Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic
Pranith Kumar Reddy

Pranith Kumar Reddy

Cyber Security Specialist
Hyderabad,TG

Summary

Working as a security analyst in the SOC team, triggering suspicious or malicious activity for all endpoints in SentinelOne (S1). Handling incidents containing Ransomware and other attacks and assisting clients in identifying malicious activity, triage analysis, compromised user accounts, attacker footholds, active malware, etc. Performing analysis on various incidents containing Ransomware, Malware, Exploits, phishing, and various Cyber-attacks, finding their persistence, and taking appropriate actions. Handling Security Incidents followed by containment, eradication, and recovery with proper evidence collection and documentation until the closure of the incident. Worked on IBM QRadar SIEM administration and correlated logs from different sources, fine-tuned correlation rules, and created reports and dashboards for SOC. Experienced on Qradar (SIEM)-related alerts that are raised as part of the L1 team's investigation and triage. Experienced in Sumo logic SIEM administration, creating use cases and dashboards for SOC. SIEM: QRadar, Sumo logic. Performing proactive Threat Intelligence using global feeds and working on cloud security platforms like Microsoft Azure. Worked on data breach incidents (concerning PII, sensitive, employee-centric and consumer data). Expertise in Malware analysis, upgrades, and various troubleshooting using Falcon Crowd Strike, Sentinel One and Symantec. Proficient in Email Security threats and Anti-spam analysis, including various Email headers. Analyzing security flaws based on the logs and informing the customer regarding the same. Experience in performing malware analysis and threat hunting.

Overview

9
9
years of professional experience
5
5
Certifications

Work History

Security Specialist

Cognizant Technology Solutions Pvt. Ltd
2 2020 - Current
  • Monitoring and triaging suspicious/malicious activity for all endpoints in SentinelOne (S1)
  • Handling incidents containing ransomware, assisting clients in identifying malicious activity, triage analysis, compromised user accounts, attacker footholds, active malware, etc
  • Performing analysis on various incidents containing Ransomware, Malware, Exploits, Phishing and various Cyber-attacks, finding their persistence and taking appropriate actions
  • Escalating true positives to the respective teams by following the escalation process
  • Creating Arisnal Storyline Active-Response (STAR) rules implemented when certain applications have been installed in relation to threat actor activity and pertaining to the breach
  • Understanding real-time threat behaviors and creating STAR rules which detect the threat in its initial or staging stages before full exploitation
  • Considering investigation of a host based on Windows event logs, Netstat, taking remote control of the endpoint to find the executing process and presence of file-less malware or persistence
  • Documenting indicators of compromise for confirmed malicious activity and developing signature and behavior definitions for detection and response
  • Maintaining documentation for all SOC procedures related to S1 deployment, support, and troubleshooting
  • Producing daily reports that show S1 deployment progress during engagements.

Information Security Analyst

Tata Consultancy Services Pvt. Ltd - Hyderabad
Hyderabad, Telangana
02.2019 - 09.2019
  • Handling Security Incidents followed by containment, eradication and recovery with proper evidence collection and documentation until the closure of the incident
  • Working on Qradar (SIEM)-related alerts which are raised as part of L1 team, investigation, and triage
  • Responsible for identifying and classifying attempted compromises of client networks
  • Through heuristics identification of suspect traffic
  • Performing Phishing Email, Spam Analysis, and investigation
  • Recommendation and action on different security advisories for latest emerging threats in context of the Client Infrastructure
  • Performing proactive Threat Intelligence using global feeds and working on cloud Security platforms Microsoft Azure
  • Analyzing Events and Raw Logs for true positive security events
  • Handling all incidents and security alerts within the agreed SLA
  • Cylance endpoint protection based on detection of malicious activity
  • Threat and vulnerability management for Patch updates
  • Worked on data breach incidents (concerning PII, sensitive, employee-centric and consumer data)
  • Threat Intel as a daily activity
  • Worked on Cyjax alerts (Threat Intel)
  • Considering investigation of a host based on Windows event logs, Netstat of the endpoint to find the executing process and presence of file less malware (Volatility/ Eric Zimmerman tools (Registry explorer, Shell bag Explorer, Redline)
  • In-depth analysis of phishing emails to track phishing campaigns (Spear Phishing, Leap Frogging, Vishing)
  • Worked on cybersquatting, domain fluxing, and domain impersonation
  • Performed investigations on data privacy and Integrity issues and worked with DPA and BIO at country level
  • Forensics related to Incident response and finding the root cause of incidents.

System Analyst

WNS Global Services Pvt. Ltd
01.2017 - 02.2018
  • Ensuring the goals of Incident Management within defined SLA
  • Responsible for taking and fulfilling the client's requirements
  • Administration activities: Rules creation, dashboards, Integration of Log sources into SIEM
  • Utilized Security Information and Event Management and Malware analysis tools
  • Experience on Falcon Insight Endpoint detection and Response and its Architecture view with technical fundamentals
  • Performed creation and configuration changes of prevention policies, Sensor update and USB device policies, White-listing, and prevention hashes
  • Have proficient knowledge of investigation and analysis for different tactics like Custom Intelligence via Indicator of Compromise, Defense Evasion, Malware, Machine learning, and scripting-based attacks
  • Perform the monthly Map scan and weekly Vulnerability scans on Qualys
  • Work with Qualys team for timely updating scanner and signatures
  • Perform the Vulnerability assessment's and assign vulnerabilities to respective teams for remediation
  • Symantec endpoint security operations like USB exceptions, Application whitelisting, GUP policy modification, Malware incident troubleshooting, etc
  • Creating policies as per the requirements given by the project team
  • Review threat intelligence and investigate indicators of compromise (IOCs)
  • Responsible for operational real-time monitoring and analysis of security Events.

System Analyst

United Health Group Pvt.Ltd
08.2015 - 01.2017
  • Working on different Incident handling, offense analysis, and alerts from QRadar
  • Monitor alerts and Offenses that match rules or anomalies and respond according to the Standard Operating Procedures [ SOP's]
  • Determining the Indicators of Compromise from various Security Advisories and making correlation searches in the environment for their presence, including the correct remediation with different departments and escalation paths
  • Analyzing the IP's and URL's with the help of various online tools, and categorizing the analyzed data into respective categories
  • Perform daily monitoring and analysis of events generated from multiple sources such as security information events management (Qradar), Symantec endpoint protection, Forcepoint DLP & proxy, FireEye IDS/IPS, Firewall, system, application, and database logs
  • Having experience and good knowledge of threat areas and common attack vectors (Malware, Phishing, APT, etc.)
  • Preparing the Documents and SOPs for the Analysis and new procedures for future reference
  • Review and analyze the security breaches, determine their root cause and respond in a timely manner and coordinate with the respective L2's for the remedies for the escalated incidents
  • Creating various types of reports like Daily, Weekly and Monthly MSS reports
  • Proactively monitoring all the components of Incident Handling, real-time log monitoring, and Health checks of SIEM components 24x7 and updating them to the Strict and adhere to SLA
  • Monitoring phishing emails through email header analysis through various online tools and Sandboxing environments.

Education

B.Sc - Computer science

Loyola Academy Degree & P.G college - Hyderabad

Intermediate - undefined

MNR Junior college - Hyderabad

SSC - undefined

St. Mary's High School - Gajwel

Skills

EDR: Sentinel One, Falcon Crowdstrike, DATP

Certification

Certified Ethical Hacker(CEH)

Timeline

Information Security Analyst

Tata Consultancy Services Pvt. Ltd - Hyderabad
02.2019 - 09.2019

System Analyst

WNS Global Services Pvt. Ltd
01.2017 - 02.2018

System Analyst

United Health Group Pvt.Ltd
08.2015 - 01.2017

B.Sc - Computer science

Loyola Academy Degree & P.G college - Hyderabad

Intermediate - undefined

MNR Junior college - Hyderabad

SSC - undefined

St. Mary's High School - Gajwel

Security Specialist

Cognizant Technology Solutions Pvt. Ltd
2 2020 - Current

Similar Profiles

CREATE PROFILE
Pranith Kumar ReddyCyber Security Specialist