Summary
Overview
Work History
Education
Skills
Websites
Certifications Training
Research Paper
Blog
Profile Scan
Timeline
Generic
Mihir Singh

Mihir Singh

Lead Threat Intelligence Analyst
Hyderabad

Summary

Goal-driven Intelligence Analyst with over 8 years of experience in Cyber Threat Intelligence & Hunting, Malware Analysis, Reverse Engineering, Python Scripting and VA/VM. Proven track record of applying advanced research and analysis skills to identify potential threats.

Overview

9
9
years of professional experience
4
4

Years of Engineering education (B.Tech)

Work History

Lead – Cyber Threat Intelligence

National Payments Corporation of India (NPCI)- Govt Agency
Hyderabad
11.2021 - Current
  • Creation of Policy and Procedure for Threat Intel Program
  • Created and implemented Threat Intel use cases as per MaGMA framework for Indian BFSI sector
  • Documentation of SOP use cases, Threat Intel runbooks and Threat Intel Platform OPD
  • Established a process for creation and dissemination of intelligence to various BFSI organizations in India as well NPCI internal stakeholders
  • Support internal as well external Threat Intel Audits
  • Outline a plan and align associates to respond to the non-conformities, if any
  • Hiring and mentoring of team members on practical threat intelligence and plan for their external training program as well
  • Handling escalations from level -1 and 2 analysts or the management
  • Threat Intel vendors’ annual assessment and license renewal
  • Tracking of various Threat Groups, Cyber Ops and related tradecraft targeting Indian critical infra structure
  • Recommendation of detection rules/strategies bases on findings
  • Capturing threat data on NPCI telemetry and perform correlation with threat database, create insights on the attacks using Diamond Model of Intrusion
  • Provide tactical and operational intelligence support to customers as well the internal Security Operations Centre (SOC)
  • Perform Threat Hunting based on hypothesis and engage with different stakeholders for remediation
  • Ensuring that Digital Risk Protection response is delivered within defined SLA and engage with different stakeholders to close the incidents
  • Engage with vendors to build protection against 0-day vulnerabilities
  • Research around critical and exploited vulnerabilities to build defense around it
  • Provide entity intelligence report to Financial Fraud and Risk department.

Senior Software Engineer

Capgemini Engineering - Gurugram, India
Gurugram
04.2020 - 11.2021
  • Perform threat research and analysis during high-severity cyber-attacks impacting Capgemini and its Customers
  • Provide tactical and operational intelligence support to customers as well the internal Security Operations Centre (SOC)
  • Social media and brand monitoring for cyber threats which could impact the brand value of the organisation
  • Actively hunt for advanced targeted attacks on organisational telemetry using massive volumes of data
  • Build hypothesis based on the findings, perform deeper threat research on open as well as dark web, engage with teams to apply mitigations for the same
  • Assessing new threat vectors, doing code-based malware analysis, and creating intelligence on threat actor’s TTP as per MITRE ATT&CK Framework and Diamond Model of intrusion
  • Reverse Engineering and behavioural analysis of suspicious payloads and documents
  • Creating YARA rules based on the artefacts found during analysis
  • Gather technical intelligence of malware to find related campaigns
  • Create behavioural detection rules based on the artefacts found during malware engineering
  • Publish and maintain detections rules for emerging threats based on MITRE ATT&CK, behavioural patterns, observations, and IOCs
  • Prepare weekly and monthly cyber threat periodicals for customers
  • Investigation of targeted campaigns and creation of hypotheses based on attacks that were thwarted by existing defences
  • Further threat research and fine-tuning existing controls
  • Risk analysis of trending vulnerabilities and engage with different stake holders for their remediation.

Analyst Security Services

British Telecom e-Serv (India) Pvt. Ltd - Gurugram, India
Gurugram
10.2018 - 02.2020
  • Creating daily intelligence headlines
  • Provide strategic intelligence support on incidents related to APTs, human adversaries, and related cyber campaigns
  • Research and investigate major threats, malware, and security incidents
  • Assessing new threat vectors, doing code-based malware analysis, and creating intelligence on the threat actor’s TTP as per MITRE ATT&CK framework and Diamond Model
  • Research and update knowledge base about threat groups and malware
  • Provide tactical and operational intelligence about any geopolitical as well as cyber campaigns
  • Doing mind mapping of clients, preparing threat report, and disseminating the same to the management
  • Creating SOP document and providing training to associates for team resiliency
  • OSINT research, collating data to create intelligence
  • Dark web research for cyber trends and data breaches
  • Integrating trend report from various feeds into ELK using Python.

Cybersecurity Analyst

Optum Global Solutions (India)Pvt Ltd –Noida, UP
Noida
03.2018 - 10.2018
  • Monitoring of network components/Applications for security incidents and anomalies through devices like ArcSight and Kibana
  • IR triage on spam and phishing emails
  • Investigate such incidents with the help of various tools like FireEye and Ironport
  • Forensic analysis of phishing campaigns and virus attacks
  • Investigating files, domains and emails using online tools such as VirusTotal, payload –security, URLVoid, Robtex
  • Automation of email header analysis and various SOC dashboard reports using Python.

Systems Engineer

TATA Consultancy Services - Gurugram, India
Gurugram
07.2015 - 03.2018
  • Collecting threat Intel feeds from various sources and integrate with the current environment and tools to stop emerging threat
  • Malware analysis of potential threats using tools like Strings, DependencyWalker, PEView, Cuckoo etc
  • Forensic investigation of infected systems and malware analysis
  • Prepare related reports and share to the upper management with the findings and recommendations
  • Perform regular as well quarterly DC vulnerability and configuration scans on security systems with QualysGuard and Nessus and then coordinate with development team to remediate them
  • Investigate known and suspected information security Events/Incidents through SIEM, triage threat cases, blocking of IOCs at the EDR and prepare related reports
  • Analysis of quarterly security scan results, draw conclusions from results and develop related reports to present before CISO
  • Help develop information security policy for any new end points as well as new environment.

Education

B.Tech in Computer Science And Engineering -

Tezpur(Central) University, Assam
08.2011 - 06.2015

Skills

Malware Analysis: Strings, DependencyWalker, PEView, PE Explorer, Resource Hacker, ApateDNS, InetSIM, procmon, process explorer, Netcat, IDA pro, Ollydbg, OLE Tools, Yara

Programming Languages: Python, Assembly LanguageVulnerability scanner: QualysGuard, NessusSIEM: RSA Security Analytics, ArcSight, Kibana and SplunkEDR: Palo Alto Cortex, Sentinel One

Websites

Certifications Training

  • CTIA (Training pursuing)
  • CEHv10
  • CCNA Routing and Switching
  • RISC UK training

Research Paper

“EFS-MI: An ensemble feature selection method for classification” published in Complex & Intelligent Systems (Springer). June 2018, Volume 4, Issue 2, pp 105–118. The article can be referenced here

Blog

https://panthersec.blogspot.com

Profile Scan

Expert in OSINT and dark web research, Brand monitoring, identifying probable threats, assessing their TTP, and producing intelligence reports, as well as performing hypothesis-based threat hunting. Good Knowledge of the MITRE ATT&CK framework, the Diamond Model, the Cyber Kill Chain, malware analysis (static and dynamic), the PE file format, vulnerability assessment, Incident response and python

Timeline

Lead – Cyber Threat Intelligence

National Payments Corporation of India (NPCI)- Govt Agency
11.2021 - Current

Senior Software Engineer

Capgemini Engineering - Gurugram, India
04.2020 - 11.2021

Analyst Security Services

British Telecom e-Serv (India) Pvt. Ltd - Gurugram, India
10.2018 - 02.2020

Cybersecurity Analyst

Optum Global Solutions (India)Pvt Ltd –Noida, UP
03.2018 - 10.2018

Systems Engineer

TATA Consultancy Services - Gurugram, India
07.2015 - 03.2018

B.Tech in Computer Science And Engineering -

Tezpur(Central) University, Assam
08.2011 - 06.2015
Mihir SinghLead Threat Intelligence Analyst