Summary
Overview
Work History
Education
Skills
Certification
Interests
Timeline
Hi, I’m

Dhilip Murugaiyan

Senior Security analyst
Chennai,TN
Dhilip Murugaiyan

Summary

Senior Security Analyst with 9+ years of experience in Incident Response, MxDR, Endpoint Detection & Response (EDR), Threat Hunting, Digital Forensics,SIEM, SOC Operations, Security Monitoring, Endpoint Security & Technical Support.

  • Certified Cyberdefender (CCD) well versed and experienced in handling high severity Cyber Security Incidents and driving them towards closure by following Incident Response process
  • Experienced in dealing with security breaches, accessing, and mitigating security risks / threats and proficient in degrading the capabilities of adversaries by removing their presence from the environment using EDR solutions.
  • Deep understanding on how to onboard various security device for log collection, extract security value from those logs using SIEM correlation and identify actionable critical security incidents.
  • Subject Matter Expert – Symantec Endpoint Protection (Endpoint Security)
  • Team player, highly self-motivated and able to work in full autonomy, prioritize and execute tasks.
  • Knowledge of Industry standards such as PCI-DSS and privacy standards such as GDPR.

Overview

10
years of professional experience
3
Certifications
3
Languages

Work History

Accenture Solutions Private Limited, India

Senior Security Analyst
04.2019 - Current

Job overview

  • Analyze log data, network traffic and alerts generated by a variety of security technologies in real-time, and send enriched, contextualized, and actionable security incidents to customers with detailed information including but not limited to Initial vector, TTPs, Attack progression and scope the attack across the organization.
  • Investigate attacks against customer network .Supported these investigations utilizing OSINT sources like VirusTotal, Alientvault etc., query additional client log data stored in SQL DB, AWS, Elastic, and EDR platforms.
  • As part of MxDR, I manage and investigate alerts on multiple EDR platforms such as Crowdstrike Falcon, Elastic ,Endgame, Microsoft Defender for Endpoint, Carbon Black & Symantec EDR.
  • Perform hunt based on IOAs, TTPs and Threat Intelligence. Investigate ad hoc retro-hunt requests from customers by leveraging internal/publicly available Threat Intelligence reports.
  • Focus on Emerging / Significant threats such as Human Operated Ransomware, Credential Theft, Lateral Movement, Cobalt Strike activity, Targeted attacks on AD / DNS and Other Standard Applications.
  • Create Detection rules within the Elastic stack (ELK), Google Chronicle SOAR to identify the latest threats and generate alerts wherever possible. Created Traps (detection rules) to identify advanced attacks , build and maintain the life cycle of detection rules.
  • Investigate security alerts generated by Elastic security, Google Chronicle SOAR,Assessment of a High Alert and identify tuning opportunities to reduce False Positive.
  • Write up security incident reports detailing the threat, its characteristics, and possible remediation activities.
  • Perform RCA for Critical severity incidents and document the lessons learned .Identify the root cause for higher MTTA/MTTR (Time to Alert / Time to Resolution) of Incident.
  • Routinely review security incidents and other customer deliverables for adherence to the established procedures and guidelines. Document, rectify, and provide feedback to other analysts as necessary.
  • I identified opportunities for automating incidents and assisted the team in automation efforts.
  • Research new threats and ensure appropriate detection capabilities are in place to identify and respond to these threats.
  • I was part of Service Quality Assurance, and my responsibility was to audit the Incidents to identify and improve the quality of Incident handling and Alert Write up.
  • Provided mentoring, training, and extensive guidance & support for other security analysts within the MDR team.

Sophos

Sophos Endpoint Specialist
01.2017 - 04.2019

Job overview

  • Provide technical assistance for the development and maintenance of malware-related issues. Suggest appropriate techniques in relation to signatures, tactics, and procedures against threats.
  • Contacting Sophos labs and Raising Internal Requests to submit samples of malicious and requesting mitigation and release signatures.
  • Monitoring and maintaining the Sophos Endpoints and Antivirus within organizations. Identified and evaluated potential threats and vulnerabilities.
  • Provided support to customers and partners on various Sophos endpoint products. Assisted customers and partners with hands-on technical assistance for demonstrations, trials, and proof of concept projects. Provided the remote session support to customer who has an issue with the deployment of SEC, Sophos cloud, SAV on various machines (Windows, MAC, VM), Sophos Web Appliance, Email Appliance.
  • Created training documentation regarding various platforms/applications such as Windows Administration, Unix Administration, and MAC.
  • Trained on the Sophos Safeguard, worked on the lab environments. Providing a quick response to a virus outbreak situation.
  • Diagnose and solve incidents that have been escalated by members of Sophos support.
  • First hand experience with Sophos Central endpoint detection & response (EDR).
  • Hands-on experience with deployment tools such as PDQ, SCCM, INTUNE and Jamf.
  • Provide customer feedback to the product management and software development teams.

Concentrix Technologies Pvt Ltd, Chennai, India

SME – Symantec Endpoint Protection
03.2014 - 01.2017

Job overview

  • Mentor, train, and help develop the skills of new Technical Support Engineers (TSE)
  • Threat Solutions Expert for Symantec's Dedicated Threat Handling Team to troubleshoot critical threat related issues in large scale enterprise networks.
  • Collaborating with Symantec’s malware engineering and patch release team (Global Security Response Liaisons) via weekly WebEx sessions to discuss ongoing trends regarding vulnerability exploits and latest Cyber-Security updates.
  • Hands-on experience as an Analyst in handling threat out-break situations like Ransomware variants (WannaCry, Petya) and remediating customer’s environment.
  • Act as a trusted advisory by providing technical support to Global Enterprise level customers.
  • Applies specialized knowledge, analytical practices, and procedures to analyze, diagnose and resolve issues in unique and often complex enterprise environments.
  • Participates and possibly leads bridge calls with customers and 3rd party Teams/Vendors
  • Analyzed when it is necessary to engage or escalate to engineering / development resources to resolve complex issues.
  • Manages the own schedule of cases, which includes determining priority levels and negotiating and setting expectations with customers.
  • Participate in new product releases and beta cycles to ensure information and training requirements are met to support new products.
  • Collaborated with Sales, Services, Engineering, Product Management, and Support Management when necessary to prioritize customer requests.
  • Define and track bugs for Development and offer innovative ideas to improve product quality.
  • Engage in on-going training and departmental development, along with self-learnings.

Education

Dhaanish Ahmed College of Engineering

Bachelor of Engineering from Computer Engineering
04.2001

Skills

Operating Systems : Windows, Unix, MacOS

Networking : OSI Model, TCP/IP standards, VPN, and common networking protocols

Endpoint Security : Symantec Endpoint Protection (SEP)

IDS / IPS : Cisco Firepower (Sourcefire 3D)

Query Languages : MS SQL, Kusto Query Language, Kibana Query Language

Security concepts : OWASP, MITRE ATT&CK Framework, Cyber Kill Chain, IOCs, Vulnerability analysis

Pen testing tools : Kali Linux, nmap, Metasploit, Burp Suite, John The Ripper

EDR Platform : Crowdstrike Falcon, Elastic Endgame, Carbon Black, Symantec EDR, Microsoft Defender ATP

DFIR Tools : KAPE, Volatility (memory analysis),EZ Tools (Registry Explorer,RegRip, Registry Explorer, SRUMECmd, ShellBags Explorer, ShimCacheParser), Suricata, Sysmon, log2timeline, Wireshark,Cyberchef,Event Log Explorer,Yara,Velociraptor

Certification

Certified Cyberdefender (CCD)

Interests

Watching and Playing Football

Trekking

Reading Cybersecurity related Content

Timeline

Certified Cyberdefender (CCD)

04-2024

Comptia security+

01-2022

EC-Council Certified Ethical Hacker (CEHv10)

10-2019

Senior Security Analyst

Accenture Solutions Private Limited, India
04.2019 - Current

Sophos Endpoint Specialist

Sophos
01.2017 - 04.2019

SME – Symantec Endpoint Protection

Concentrix Technologies Pvt Ltd, Chennai, India
03.2014 - 01.2017

Dhaanish Ahmed College of Engineering

Bachelor of Engineering from Computer Engineering
04.2001
Dhilip MurugaiyanSenior Security analyst