Pranay Reddy Baraju

• Monitoring the customer network using SIEM tool's – QRadar, Splunk, Azure Sentinel.
• Performing Real-Time Monitoring, Investigation, Analysis, Reporting and Escalations of Security Events from Multiple log sources.
• Maintain keen understanding of evolving internet threats to ensure the security of client networks.
• Escalating the security incidents based on the client's SLA and providing meaningful information related to security incidents by
doing in-depth analysis of event payload, providing recommendations regarding security incidents mitigation which in turn makes
the customer business safe and secure.
• Handling Security events & device inventories
• Providing round the clock support for monitoring client environment and taking proactive steps to protect from Known and
emerging threats.
• Managing the security devices associated with the client networks.
• Hands on experience in SIEM Platform (QRadar, Splunk and Azure Sentinel)
• Azure sentinel Microsoft defender for endpoint (MDE)
• Microsoft cloud app security (MCAS)
• Perform detailed investigation and response to security alerts in Azure sentinel with alerts coming from traditional log
sources/MCAS/MDATP/AADIP
• Working on O365 Cloud App and Azure Active Directory.
• Working on various OSINT and Sandboxing Platforms
• Analyzing basic security requirements and making recommendations for improvement
• Endpoint Security: Trend Micro office scan – Troubleshooting
• Helped in providing documentation and support through creating procedure documents like SOP’s, KT documents.
• Performing Real-Time Monitoring, Investigation, Analysis, Reporting and Escalations of Security Events from Multiple log sources.

● As part of the Incident Handler team, we investigated High & Medium priority alerts triggered by Splunk & Azure sentinel SIEM.

● Working experience on Phishing email analysis and remediation using Microsoft 365 Email protection.

● Worked on email analysis (Header, URL and attachment analysis) for detecting threats such as phishing and other social engineering attacks.

● Making use of Proofpoint enterprise, TAP and TRAP to purge out emails from user’s mail box one they are identified are malicious.

● Worked with MS Defender EDR tool to investigate Endpoint Device alerts.

● Fine tuning the false positive alerts and doing the activity of use case creation by using MITRE attack frame work.

● Perform deep dive analysis by correlating data from various sources from Cloud and on-premises.

● Created play book which helped the team members to work on the alerts and escalate the true positives.

● Responsible for vulnerability management program, reviewing advisories and working with respective towers to remediate issues following risk-based approach.

● Checking out the threat intel reports and adding the IOCs in the respective security solutions.

● Provide incident response support for all the actionable incidents.

● Performed Incident investigation and resolution using Endpoint security and EDR

● Maintenance of real-time block Lists, white lists in the security solutions.

● Worked on escalated incidents from the L1 & L2 team and reviewed their investigations steps and closure comments in the incidents.

● Fine tuning of all the rules to decrease the false positives in the security solutions

● Experience in triaging viruses, malware, Ransomware and other security events on endpoints

● Good Knowledge in analyzing different malicious executables and documents

● Performing root cause analysis for the incidents reported at security operations center and documented the prevention steps of security events and maintaining them for future reference.

● Performed 24/7 365 days security event monitoring of heterogeneous networks such as firewalls, IDS/IPS, DLP devices using Splunk.

● Proactive in triaging viruses, malware, and other security events on endpoints.

● Experienced in examining suspicious emails for malicious content and provide recommendations on remediation actions to users.

● Experienced in preparing detailed analysis for external cyber threats for new vulnerabilities, exploits, and Intrusion patterns, malware behaviors, based on the information proactively checking with the vendor to deploy the signatures for collected IOCs.

● Good exposure on open-source tools virus total, URL scan, Cisco Talos, AMP tool, bright cloud, abuse IP requirement.

● Performed investigation of network and hosts/endpoints for malicious activity by collecting the triage of the machines including analysis of packet captures.

● Provide single point of contact and hands-on escalation and remediation for critical issues

● Responsible for vulnerability management program, reviewing reports and working with respective towers to remediate issues following risk-based approach Responsible for categorization.

● Managed Security policies and Security features like Threat Prevention, Antivirus, URL filtering and Anti spyware in Palo Alto Firewalls and applications.

● Hands on experience with automated malware analysis systems.

● Preparing the Ad hoc reports as per the requirement to the client.

• Responsible for 24x5 SOC Operations through QRadar.
• Handle escalated tickets and perform deep-dive incident analysis with advance tools and techniques, including open-source tool.
• Worked on phishing analysis.
• Whitelist on the domain and website based on the reputation.
• Analyzed log files for anomalies, identifying potential intrusions or malicious activity before significant damage occurred.