Navya T

· Leading the development and implementation of the vulnerability management strategy, policies, and procedures.

· Conducting regular vulnerability assessments using Qualys and other industry-standard tools to identify security weaknesses in networks, systems, and applications.

· Analyzing scan results and prioritize vulnerabilities based on severity, exploitability, and potential impact.

· Preparing and presenting reports on vulnerability assessment findings, remediation progress, and overall program effectiveness to senior management and clients.

· Collaborating with cross-functional teams to develop and implement remediation plans to address identified vulnerabilities in a timely manner.

· Providing technical guidance and mentorship to junior members of the vulnerability management team.

· Preparing and maintaining the CMDB or Inventory details as per the Service Now CMDB Database.

· Initiating Ad-hoc scans based on ServiceNow requests and sharing with requesters.

· Raising cases to the Qualys support team to obtain assistance for the real-time issues we encountered.

· Provided support to Network and Server teams to deploy the Qualys Physical and Virtual scanner appliances.

· Created the policies in Qualys policy compliance module with technology wise and added the controls to respective technologies.

· Maintain up-to-date knowledge of emerging cyber threats, vulnerabilities, and industry best practices, enhancing the effectiveness of the vulnerability management program.

· Managing incident responses, conducting thorough investigations, and summarizing findings in detailed reports.

· Implemented and architected the Vulnerability Management system, including tool deployment, scanner appliance installation, agent installation, and asset categorization.

· Created scan schedules for both authenticated and non-authenticated scans.

· Taking proactive measures to inform customers about the latest vulnerabilities and attacks, and providing guidance on potential mitigation strategies.

· Initiating comprehensive scans for web applications to assess and identify potential security vulnerabilities.

· Executing various security protocols and performing hardening scans to fortify system defenses.

· Taking proactive steps to handle incidents, minimizing customer impact, and ensuring adherence to SLAs.

· Addressed multiple Zero-Day vulnerabilities within the organization through proactive measures such as identifying affected assets, implementing provided recommendations, and initiating security incident procedures for further action.

· Utilizing RiskIQ to identify organizational assets on the open Internet and conducted comprehensive vulnerability assessments, while verifying exposed ports to enhance cybersecurity measures.

· Knowledge on ISO 27001, SOC2, HIPAA, and PCI – DSS modules.

Tracking certificate expirations and notifying the appropriate team for timely upgrades and renewals.

· Conducted thorough investigations, documenting, and escalating customer events and incidents within the SIEM platform and internal ticketing systems.

· Performed analysis on network traffic and host activity spanning all applications and platforms.

· Performed Vulnerability Scans using Qualys vulnerability management module, Tenable IO and Security Centre.

· Utilized IDS/IPS tools to detect, investigate, and promptly respond to alerts and suspicious network traffic.

· Conducted investigations into phishing alerts and executing phishing campaigns.

· Managed and monitored active processes and applications to detect potential resource-related issues.

· Conducted investigations into cybersecurity incidents and threats, and escalating as necessary based on requirements.

· Documenting findings, formulating incident response remediation recommendations, and presenting comprehensive reports to clients both verbally and in writing.

· Conducting general troubleshooting and root cause analysis investigations on unsuccessful scan jobs.

· Distinguishing false positives from false negatives or genuine intrusion attempts.

· Implemented security policies and procedures for Linux and Windows systems, including conducting regular security audits and Benchmark scans.

· Ensuring all identified events are promptly validated and thoroughly investigated.

· Identifying potential intrusions and compromises by reviewing and analysing scan results for success.

· Analysing security event logs and alerts to assess validity, priority, and impact regarding security threats.

· Performing proactive real-time security monitoring, detection, and response to cybersecurity events.

· Providing incident response – triage, incident analysis, remediation, and recovery.

· Conducting comprehensive investigations of security events generated by detection mechanisms like SIEM, IDS/IPS, Anti-Virus, and addressing customer escalations in a timely manner.

· Effectively communicating investigation findings of intrusions or compromises to relevant stakeholders.

· Demonstrating problem-solving skills that contribute to the resolution of issues that arise.

· Maintaining situational awareness of the latest cybersecurity threats, vulnerabilities, and mitigation strategies.

· Participating in the computer security incident response team (CSIRT) meeting to give an update on any CVEs that need further investigation.

· Experienced Level 1 (L1) Security Analyst with expertise in monitoring security incidents originating from SIEM tools and other security platforms.

· Proficient in investigating alerts and escalating them to relevant teams post-initial assessment.

· Possess in-depth knowledge of OWASP Top 10 Vulnerabilities and skilled in crafting Splunk queries using indicators of compromise and threat intelligence from third-party sources.

· Dedicated to staying updated on the latest cyber threats and trends by actively engaging with various security channels and platforms.

· Proficient in analysing network and host-based security logs (Firewalls, NIDS, HIDS, Syslogs) to determine remediation actions and escalation paths.

· Assisted in developing processes and procedures to enhance incident response efficiency and overall, SOC functionality.

· Recognized potential intrusions and compromises through comprehensive scan result analysis.

· Provided incident response support including triage, analysis, remediation, and recovery.

· Executed Incident Handling and Response activities with proficiency.

· Conducted ad-hoc analysis of security events using SIEM and other SOC tools to identify malicious activities.

· Observed and supported security solutions including SIEMs, firewalls, intrusion prevention systems, and data loss prevention systems.

· Managed the onboarding process for new assets in enterprise Vulnerability scanning security tools.

· Tracked and prioritized issue resolution to ensure secure setup and smooth BAU operations.

· Conducted policy compliance scans and delivered reports to technology owners.

· Managed the information security incident management program to prevent, detect, and contain security breaches.

· Performed continuous monitoring using SIEM tools like Splunk to analyse network and system activity and generate reports for incident investigation.