Pavan Kumar R

• Pioneered inception and establishment of complete security operations canter from ground up.
• Implemented IR strategies, safeguarding valuable company information from unauthorized access.
• Reduced incident response time by 30%, measured from Mean Time to Detect to Mean Time to Close.
• Designed and optimized SIEM solutions tailored to both on-premises and cloud environments to identify and mitigate potential threats.
• Oversee implementation and optimization of SIEM and EDR/XDR tools to identify and respond to security incidents in real time
• Develop and maintain comprehensive documentation for security systems and procedures.
• Defined and implemented comprehensive threat detection strategy aligned with business objectives and industry best practices.
• Streamlined patch management processes, ensuring timely deployment of critical security updates.
• Reduced cybersecurity risks by conducting regular vulnerability assessments and penetration tests.
• Conducted thorough forensic investigations to identify root causes of cyber incidents and implement corrective actions promptly.
• Stay current on industry trends and new technologies to continuously improve threat detection capabilities.
• Collaborate with cross-functional teams to integrate threat detection solutions into existing systems and processes
• Evaluated emerging technologies for potential application in strengthening overall security posture.
• Established effective incident reporting mechanisms for employees to report suspicious activities or concerns related to information security quickly.
• Provide guidance and mentorship to team members, fostering culture of continuous learning and professional development.
• Championed culture of continuous improvement within cybersecurity team, fostering innovation and collaboration among members.

• Leading a 24/7 multicultural global team of T1-T3 Incident Responders and Managing MSSP vendor- relationship

• Manage the day-to-day cyber security incidents, through detailed analysis, interviews and threat research, be able to discern a legitimate threat from a false positive

• Drive strategy of IR for highest criticality Cyber security events serving as POC throughout the Incident lifecycle.

• Conduct rapid response, mitigation and investigations on the highest priority cases impacting Juniper/User Data and develop concise yet detailed report for respective stake holders.

• Analyze data from host, network and file-based data to develop detections associated with Cyber TTP’s

• Support and mentor the team of Incident responders conducting investigations.

• Identify the deficiencies in the Security Posture, and the creation of action plans for remediation of identified deficiencies and drive process improvements

• Supporting team to gather threat intel by working with Federal and State or Local law enforcing agencies, developing research and maintaining proficiency in tools, techniques, counter-measures and trends.

• Develop and cultivate opportunities for career growth and development.

• ·Responsible for evaluation and selection of tools to achieve operational objectives.

• Manage daily SOC Operations - Working as SME in Identification of Security threats, triaging, incident response and expanding the detections mechanisms via Use Cases leveraging MITRE framework.

• Focused and committed during high-impact security incidents.

• Perform remote triage to include volatile memory acquisition and target file system artifact extractions.

• Develop actionable leads during initial response and deploy generated IOC’s in automated mode to identify additional systems of interest.

• Analyze multiple sources of evidentiary data – endpoint artifacts, network packet captures, webserver traffic logs, sandbox reports to validate and prioritize remediation efforts.

• Co-ordinate and provide expert technical support to teammates and other enterprise-wide teams to assist with eradication, recovery, and any post incident activities

• Act as a Lead for IR and Threat Hunting teams being able to Detect, Respond and Remediate identified Security Incidents within SLA.

• Lead a team of highly skilled IR’s and additionally lead Tier-1 function analysts focusing on monitoring, triage and initial response of Cyber threats that operate in 24/7 mode.

• Own CSRIT’s playbooks, runbooks, workflows, documentation, and process including seeking improvement in creating new documentation and their maintenance.

• Identify and recommend operational improvements to the client, drawing SOC operational experience and industry specific knowledge of risks.

• Deliver SOC Monthly and Quarterly Executive reporting.

• Maintain operational oversight of all ticketing activity in the engagement including, but not limited to Security Incidents, Content Development, Tuning Recommendations, Hunting activities, Internal/External audits, SIEM infrastructure management and process improvisation to achieve operational objectives.

• Oversee and manage on time and effective security content development, testing and delivery.

• Lead disaster recovery procedures for Security operations.

• Responsible for maintaining staffing, train and develop the SOC team by demonstrating the experience I carry and leadership skills.