PANKAJ KAMBLE
Specialist Cyber Security
Pune
Summary
Currently working as Specialist Cyber Security (EDR Team) in LTIMindtree for enhancing threat intelligence for Microsoft Defender for Endpoint. It includes grading of alerts triggered based on behavioral detections of EDR, analysis based on MITRE framework, analyzing the alerts to identify threat actors TTPs, Forensics and analysis tools to research identified threats and search for suspicious activities, Categorized the alerts as False Positive, True Positive and False Negative to help the development team identify some potential improvements in the detection systems and analysis of malicious files (Docs, PDF, JavaScript, VBScript and PowerShell etc.).
Overview
12
12
years of professional experience
5
5
Certifications
Work History
Specialist Cyber Security
LTIMindtree
Pune
6 2021 - Current
- As part of EDR Team in LTIMindtree for enhancing threat intelligence for Microsoft Defender for Endpoint.
- Led team of 20+ people in Incident handling team.
- Investigate and perform threat analysis on Emerging and evolving threats, threat actors, understand IOC's & behavioral analysis
- It includes grading of alerts triggered based on behavioral detection's of EDR, analysis based on MITRE framework, analyzing alerts to identify threat actors TTPs, Forensics and analysis tools to research identified threats and search for suspicious activities.
- Categorized alerts as False Positive, True Positive and False Negative to help development team identify some potential improvements in detection systems.
- Prepared and presented business review reports, offering timely information on EDR's team accomplishments to stakeholders into EDR's Team performance and accomplishments.
- Mentored junior team members, fostering professional growth through guidance on best practices in industry.
- Collaborated with cross-functional teams to achieve project goals on time and within budget.
Research and Development Engineer 1
Broadcom Inc, CA (India) Technologies Private Ltd
Pune
08.2013 - 06.2021
- As part of Symantec Enterprise Division, Perform email threat analysis for enhancing threat intelligence for Enterprise Email cloud security, Symantec Messaging Gateway SMG and IPS signature system.
- Investigate and perform threat analysis on Emerging and evolving threats, threat actors, understand IOC's.
- Create predictive and proactive detections to stop them. Here detections means regex filters and behavior based signature for email gateway protection, cloud security and IDS/IPS.
- Knowledge, experience and ability to identify threat actor, attack methods and track their developments like TA505 Group, Hancitor, Bazarloader, Smoke Loader, Qealler etc, Malspam campaigns.
- Develop and produce written intelligence reports and technical analysis results and collected threat information for Core customers.
- Analyze email data, investigate into email threats, add detection, and develop systems to automate detection, processing and distribution of email threat intelligence.
- Identify and track global threats and threat actors, including Advanced Persistent Threats (APTs) and their Tactics, Techniques, and Procedures and Write about them and publish threat bulletins.
- Hands on experience in SIEM tools (Splunk).
- Handling Customer False Positives submissions and resolving enterprise customer concerns by restructuring filters.
- Research and ideate on automatic detection and rule generation,
implement prototypes which involves investigation and research on latest email threats to present effective solutions. - Monitor third-party security related websites, forums, and mailing lists for information regarding vulnerabilities, exploits and recent developments in field.
- Involved in automation suggestion and enhancement of Cloud Detection Technology.
- Experience and Knowledge in Cyber Threat Intelligence and conducting threat modeling.
- Experience reviewing and assessing logs for anomalous activity indicating presence of threat.
- Experience in Cyber Threat Intelligence & Knowledge in conducting threat modeling.
Security Response Technician
Symantec Software India Private Ltd
Pune
02.2012 - 07.2013
- URL testing and comparative analysis testing.
- Worked on WCID (Web caller ID) tool, it is Anti-Phishing Engine which involves work related with testing, categorization of Phish and Legit URLs.
- Write and published blogs on phishing attacks.
Education
Bachelor of Computer Science & Engineering - Computer Science And Engineering
D. Y. Patil College Of Engineering Kolhapur
Kolhapur 06.2006 - 05.2010
Skills
Regular Expression, JAVA, JavaScript, Python, KQL and SQLite
Malware analysis: Static and Dynamic PeStudio, Process hacker, ProcDot, Procmon, Hex Editor, Sandboxing, x32/x64dbg
IPS & IDS: Formjacking, Tech Support Scam
Security Tools: Nmap, Wireshark, Metasploit Framework, Kali Linux and Burp Suite
Web application security: OWASP top 10 vulnerability
Protocols: TCP/IP, HTTP, FTP, SSH, SSL, POP, IMAP and SMTP
Security Tools: Nmap, Wireshark, Metasploit Framework, Kali Linux and Burp Suite
Certification
JAVA & Advance JAVA.
Hobbies
Playing Cricket, Played for Symantec's Leather Ball Cricket Team 6 years.
Timeline
CISSP (Training completed)
09-2021
Web Application Penetration Testing
08-2021
Research and Development Engineer 1
Broadcom Inc, CA (India) Technologies Private Ltd
08.2013 - 06.2021
Security Response Technician
Symantec Software India Private Ltd
02.2012 - 07.2013
Specialist Cyber Security
LTIMindtree
6 2021 - Current
Bachelor of Computer Science & Engineering - Computer Science And Engineering
D. Y. Patil College Of Engineering Kolhapur
06.2006 - 05.2010