Roopchandra Reddy Mittapalli

SIEM Administration & Log Management

• Administer and support SIEM platforms including Microsoft Sentinel, Splunk, and ArcSight, across on-premises and cloud environments.
• Design, develop, and manage Microsoft Sentinel analytics rules using KQL, including continuous fine-tuning and false-positive reduction.
• Manage Role-Based Access Control (RBAC) within SIEM platforms, ensuring secure user access, segregation of duties, and compliance.
• Onboard, parse, and normalize logs from Firewalls, WAF, EDR, Active Directory, IAM, cloud platforms, databases, and business applications.
• Develop, optimize, and maintain custom correlation rules, UEBA/UBA use cases, and security alerts aligned with threat scenarios.
• Create security dashboards, compliance reports, and executive-level metrics for governance, audits, and leadership reporting.

Cloud & AI Security Monitoring

• Implement and manage Microsoft Defender for Cloud, enabling: CSPM (Cloud Security Posture Management) CWPP (Cloud Workload Protection Platform) AI-driven risk prioritization and attack-path analysis
• Monitor cloud misconfigurations, exposed workloads, AI workloads, and high-risk resources across Azure environments.
• Conduct advanced threat hunting using KQL, behavioral analytics, and AI-assisted insights.

OT NDR & Industrial Security Monitoring

• Monitor and analyze OT and IoT networks using Microsoft Defender for IoT and Nozomi Networks.
• Perform OT network traffic analysis using Wireshark for deep packet inspection and industrial protocol validation.
• Conduct OT risk assessments and gap analyses for critical infrastructure, including oil & gas and industrial networks.
• Support OT security assessments, investigations, and reporting, ensuring alignment with operational safety requirements.

Key Projects & Implementations

• SIEM Migration Project: Led the migration of SIEM from on-premises to cloud, improving scalability, visibility, and operational efficiency.
• Knowledge Management: Successfully implemented MediaWiki for SOC knowledge transfer, runbooks, and operational documentation.
• ITSM Automation: Supported ITSM deployment, creating automated ticket workflows and access provisioning with cross-functional teams.
• AI SOC Enablement: Enabled Copilot Studio and implemented AI agents to support daily BAU SOC activities.
• SOAR Automation: Implemented FortiSOAR automation for SIEM and BAU processes, reducing manual effort and response time.
• Deception Technology: Implemented Attivo deception technology with full governance, enabling proactive threat detection and incident response.
• Phishing Remediation Automation: Integrated Proofpoint TRAP to automate phishing email remediation, significantly reducing response time and analyst workload.
• Threat Intelligence Platform: Managed end-to-end implementation of a threat intelligence platform, enabling actionable intelligence and proactive threat hunting.
• MITRE ATT&CK Mapping: Led comprehensive SOC detection mapping to the MITRE ATT&CK framework, improving detection coverage and response maturity.
• PRISM Process Enhancement: Enhanced the PRISM process by implementing automated email reminders, improving workflow efficiency and compliance tracking.

BAU Operations & SOC Management

• Developed and maintained SOC use cases, performed threat intelligence analysis, investigated alerts, and continuously fine-tuned detection logic with detailed documentation.
• Ensured operational excellence by meeting timelines, maintaining quality standards, and overseeing daily activities of Tier I and Tier II SOC analysts.
• Acted as Subject Matter Expert (SME) for Microsoft Sentinel and ArcSight, eviewing SIEM rules and improving detection effectiveness.
• Conducted threat hunting and malware analysis, collaborating with internal teams, auditors, and regulators during investigations and audits.
• Managed vulnerability assessments using Qualys, implemented Microsoft Security Baseline (MSB) hardening, and governed the VA/CA lifecycle.

SIEM Specialization – Microsoft Sentinel

• Specialized in Microsoft Sentinel detection engineering, integrating 40+ custom applications and log sources.
• Designed and implemented custom analytics rules and KQL-based detections aligned with log behavior and real-world attacker techniques.
• Conducted brand monitoring, including analysis of dark web activity, leaked credentials, impersonation attempts, and reputational threats.

Endpoint & Network Security

• Managed EDR/XDR platforms including Microsoft Defender, CrowdStrike Falcon, and Carbon Black.
• Performed advanced endpoint threat hunting, incident investigation, and forensic analysis.
• Quarantined infected hosts, coordinated containment, and led remediation efforts with IT and endpoint teams.

SOAR & Security Automation

• Designed and maintained SOAR playbooks for phishing incidents, malware infections, account compromise, and cloud security alerts.
• Automated repetitive SOC tasks such as IOC enrichment, alert triage, ticket creation, and containment actions.
• Integrated multiple security tools with Logic Apps and SOAR platforms to accelerate incident response.

• Successfully migrated third-party SIEM to Azure Sentinel, integrating on-premises and multi-cloud environments for seamless data ingestion and centralized security monitoring.
• Establish mechanisms to collect and parse logs from various sources, such as network devices, servers, endpoints, and cloud platforms
• Deploy and configure the SIEM solution, including infrastructure components, log sources, data connectors, and integration with other security tools and systems
• Develop and implement automation scripts, workflows, and playbooks using Azure Logic Apps, Azure Functions, or other automation tools to streamline incident response processes

Incident Response & Security Operations

• Investigated malicious and suspicious emails (phishing, malware, BEC), and provided security awareness guidance to end users to reduce repeat incidents.
• Proposed and implemented real-time SOC detection use cases, working closely with the Threat Detection & Defense (TDO) team.
• Performed incident triage and prioritization, ensuring incidents were classified correctly based on severity, impact, and risk.
• Coordinated with the Incident Response (IR) team to manage containment, investigation, and recovery activities.
• Conducted intrusion scope determination and root cause analysis (RCA) to identify affected systems, users, and data.

Digital Forensics

• Conducted examinations of digital media to identify evidence of file access, data movement, data destruction, USB usage, internet history, and other user activities.
• Analyzed mobile device extraction data, performed keyword searches, and formatted findings into clear and presentable spreadsheets for customers.
• Parsed complex Mac log and PLIST files to extract and present readable, analyst-friendly data.
• Examined Windows Registry artifacts to determine USB usage, recent file activity, installed software, and additional system behaviors.

SIEM (ArcSight ESM & MacAfee Nitro):

• Working on ArcSight SIEM Tool for Providing the SOC (Security Operation Centre) Operations
• Investigating the commands, and applying the inline filters in an active channel to make the process reliable
• After Analyzing alert raising incidents in ticketing tool for true positive incidents and follow up the team up to incident closure
• Regular health checks monitoring, log analysis, and reportings

VA(Nexpose):

• Creating Sites, Asset groups, and performing Scheduled and ad-hoc scans for multiple client-servers, sites, and IPs
• Finding vulnerabilities and sending them to the respective team to remediate/fix the issue
• Technical report generation for the scans completed
• Preparing management reports for specific clients

• Managed key client relationships, addressing concerns, and ensuring alignment of KPO services with client objectives
• Developed and implemented risk mitigation strategies, enhancing resilience and minimizing potential disruptions in KPO operations.
• Led cross-functional teams, fostering collaboration and synergy to achieve KPO service delivery goals.

• Delivered exceptional customer service by promptly addressing inquiries, resolving issues, and ensuring overall customer satisfaction
• Demonstrated in-depth knowledge of Union Bank's products and services, guiding customers in selecting the most suitable options for their financial requirements
• Identified opportunities for cross-selling additional bank products and services, contributing to increased customer engagement and revenue.