Ashwin Kumar Yalamanchili

FEB 2022 –

Current

Project Lead

Wipro, Hyderabad

• Delivery Excellence Business Leader with hands-on experience in directing the implementation & delivery of multi-million dollars projects/programs for large organizations/clients across the globe/geographical locations with focus on achieving top line & bottom-line results.
• Worked as engagement lead in handling End to End project and Process steam line Sentinel Implementation, Vulnerability Management and automating the services for smoother services.
• Prioritizing security initiatives across the lines of business functions and Technology. Ensure that all technology infrastructure and services are disciplined and conform to industry best practices.
• As part of Part of transition and billing team. Assist in producing status reports and briefs to senior leadership.
• Tailoring the ServiceNow VR module with manual queries, rules, groups in assigning right remediation ownerships through effective governance and visual dashboards for leaderships
• Performed security assessments of Cloud environments and provided recommendations to improve the overall security posture of customers' environments.
• Created a security automation framework using ServiceNow Automation to automate the process of identifying, remediating and tracking vulnerabilities
• Conducted risk assessments to identify potential security vulnerabilities and recommend solutions to mitigate risks.
• ServiceNow tool integration as ITSM & SecOps tool with API integration to Qualys. • Part of Migration project from On-Prem to Cloud environment ensuring no vulnerabilities carried to cloud environment.
• Designed and implemented Microsoft Sentinel solutions for clients from scratch, including configuring log analytics workspaces, data collection rules, and log sources.
• Strong Hand-on experience in implementing of Azure Sentinel's with On-Prem devices, other Cloud based and Azure Log Sources data connectors, including Azure Active Directory, Office 365, Azure Security Center, and Azure Audit Logs, to collect and aggregate security event data.
• Data validation for new devices integration and mapping events for unparsed logs.
• Creating Incident management, work-flow, dashboards, reports, threat model, lookup tables &data sights in Azure Sentinel

• As part of Part of transition and billing team. Assist in producing status reports and briefs to senior leadership.
• Mapping business requirements and providing them superlative IT solutions involving evaluation and definition of scope of project, resource and effort estimation and finalization of project requirements with realistic delivery targets.
• Experience in Web Based Applications, Thick Client Applications, Penetration Testing and Vulnerability Assessment of devices and platforms and Threat modelling, s as Fortify (SAST).(Web Based Applications, Thick Client Applications, Penetration Testing and Vulnerability Assessment of devices and platforms) Performed Application Penetration Testing for various clients.
• Proficient in understanding application-level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak cryptography, authentication flaws etc.
• Proficient in using Various Tools for web application penetration tests such as Burp Suite, Paros, AppScan, Acunetix Wire shark, Nmap, Nessus, Nexpose.
• Executing tests, reviewing results and working with Development team to identify and debug problems
• Provided detailed status updates on existing cyber security incidents daily to include follow up with client/customer to ensure satisfactory resolution.
• Develop and sustain excellent customer relationship through deep engagement and delivering continuous value by meeting customer expectations
• Organizing and recruiting resources required for running the accounts as per committed Norms & SLA.
• Identify security Gaps, Risk Management and Create mitigation plans
• Responsible for End-to-End Transition of Onsite Delivery to Remote Delivery Management
• Reviewer of all process docs, reports & technical docs (including RCA's) before submission to customer
• Setting of key Goals & Objectives for employees and ensuring them to support and reach the targets.
• need to segregate vulnerabilities based on the report and provide the report to concern technical teams for remediation.
• activities and deliverables are adhered as per the SOW committed and defined.
• Consistently maintained involvement with the Support team at the client site, using e-mail and teleconferencing correspondence to close the gap as much as possible.
• Develop and implement effective cyber security plans to maintain the security of computer files against unauthorized modification, destruction and disclosure.
• Learning new vulnerabilities and checking those with our network using vulnerability scanner to find and mitigate new vulnerabilities.

• Provided safety reports and data analysis to building managers to inform security processes.
• Performed risk analyses to identify appropriate security countermeasures.
• Completed vulnerability scans to identify at-risk systems and remediate issues.
• Monitored computer virus reports to determine when to update virus protection systems.
• Upgraded Qradar Licenses for event collector, processors and Vulnerability management.
• Migrated SIEM Appliances: Event /Flow Collectors and Processors.
• Worked on Diskspace issues.
• Implemented Backups and monitoring for Qradar.
• Configured automated Disk space alerts and triggers as report.
• Worked on Log source integration.
• created standard operating procedures and work-related documents with guidance of senior management.
• Performed Application Penetration Testing for various clients.
• Conducted vulnerability assessment of multiple servers and network devices.
• Incident Analysis, Validation and Remediation Support; Weekly event analysis and data mining.
• Planning, Conducting and reporting Vulnerability and risk assessment of applications. Risk associated with vulnerability explained to the project team for better understanding and guiding project team towards its closure / remediation.
• Performed vulnerability testing, application security, database security and penetration testing against various technologies like Ajax, Flash and Web services.
• Identification of Injection, Business logic, Authentication, Session Management, etc... related flaws in applications and encasing attack scenarios and associated risk to business.
• Providing preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy.