Summary
Overview
Work History
Education
Skills
Websites
Certification
Websites And Profiles
Timeline
Hi, I’m

SANDEEP KOTNY

Kakinada
SANDEEP KOTNY

Summary

2+years of extensive experience Highly skilled in various facets of security operations, including risk assessments, regulatory compliance, and conducting thorough security audits. information Security Engineer with hands-on experience in implementing and managing security solutions, including SIEM, SOAR, EDR, and Firewall technologies. Adept at security monitoring, incident response, and the optimization of cybersecurity tools to protect organizational assets.Goal-oriented IT professional with significant success in planning, analysing and implementing of security plans and initiatives. Excels in developing comprehensive, secure network designs and systems. IT Security Specialist with a proven track record in online security research, planning and maintenance. Highly adept at training internal users on cybersecurity procedures and preventative measures.

Overview

2
years of professional experience
2
Certification

Work History

Fluent Grid Limited
Hyderabad

Security Analyst
08.2022 - 08.2024

Job overview

  • Conducted web application, API, and infrastructure security assessments to identify authentication, authorization, and injection vulnerabilities.
  • Performed vulnerability validation using Burp Suite, Splunk ES, Azure Sentinel, and SentinelOne EDR.
  • Triaged security findings and classified true positives and false positives with risk-based prioritization.
  • Analyzed SIEM and EDR alerts to simulate attacker behavior and validate exploitation paths.
  • Performed static and dynamic malware analysis to extract IOCs and assess post-exploitation impact.
  • Investigated phishing attacks, malicious emails, domains, URLs, and IPs using OSINT techniques.
  • Assisted in penetration testing engagements and vulnerability assessments aligned with OWASP Top 10.
  • Created detailed penetration testing reports with PoC, impact assessment, and remediation steps.
  • Collaborated with infrastructure and application teams to validate fixes and retest vulnerabilities.
  • Documented findings and tracked remediation using ServiceNow ticketing system.
  • Penetration Testing - Key Findings
  • Critical authentication bypass due to default credentials on customer portals.
  • Reflected XSS chained with CSRF resulting in account takeover.
  • Stored XSS via file name manipulation.
  • SSRF exploitation enabling internal port scanning.
  • IDOR vulnerabilities allowing unrestricted file downloads.
  • Clear-text storage of authorization tokens in client-side JavaScript.
  • Server misconfiguration enabling unauthorized proxy usage.
  • Missing rate limiting on sensitive application functionality.
  • CSRF affecting add, update, and delete operations.
  • Use of outdated and vulnerable third-party components.
  • Working in Security Operation Centre (24x7), monitoring SOC events, detecting and preventing intrusion attempts Splunk ES / Azure Sentinel & sentinel one EDR, working on monitoring of alerts, analyzing, coordinating with concerned teams with remediation steps and triaging them as True positive and False Positive Monitoring, analyzing, and responding to infrastructure threats and vulnerabilities Collecting the logs of all the network devices and analyzing the logs to find suspicious activities Monitored and analyzed security events using SIEM tools to identify potential threats and anomalies Utilized threat intelligence feeds to enhance the detection capabilities of security tools Created and maintained incident tickets, documenting actions taken during incident response Assisted in vulnerability assessments and penetration testing exercises to identify weaknesses Perform incident monitoring, response, triage and initiate investigations Create and track incidents and request using ticketing tool: (Service Now) Perform Malware Analysis by Static and Dynamic methods to identify the malicious IOCs- indicator of compromise, taking action around IOCs identified Investigate all reported suspicious emails and determine whether the emails are malicious, non-malicious or legitimate and reply to the user who reported the suspicious email with a message reporting the findings and any recommendations Monitoring and performing in-depth analysis of security alerts using the sentinel one platform Investigated and triaged alerts, ensuring timely response and resolution of security incidents Investigate malicious phishing emails, domains and IPs using Open-Source tools and recommend proper blocking based on analysis Continuously monitoring and interpreting threats using the IDS and SIEM tools Performing real-time Monitoring, Analyzing, and Investigating of logs with Reporting, Escalation and resolve of various Incidents/Events/Security Alerts triggered in SIEM tool from multiple log sources Identify and ingest indicators of compromise (IOCs), e.g Malicious IPs/URLs, e.g., into network tools/applications Stay up to date with current vulnerabilities, attacks Conducted analysis of network traffic, logs, and alerts to identify signs of unauthorized activities Collaborated with incident response teams to contain and mitigate security.

Education

Kakinada Institute of Engineering and Technology

M.TECH from COMPUTERS (cybersecurity)

Kakinada Institute of Engineering and Technology

Bachelor of Engineering from Mechanical engineering

Skills

  • SIEM: Splunk
  • EDR: CrowdStrike
  • Cloud services: AWS firewall
  • Azure firewall
  • Shell scripting
  • Burp Suite
  • Wireshark
  • Risk Management
  • Elssentic
  • PowerShell
  • Linux Administration
  • Windows Firewall CI

Certification

  • Certified Ethical Hacker (Practical), EC-Council, ECC1498037265, 2025-11-20, 2026-12-01
  • Ethical Hacking Bootcamp, Edify Educational Services Private Limited, Z9IANU7VBK, https://edifypath.com/course/certverify/Z9IANU7VBK
  • Complete Ethical Hacking Bootcamp, Udemy, UC-ef193580-24cf-4e2b-b29b-fcb8fe2d91bf, http://ude.my/UCef193580-24cf-4e2b-b29b-fcb8fe2d91bf
  • Security Analyst, Emerging India, EIA/DOM/OLT/2021/829
  • Learn Ethical Hacking, Udemy, UC-5f1e35cd-96a5-43bc-9f29-6b227c6997a1, https://www.udemy.com/certificate/UC-5f1e35cd-96a5-43bc-9f29-6b227c6997a1
  • PowerShell Functions Master Class, Udemy, UC-2b4fb56d-88ed-4b8a-a8c5-6b3ca38f195b, https://www.udemy.com/certificate/UC-2b4fb56d-88ed-4b8a-a8c5-6b3ca38f195b/
  • National Association of Software and Service Companies, CN-0797504, https://inspiration-fun-7467.my.salesforcesites.com/learnerCertificateQRPage?id=003Vy00000kA6WKIA0

Websites And Profiles

  • Https://www.linkedin.com/in/sandeep-kotny-857a05397/
  • Https://tryhackme.com/r/p/sandeepkotny
  • Https://academy.hackthebox.com/dashboard
  • Https://github.com/SandeepKotny-soc

Timeline

Security Analyst

Fluent Grid Limited
08.2022 - 08.2024

Kakinada Institute of Engineering and Technology

M.TECH from COMPUTERS (cybersecurity)

Kakinada Institute of Engineering and Technology

Bachelor of Engineering from Mechanical engineering
SANDEEP KOTNY