Mihir Singh
Lead Threat Intelligence Analyst
Hyderabad
Summary
Goal-driven Intelligence Analyst with over 8 years of experience in Cyber Threat Intelligence & Hunting, Malware Analysis, Reverse Engineering, Python Scripting and VA/VM. Proven track record of applying advanced research and analysis skills to identify potential threats.
Overview
9
9
years of professional experience
4
4
Years of Engineering education (B.Tech)
Work History
Lead – Cyber Threat Intelligence
National Payments Corporation of India (NPCI)- Govt Agency
Hyderabad
2021.11 - Current
- Creation of Policy and Procedure for Threat Intel Program
- Created and implemented Threat Intel use cases as per MaGMA framework for Indian BFSI sector
- Documentation of SOP use cases, Threat Intel runbooks and Threat Intel Platform OPD
- Established a process for creation and dissemination of intelligence to various BFSI organizations in India as well NPCI internal stakeholders
- Support internal as well external Threat Intel Audits
- Outline a plan and align associates to respond to the non-conformities, if any
- Hiring and mentoring of team members on practical threat intelligence and plan for their external training program as well
- Handling escalations from level -1 and 2 analysts or the management
- Threat Intel vendors’ annual assessment and license renewal
- Tracking of various Threat Groups, Cyber Ops and related tradecraft targeting Indian critical infra structure
- Recommendation of detection rules/strategies bases on findings
- Capturing threat data on NPCI telemetry and perform correlation with threat database, create insights on the attacks using Diamond Model of Intrusion
- Provide tactical and operational intelligence support to customers as well the internal Security Operations Centre (SOC)
- Perform Threat Hunting based on hypothesis and engage with different stakeholders for remediation
- Ensuring that Digital Risk Protection response is delivered within defined SLA and engage with different stakeholders to close the incidents
- Engage with vendors to build protection against 0-day vulnerabilities
- Research around critical and exploited vulnerabilities to build defense around it
- Provide entity intelligence report to Financial Fraud and Risk department.
Senior Software Engineer
Capgemini Engineering - Gurugram, India
Gurugram
2020.04 - 2021.11
- Perform threat research and analysis during high-severity cyber-attacks impacting Capgemini and its Customers
- Provide tactical and operational intelligence support to customers as well the internal Security Operations Centre (SOC)
- Social media and brand monitoring for cyber threats which could impact the brand value of the organisation
- Actively hunt for advanced targeted attacks on organisational telemetry using massive volumes of data
- Build hypothesis based on the findings, perform deeper threat research on open as well as dark web, engage with teams to apply mitigations for the same
- Assessing new threat vectors, doing code-based malware analysis, and creating intelligence on threat actor’s TTP as per MITRE ATT&CK Framework and Diamond Model of intrusion
- Reverse Engineering and behavioural analysis of suspicious payloads and documents
- Creating YARA rules based on the artefacts found during analysis
- Gather technical intelligence of malware to find related campaigns
- Create behavioural detection rules based on the artefacts found during malware engineering
- Publish and maintain detections rules for emerging threats based on MITRE ATT&CK, behavioural patterns, observations, and IOCs
- Prepare weekly and monthly cyber threat periodicals for customers
- Investigation of targeted campaigns and creation of hypotheses based on attacks that were thwarted by existing defences
- Further threat research and fine-tuning existing controls
- Risk analysis of trending vulnerabilities and engage with different stake holders for their remediation.
Analyst Security Services
British Telecom e-Serv (India) Pvt. Ltd - Gurugram, India
Gurugram
2018.10 - 2020.02
- Creating daily intelligence headlines
- Provide strategic intelligence support on incidents related to APTs, human adversaries, and related cyber campaigns
- Research and investigate major threats, malware, and security incidents
- Assessing new threat vectors, doing code-based malware analysis, and creating intelligence on the threat actor’s TTP as per MITRE ATT&CK framework and Diamond Model
- Research and update knowledge base about threat groups and malware
- Provide tactical and operational intelligence about any geopolitical as well as cyber campaigns
- Doing mind mapping of clients, preparing threat report, and disseminating the same to the management
- Creating SOP document and providing training to associates for team resiliency
- OSINT research, collating data to create intelligence
- Dark web research for cyber trends and data breaches
- Integrating trend report from various feeds into ELK using Python.
Cybersecurity Analyst
Optum Global Solutions (India)Pvt Ltd –Noida, UP
Noida
2018.03 - 2018.10
- Monitoring of network components/Applications for security incidents and anomalies through devices like ArcSight and Kibana
- IR triage on spam and phishing emails
- Investigate such incidents with the help of various tools like FireEye and Ironport
- Forensic analysis of phishing campaigns and virus attacks
- Investigating files, domains and emails using online tools such as VirusTotal, payload –security, URLVoid, Robtex
- Automation of email header analysis and various SOC dashboard reports using Python.
Systems Engineer
TATA Consultancy Services - Gurugram, India
Gurugram
2015.07 - 2018.03
- Collecting threat Intel feeds from various sources and integrate with the current environment and tools to stop emerging threat
- Malware analysis of potential threats using tools like Strings, DependencyWalker, PEView, Cuckoo etc
- Forensic investigation of infected systems and malware analysis
- Prepare related reports and share to the upper management with the findings and recommendations
- Perform regular as well quarterly DC vulnerability and configuration scans on security systems with QualysGuard and Nessus and then coordinate with development team to remediate them
- Investigate known and suspected information security Events/Incidents through SIEM, triage threat cases, blocking of IOCs at the EDR and prepare related reports
- Analysis of quarterly security scan results, draw conclusions from results and develop related reports to present before CISO
- Help develop information security policy for any new end points as well as new environment.
Education
B.Tech in Computer Science And Engineering -
Tezpur(Central) University, Assam
2011.08 - 2015.06
Skills
undefined
Certifications Training
- CTIA (Training pursuing)
- CEHv10
- CCNA Routing and Switching
- RISC UK training
Research Paper
“EFS-MI: An ensemble feature selection method for classification” published in Complex & Intelligent Systems (Springer). June 2018, Volume 4, Issue 2, pp 105–118. The article can be referenced here
Blog
https://panthersec.blogspot.com
Profile Scan
Expert in OSINT and dark web research, Brand monitoring, identifying probable threats, assessing their TTP, and producing intelligence reports, as well as performing hypothesis-based threat hunting. Good Knowledge of the MITRE ATT&CK framework, the Diamond Model, the Cyber Kill Chain, malware analysis (static and dynamic), the PE file format, vulnerability assessment, Incident response and python
Timeline
Lead – Cyber Threat Intelligence
National Payments Corporation of India (NPCI)- Govt Agency
2021.11 - Current
Senior Software Engineer
Capgemini Engineering - Gurugram, India
2020.04 - 2021.11
Analyst Security Services
British Telecom e-Serv (India) Pvt. Ltd - Gurugram, India
2018.10 - 2020.02
Cybersecurity Analyst
Optum Global Solutions (India)Pvt Ltd –Noida, UP
2018.03 - 2018.10
Systems Engineer
TATA Consultancy Services - Gurugram, India
2015.07 - 2018.03
B.Tech in Computer Science And Engineering -
Tezpur(Central) University, Assam
2011.08 - 2015.06
Similar Profiles
Sowmya BodduSowmya Boddu
Associate Data Engineer at NATIONAL PAYMENTS CORPORATION OF INDIA (NPCI)Associate Data Engineer at NATIONAL PAYMENTS CORPORATION OF INDIA (NPCI)
Koushik ChidellaKoushik Chidella
Associate Platform Engineer at National Payments Corporation of India (NPCI)Associate Platform Engineer at National Payments Corporation of India (NPCI)
Anupam ShawAnupam Shaw
Senior Blockchain Developer at National Payments Corporation of India (NPCI)Senior Blockchain Developer at National Payments Corporation of India (NPCI)