SAI TEJESWAR VUNGOORU
Hyderabad
Summary
Cybersecurity professional with 4+ years of experience in 24x7 SOC monitoring, threat detection, and incident response, supported by a Postgraduate Diploma in Cybersecurity from Ireland. Skilled in analyzing phishing, malware, and identity-based attacks through log correlation, threat intelligence, and structured investigations across diverse environments.
Proven ability to enhance detection quality, reduce false positives, and strengthen incident response through continuous monitoring, alert triage, and process optimization. Adept at operating in fast-paced SOC environments, collaborating with cross-functional teams, and improving overall security posture and resilience.
Overview
4
4
years of professional experience
1
1
Certification
Work History
Software Engineer
Wissen Technology
Hyderabad
06.2022 - 05.2023
- Investigated alerts in LogRhythm, Microsoft Defender, and ServiceNow by correlating user activity and system logs to resolve security incidents.
- Supported vulnerability management using Qualys by tracking asset exposure and ensuring timely remediation of identified weaknesses.
- Conducted mailbox and account compromise investigations, identifying and remediating unused or non-compliant service accounts.
- Administered Mimecast for remediation actions including email purge, quarantine, and containment, while documenting incidents in Confluence.
- Analyzed user-reported emails using header inspection and OSINT tools (VirusTotal, MXToolbox, URLScan.io, Zscaler) to classify phishing, spam, and legitimate communications.
Associate Professional Software Engineer
DXC Technology
Hyderabad
05.2020 - 05.2022
- Developed and fine-tuned SIEM analytics rules and use cases in Sentinel to enhance detection coverage and reduce false positives.
- Investigated brute-force, phishing, and lateral movement alerts by correlating telemetry from firewall, proxy, IDS/IPS, and EDR sources in Azure Sentinel to enhance threat detection.
- Applied MITRE ATT&CK framework to map adversary techniques, improving alert enrichment and investigation consistency.
- Conducted phishing incident analysis and documented detailed RCA in ServiceNow to support detection tuning efforts.
- Collaborated with SOC teams to optimize monitoring workflows, reducing investigation time and improving overall incident response efficiency.
Software Engineer
Serveen Software Systems
Hyderabad
05.2019 - 05.2020
- Produced actionable threat intelligence reports analyzing malware, threat campaigns, and cyber incidents, highlighting TTPs, IoCs, and mitigation strategies to inform security measures.
- Monitored external attack surface of domains, IPs, certificates, and repositories to identify risks like typosquatting and credential exposure, enhancing overall security posture.
- Conducted Dark Web and OSINT investigations to detect compromised credentials and impersonation, supporting takedown operations.
- Leveraged Digital Shadows, Cybersixgill, and MISP to enrich threat intelligence feeds, providing contextual insights that improved response strategies for SOC teams.
- Built and integrated intelligence-driven workflows and playbooks aligned with NIST 800-61 into SIEM/SOAR platforms to enhance detection and response.
Education
Postgraduate Diploma - Cybersecurity
Dublin Business School
Dublin, Ireland10-2024
B.Tech - Computer Science & Engineering
Sree Vidyanikethan Engineering College
Tirupati, India04-2019
Skills
- MITRE ATT&CK
- Threat Hunting
- Threat Advisory Reports
- CTI Platforms
- OSINT
- Dark Web Monitoring
- Vulnerability Assessment
- Qualys
- Wireshark
- OWASP Top 10
- Red/Blue teaming
- Microsoft Azure Security Center
- Office 365 Security & Compliance
- Cloud Access Security Brokers
- Access management
- Compliance frameworks
- Python
- PowerShell
- SQL
- SIEM
- SOAR
- IDS/IPS
- EDR/XDR
- Incident response
- Log Analysis
- Playbook Development
- Forensic Imaging & Chain of Custody
- Memory & File System Analysis
- Malware analysis
- Evidence handling
- Cryptography
- ServiceNow
- Confluence
- Documentation management
Certification
- Certified SOC Analyst by EC Council
- Google Cybersecurity Certificate
- CompTIA CYSA+ (In Progress)
- TryHackMe SOC Level 1
- MITRE ATT&CK v13 Operationalization Certificate
- IBM Incident Response & Digital Forensics
Projects
- Orchestrated a Python hunting framework that mapped MITRE ATT&CK techniques to Splunk SPL and Azure Sentinel KQL, normalized Sysmon and Windows logs, and auto-enriched loCs via MISP and VirusTotal.
- Authored parsers and anomaly detectors with Python, pandas, regex, and baseline thresholds, which raised detection precision by 35% and cut noise by 20%, enabling analysts to focus on high-fidelity signals.
- Built an Azure Sentinel automation playbook that triggers on high/medium severity alerts, sending alert context (entities, logs, MITRE techniques) to an AI-powered LLM API, which returns a human-readable summary explaining the alert in simple terms for analysts and stakeholders.
- Provisioned a hands-on lab in VirtualBox with Kali, Metasploitable, and OWASP Juice Shop, instrumented with Wireshark and Zeek, enabling repeatable attack-defense exercises for web and network layers.
- Ran recon and exploitation using Nmap, Nessus, Burp Suite, Metasploit, validated findings against OWASP Top 10 and mapped activity to MITRE ATT&CK, which exposed critical auth and input-validation gaps.
- Produced reports with CVSS v3.1 scoring and NIST 800-53 control guidance, created a remediation backlog in Jira, and reduced high-risk findings by -40% after targeted fixes and re-tests.
Timeline
Software Engineer
Wissen Technology
06.2022 - 05.2023
Associate Professional Software Engineer
DXC Technology
05.2020 - 05.2022
Software Engineer
Serveen Software Systems
05.2019 - 05.2020
Postgraduate Diploma - Cybersecurity
Dublin Business School
B.Tech - Computer Science & Engineering
Sree Vidyanikethan Engineering College