RAJASHEKAR CH

With over 6+ years of dedicated experience as a Cyber Security Analyst, specializing in monitoring,analyzing diffrent treats and expirence in Vulnerability Assessment, SIEM, SOC, and Endpoint Security, I bring a wealth of expertise to the table. Prior to this, I served in a Splunk administrative role, honing my skills in managing and optimizing Splunk environments for maximum efficiency and effectiveness. Within SOC operations, I excel in incident handling, real-time security event management, and network traffic monitoring. My proficiency extends to identifying and classifying attempted compromises through heuristic analysis and log examination. Furthermore, I conduct thorough vulnerability assessments across software, hardware, and network infrastructure, delivering comprehensive reports to business owners regularly. I am adept at analyzing malware alerts, investigating indicators of compromise (IOC) and attack (IOA), and mitigating associated risks. Additionally, I possess strong skills in analyzing and responding to user-reported phishing emails, ensuring proactive protection against potential threats.

• English
• Telugu

• Date of Birth: 06/10/93
• Nationality: Indian

Project Name: MTS KOI

Here’s a well-organized format to mention the MTS KOI project with all the provided points:

Project Description:
This project focused on strengthening organizational security through advanced monitoring, incident management, and endpoint security measures, leveraging tools such as Cortex XDR.

Key Responsibilities:

• Security Monitoring:Monitored security alerts and events to identify potential threats.
  Conducted real-time analysis to ensure swift detection and response.
  
• Incident Detection and Response:Detected, investigated, and responded to security incidents promptly.
  Managed end-to-end incident handling and ensured documentation within defined SLAs.
  
• Threat Intelligence Analysis:Analyzed threat intelligence feeds for proactive identification of indicators of compromise (IOCs).
  Correlated intelligence with incidents to enhance threat mitigation strategies.
  
• Security Incident Management:Documented and tracked security incidents to ensure thorough investigation and closure.
  Coordinated with cross-functional teams for effective incident resolution.
  
• Security Tool Management:Configured and maintained security tools for monitoring, threat detection, and response.
  
• Vulnerability Management:Conducted vulnerability assessments and applied remediation strategies.
  Ensured compliance with security policies and best practices.
  
• Compliance Monitoring:Monitored adherence to security policies and regulatory requirements.
  
• Incident Coordination and Communication:Collaborated with multiple teams to coordinate incident response activities.
  
• Continuous Improvement:Identified areas of improvement within SOC operations and implemented necessary enhancements.
  

Cortex XDR Contributions:

• Managed Cortex XDR agents to ensure robust endpoint security.
• Deployed and configured Cortex XDR agents across endpoints, enabling comprehensive threat monitoring and protection.
• Designed and enforced endpoint security policies, including device control, application whitelisting, and script execution control, to mitigate risks and unauthorized activities.
• Investigated and resolved CPU utilization issues caused by Cortex XDR agents on critical servers, implementing optimization strategies and collaborating with system administrators to ensure uninterrupted protection

• Managed SOC operations, overseeing SIEM monitoring and correlation rule creation.
• Executed methodologies like Incident Handling, real-time security event handling, and network traffic monitoring.
• Conducted thorough log analysis utilizing heuristics to detect and classify attempted compromises on networks.
• Analyzed various security alerts including malware, phishing emails, and indicators of compromise for investigation.
• Followed end-to-end Incident Investigation and Response processes, ensuring investigations were closed within defined SLAs.
• Implemented and maintained endpoint security solutions such as CrowdStrike, Cloud app security, and Cortex XDR.
• Configured policies and profiles on endpoints and servers to enhance security posture and mitigate threats.
• Resolved CPU-related issues associated with XDR agents and liaised with vendors for problem resolution.
• Proficient in troubleshooting techniques to address communication issues of XDR agents on Broker VMs.
• Developed custom XSOAR playbooks for automating repetitive SOC tasks, including phishing investigation, malware analysis, and IOC correlation.
• Built dashboards in XSOAR to provide SOC teams with real-time insights into incident trends and response efficiency.
• Optimized existing playbooks by incorporating advanced conditional logic and updated threat intelligence feeds to adapt to evolving threats.
• Managed Splunk instances including deployment, configuration, and ongoing maintenance.
• Developed and maintained Splunk dashboards, reports, and alerts for security monitoring and analysis.
• Created and managed Splunk data inputs, indexes, and search heads to optimize performance.
• Collaborated with stakeholders to align Splunk and XSOAR configurations with organizational security and operational requirements.
• Conducted vulnerability assessments using tools like Tenable (NESSUS) on software, hardware, and networks.
• Coordinated with business owners to schedule regular vulnerability scans and reported findings periodically.
• Monitored AWS infrastructure utilizing tools like Guard Duty, Cloud Trail, and CloudWatch logs.
• Possessed a basic understanding of cloud architecture and principles.
• Coordinated effectively with Network and Server teams regarding technical activities and issues.
• Participated in calls with business owners, Windows, and Linux teams to schedule Vulnerability Management patching and remediation.
• Conducted knowledge-sharing sessions with team members on complex incident issues, XSOAR workflows, and lessons learned.
• Analyzed daily and monthly reports for incident management and compliance purposes