RAJESH KUMAR ANBURAJAN

I managed incident response and threat detection across multiple SIEM and SOAR platforms, including Cortex XSOAR, XSIAM, IBM SOAR, QRadar, Splunk, Cribl, and ServiceNow. I developed advanced automations and response workflows to streamline phishing detection, investigation, and remediation. I designed and implemented over 10 Cortex XSOAR playbooks using Python to automate alert triage, threat enrichment, IOC management, and ticket orchestration. Additionally, I developed integrations with tools such as Microsoft Defender, Azure AD, and Microsoft Graph API for real-time metadata extraction and incident correlation. I automated repetitive tasks such as patch validation, IOC enrichment, and alert tagging to improve operational efficiency. I integrated automation with Azure Security Center, AWS, and Microsoft Defender to enhance cloud visibility, enforce policies, protect identities, and detect anomalies. I also customized dashboards and email analytics widgets in XSOAR to support phishing pattern recognition and executive-level reporting. I improved monitoring by enhancing the performance of email metadata extraction and visualization tasks. As the on-call XSOAR automation support for CIC and TCO tenants, I handled daily triage, resolved bugs, and implemented performance improvements. I collaborated with cross-functional teams, including TI, TCO, CIC, and the global SOC, to implement automation aligned with organizational goals, and actively contributed to Agile/Scrum processes, supporting continuous delivery with a strong focus on quality and turnaround time.

I conducted threat landscaping for client environments by identifying critical assets (Crown Jewels) and developing data flow architectures. I created over 60 threat-based use cases to enhance the organization's security posture. I integrated over 2,000 log sources with the IBM QRadar SIEM platform, monitored for event drops, and optimized EPS (10,000+) using a selective approach to increase visibility and reduce costs. I designed and implemented end-to-end SOC architecture using IBM QRadar SIEM and IBM QRadar SOAR, accounting for data volume, EPS, data retention policies, and geographical distribution. By refining over 100 use cases and identifying key conditions, I significantly reduced false positive alerts. I managed the setup of over 5,000 EDR agents, including policy creation, signature updates, and implementation of a high availability architecture. I developed over 50 playbooks and integrated various security tools (e.g., EDR, firewalls, threat intelligence, AD, HIPS) to automate incident response through Python scripting, minimizing manual ticket creation. I also automated the addition of Indicators of Compromise (IOCs) into firewalls, proxies, and EDR solutions using threat intelligence feeds, saving significant man-hours. I managed the Security Service Provider (MSSP) add-on, which enabled the management of multiple customers from a single dashboard while ensuring client data remained isolated. Additionally, I performed Vulnerability Assessment and Penetration Testing (VAPT), targeting mitigation of OWASP Top 10 vulnerabilities, and delivered comprehensive reports outlining effective risk mitigation strategies.

I led incident response and threat detection across multiple SIEM and SOAR platforms, including Cortex XSOAR, XSIAM, IBM SOAR, QRadar, Splunk, Cribl, and ServiceNow. I created advanced automations and response workflows to streamline phishing detection, investigation, and remediation. I conducted threat landscaping for client environments by identifying critical assets (Crown Jewels) and developing data flow architectures. I developed over 60 threat-based use cases to strengthen the organization’s security posture. I integrated more than 2,000 log sources with the IBM QRadar SIEM platform, monitored for event drops, and optimized EPS (10,000+) using a selective approach to increase visibility and reduce costs. I designed and implemented end-to-end SOC architecture using IBM QRadar SIEM and SOAR, taking into account data volume, EPS, retention policies, and geographical spread. By refining over 100 use cases and identifying key conditions, I significantly reduced false positives. I managed the setup of over 5,000 EDR agents, including policy configuration, signature updates, and deployment of a high-availability architecture. I developed more than 50 playbooks and integrated a variety of security tools—such as EDR, firewalls, threat intelligence, Active Directory, and HIPS—to automate incident response using Python scripting, reducing manual ticket creation. I also automated the ingestion of Indicators of Compromise (IOCs) into firewalls, proxies, and EDR systems using threat intelligence feeds, saving substantial analyst time. Additionally, I managed the Security Service Provider (MSSP) add-on, enabling centralized management of multiple customers from a single dashboard while maintaining strict data isolation. I performed Vulnerability Assessment and Penetration Testing (VAPT), focusing on OWASP Top 10 vulnerabilities, and delivered comprehensive risk mitigation reports.

I developed various automations and threat response mechanisms for high-level use cases within customer environments, leveraging SIEM and SOAR platforms in security operations centers. I conceptualized and implemented multiple automations and built numerous integrations with security tools such as EDR, firewalls, threat intelligence platforms, Active Directory, and HIPS. I automated the incident response and investigation processes in Cortex XSOAR from the ground up, and regularly shared requirements and enhancement suggestions to improve XSOAR’s effectiveness and monitoring capabilities. I also designed and implemented end-to-end SOC architecture using IBM QRadar SIEM and SOAR, taking into consideration factors such as data volume, EPS, data retention, and geographical distribution. As a cybersecurity analyst and the designated point of contact from TCS, I actively collaborated with the client to enhance and develop XSOAR functionalities. Additionally, I created and deployed multiple XSOAR playbooks to automate the incident investigation process and reduce repetitive manual tasks.

I coordinated with the team to streamline security operations and enhance incident response efficiency. I actively participated in use case ideation, contributing to the development of custom rules and alerts for proactive threat detection. I monitored and maintained system health to ensure the continuous and reliable operation of SIEM and SOAR platforms. I successfully managed relationships with overseas customers, addressing their security requirements and ensuring satisfaction. I conducted troubleshooting and resolved technical issues, minimizing downtime and preserving the integrity of security systems. I developed and implemented SOAR playbooks to automate incident response procedures, significantly reducing response times and increasing operational efficiency. Additionally, I collaborated with cross-functional teams to identify automation opportunities and reduce manual efforts. I also conducted training sessions for SOC personnel on the use of SOAR playbooks and automation tools, enhancing overall team proficiency.

I coordinated with the team to streamline security operations and improve incident response efficiency. I actively contributed to use case ideation, helping to develop custom rules and alerts for proactive threat detection. I monitored and maintained system health to ensure the continuous and reliable operation of SIEM and SOAR platforms. I successfully managed relationships with overseas clients, addressing their security requirements and ensuring high levels of satisfaction. I conducted troubleshooting and resolved technical issues, minimizing downtime and preserving the integrity of security systems. I developed and implemented SOAR playbooks to automate incident response procedures, significantly reducing response times and increasing operational effectiveness. Additionally, I collaborated with cross-functional teams to identify automation opportunities and minimize manual effort. I also conducted training sessions for SOC personnel on the use of SOAR playbooks and automation tools, enhancing overall team proficiency.

I served as the Subject Matter Expert (SME) for NSDC (National Skill Development Corporation India), a central government client. My responsibilities included the implementation of PDF generation services and user service modules. I worked in a Scrum-based environment and also took on the role of Scrum Master. I was involved in creating user interfaces using HTML, CSS3, Bootstrap, and jQuery, and developed APIs using Node.js, MongoDB, and RESTful methods. Additionally, I performed manual and unit testing, bug fixing, and was responsible for identifying and creating comprehensive manual and unit test cases.

I developed business processes using Kanban and Ribbon components and handled customer support queries related to the Syncfusion Ribbon component. I performed manual and unit testing, conducted bug fixing, and was responsible for identifying and creating detailed test cases. Additionally, I used Jira for bug tracking and SVN for source code version control.