicate malicious activity detected from real time alerts and manual threat hunts.
Perform technical investigations on issues, root cause analysis, recommend and mitigate the effects caused by an issue with Crowd Strike EDR.
Experienced in preparing detailed analysis for external cyber threats for new vulnerabilities, exploits, and Intrusion patterns, malware behaviours, based on the information proactively checking with the vendor to deploy the signatures for collected IOCs.
Perform health checks for AV infrastructure and distribute reports regularly
Experience in triaging viruses, malware, Ransom ware and other security events on endpoints, including Windows, Linux, and OSX.
Experience in providing end-to-end support to enterprise counterparts, identifying the root cause of sophisticated enterprise initiatives with endpoint security solutions Microsoft 365 Defender
Experienced in writing correlation rules with respective to KQL & SPL languages.
Experience in handling technical administration and troubleshooting activities related to M365 Defender suite.
Strong knowledge and working experience on Office 365 Email gateway solutions completely own, manage, monitor & administer the email security stack & policies for both OnPrem & cloud environments that include Office 365 Email security solutions.
Splunk SIEM monitoring which includes License monitoring, Indexer storage volume monitoring, Splunk Application daily health-check monitoring, and Event & Incident monitoring.
Experienced in analyzing phishing emails, user reported mails & malware emails By using Proofpoint, Office 365 & Defender verdicts.
Experience in installing applications and addons and forwarder troubleshooting as well
Experience in developing the Azure sentinel and configuring the data connectors and enabling the cloud instances.
Good knowledge on developing the conditional access policies for daily monitoring.
Good Knowledge of MITRE ATT&CK, diamond model and other cyber threat kill chains.
Good Experience in ticketing tools (Service Now, Jira).

Summary

Overview

Work History

Security Associate

Education

B.VOC -

Skills

Timeline

Security Associate

B.VOC -

Similar Profiles

George MathewGeorge Mathew

Sandeep HaravishettaraSandeep Haravishettara

Pushpalatha DevadigaPushpalatha Devadiga

SMITA KOHLISMITA KOHLI

Tania KhandakarTania Khandakar