Saiprashanth Sivakumar

• Lead the investigation of cybersecurity incidents, including malware outbreaks, phishing attacks, data breaches, and unauthorized access attempts.
• Perform detailed root cause analysis, assess the impact, and recommend containment, eradication, and recovery strategies.
• Coordinate with cross-functional teams to handle incidents effectively, ensuring minimum business disruption.
• Continuously monitor SIEM and other security platforms (MDE) to detect and respond to threats in real time.
• Develop, review, and update incident response playbooks to ensure consistent and efficient handling of incidents.
• Implement automation using SOAR (Security Orchestration, Automation, and Response) tools to streamline repetitive tasks and improve response time.
• Collaborate with the security awareness team to promote phishing simulations and other training programs.
• Creating of SOP's based on the team requirement and plans.

• As a Defender SME, I monitored and reported health checks for the devices daily (Servers) and monthly (Workstations), or as per client request.
• Creating custom detection rules for critical cyber threats and Suppression of False positive alerts.
• Assisted Clients for troubleshooting the inactive/misconfigured devices with Microsoft.
• Blocking the IOCs, as per threat advisories, and purging of phishing emails reported by the users.
• Creation of Phishing Simulation for User Awareness.
• Creation of Microsoft cases for various issues and troubleshooting for the remediations.

Implementation/Migration:

• Migrated devices from other endpoint security tools to MDE.
• Implemented MDI for the clients to detect lateral movement alerts.
• Created custom detection rules to detect and contain emails from the latest phishing campaigns.
• Performed assessments on MDO and MDE to enhance the security posture.
• Configured ASR Rules to help in mitigating malware infection and limiting actions that could allow adversaries to exploit vulnerabilities or perform malicious actions on endpoints.

• Alert Analysis and incident investigations through Sentinel and Q-radar
• Escalating Critical incidents to L3 for further analysis and closure of the incidents.
• Phishing Analysis on User reported mails and Blocking of the Necessary IOCs for the same.
• Monitoring & Analysis on User sign-in activities through Cloud-app and correlating with other Microsoft tools like Sentinel and MDE.
• Working on MDR (Detection & Response ) activities through MDE which includes devices isolation, Quarantining of suspicious files, Running full AV scan and Initiating Live Response.
• Protecting User Identities by changing the password, reseting MFA and Revoking sessions of the users.

• Real Time Alert Monitoring and Incident Investigations using SIEM Tools (Q-radar & Sentinel).
• Monitoring of User sign-in activities using Microsoft Cloud-app Tool and correlation with tools.
• Alert Analysis and Detection & Response using MDE tool.
• Phishing & Malware Analysis through the user reported mails.
• Creation of Phishing simulation for user awareness though defender for endpoints.