Krishnamraju Vaitla

• Working as Senior Information security analyst for Skillsoft
• Experience of Integrating tools with XSOAR and designing incident response playbook in XSOAR platform.
• Built and demonstrated SOAR proof of concept set-up to internal management responsibility is to mature Security posture of company.
• Hands-on Experience in writing scripts(python and Regex) for Task automation.
• Collaborate with other IT operations,Security operations,Threat intelligence, and Incident Response teams to build automated process and orchestrations for security applications.
• Contribute to designing, testing, implementation and maintenance of integration of Demisto with other security tools and platforms.
• Good Knowledge on python and Regular Expressions.
• Participate in security design discussions with various teams(technical and management) and provide advice on how SOAR can be used effectively.
• Experience in writing custom automations.
• Work with vendor TAC to troubleshoot and upgrade XSOAR instances.
• Few of integration used with XSOAR.
• § Active Directory, Microsoft Sentinel, Email(O365), Hybrid Analysis, AWS,
• Azure, Palo Alto Wildfire ,Servicenow , Virustotal, IBM force
• Worked on 6 to 8 use cases.

• Responsible to build Security operation centre for clients by considering SIEM as main monitoring and analysis tools.
• Also worked as team lead and XSOAR engineer
• Developing project plan, including resource plan, procurement plan, acceptance plan and go-live plan
• Lead and manage 24/7 delivery team, foster innovation and drive accountability within SOC engineers
• Develop security scope, workflows, KPI's, policies and procedure for various SOC activities.
• Ensure timeline, scope, quality & resource is managed accordingly with committed deliverables.
• Improve/create Playbooks for analysis and incident remediation.
• Collaborate with other IT operations, Security Operations, Threat Intelligence and Incident response teams to build automated process and orchestrations for security applications
• Work with customers - requirement gathering, on-boarding, technical discussions, report walk throughs.
• Manage and Implement security tools like SIEM, EDR, Vulnerability management.
• Create and fine-tune content in SIEM - correlation rules, dashboards, reports, Lists etc.
• Define categories of security incidents and associate severities and SLAs for each category

● Using RSA Netwitness SIEM solution and other security tools to monitor any security threats in network.

● Advising in fine tune correlation rules to cover broad spectrum of security incidents and reduce false positives

● Creation of dashboards, Lists Parsers, reports

● Investigating incidents, remediation, tracking and follow-up for incident closure with concerned teams, stakeholders

● Checking the EPS consumption on daily basis for any event drops.

● Regular inspection of health check related to Log Sources and adding new devices for better monitoring coverage through SIEM tool.

● Working in Security Operation Centre (24x7), monitoring of SOC events, detecting, and preventing Intrusion attempt.

● Experience on performing log analysis and analyzing crucial alerts at immediate basis.

● Experience in understanding logs of various network devices (Routers, IDS/IPS, Firewall), operating system (Windows).

• Analyzed log files for anomalies, identifying potential intrusions or malicious activity before significant damage occurred

● Investigating and reporting on daily scan activities.

● Analysing and report detailed information related to threat hunting.

● Worked in Antimoney laundering and KYC.