Sai Krishna Vegivada

• A dynamic professional with over 5.2 years of experience in Managed Security Services, Cyber Security Incident Response Team (CIRT), Threat Hunting, Security Operations Centre (SOC), Endpoint security
• Perform cyber security threat engineering activities with specific focus on countermeasure Tactics, Techniques and Procedures (TTPs)
• Providing intrusion analysis in response to emerging threats and targeted attacks
• Analyzing information and alerts across large scale enterprise to identify intrusion and effectively respond to it and eradicate security threats from the environments
• Supporting the triage of potentially malicious events to determine severity and criticality of the event
• Utilize digital forensic tools like Microsoft Defender, Azure, Cortex XSOAR, Splunk, Lastline and other cloud analysis tools to execute digital investigation and perform incident response activities to identify indicators of compromise
• Perform hunting for malicious activities across the network and digital assets
• Collaborate with technical and threat intelligence analysts to provide indications and warning along with alert tuning and resolution guide
• Understanding of security alerts that includes malware/phishing, denial of services, unauthorized access, etc
• Proactively 'hunt' for potential malicious activity and incidents across multiple sources using advanced threat network and host-based tools
• Creating playbooks for different threat related incidents
• Experience with industry leading tool including JIRA and ServiceNow
• Handling operation incidents and providing solutions for them as per the request.

· Monitoring the customer network using SIEM tools: IBM QRadar, Microfocus ArcSight, Splunk.

· Work closely with business units to ensure that they know what and how to feed data into QRadar and to create network hierarchy, classify Log Sources within the QRadar SIEM.

· Performing Real-Time Monitoring, Investigation, Analysis, Reporting and Escalations of Security Events from Multiple log sources.

· Maintain keen understanding of evolving internet threats to ensure the security of client networks.

· Escalating the security incidents based on the client's SLA and providing meaningful information related to security incidents by doing in-depth analysis of event payload, providing recommendations regarding security incidents mitigation which in turn makes the customer business safe and secure

· Contacting the customers directly in case of high priority incidents and helping the customer in the process of mitigating the attacks.

· Co-ordinate extensively with networking teams to maintain and establish communication to remote QRadar Collectors/Processors.

· Troubleshooting SIEM dashboard issues when there are no reports getting generated or no data available.

· Determine the scope of security incident and its potential impact to Client network; recommend steps to handle the security incident with all information and supporting evidence of security events.

• · Creation of reports and dashboards and rules fine tuning.