Sathya Manikanta Gidugu

• Security Monitoring & Alert Response (SOAR): Utilize Splunk Phantom (SOAR) for real-time security monitoring, promptly acknowledging and addressing alerts within a 15-minute SLA. Monitored and responded to alerts from phishing, malware, data exfiltration, and cloud sources, including AWS Guard Duty.
• Incident Case Management(Endpoint): Managed and triaged high-severity incidents, ensuring effective case handling from acknowledgment to resolution. Conducted initial acknowledgment, gathered critical incident details, and assessed impact to prioritize response efforts. Collaborated with relevant teams to escalate cases as needed.
• Phishing Email Analysis: Analyzed phishing incidents reported via Gmail and G Suite using Splunk Phantom and internal tools to detect and mitigate malicious links and attachments.
• Malware Detection: Investigated alerts from EDR tools (e.g., CrowdStrike, Sentinel One, Azure microsoft defender) to identify and respond to malware infections, assessing indicators of compromise (IoCs) and performing threat containment.
• Data Exfiltration Monitoring: Handled suspicious data exfiltration alerts, leveraging SIEM logs and DLP tools to verify unauthorized data access, identify potential insider threats, and mitigate risks.
• Cloud and Platform Security: Monitored AWS GuardDuty, GCP, and platform-specific detection alerts (SSH, AWS, GCP, and Linux commands) to ensure robust security across both cloud and on-premises environments. We manage AWS and GCP alerts, tracking user activities across these cloud platforms.
• Data Analysis & Query Development (Query_builder): Built advanced queries for incident analysis using Query Builder and Michelangelo, extracting and interpreting data to support in-depth investigations.
• Ticketing & SOP Development (Jira and Confluence ticket management): Created Jira tickets for issues uncovered during investigations and collaborated with relevant teams for resolution. Developed SOPs for new alert types, standardizing response procedures and improving operational efficiency.
• Proactive Threat Hunting (Threat_hunt): Conducted pre-hunting and threat hunting based on application vulnerabilities, strengthening defenses by identifying potential threats before they materialize.
• Incident Response & Resolution(IC_management): Actively participated in critical incident handling to develop mitigation skills. Ensured all tickets were resolved within SLA, balancing timely response with quality investigation.
• Bug Bounty Management: Collaborated on bug bounty cases, working closely with teams to address and resolve vulnerabilities reported by external researchers.

Automation Project Work:

• Playbook Development in SOAR (Splunk Phantom): Developed and optimized automated playbooks to streamline incident response workflows, reducing manual intervention and improving response times.
• Automation Design: Designed playbooks to automate repetitive tasks such as alert triaging, phishing analysis, malware investigation, and data enrichment, using Phantom’s orchestration capabilities to gather and analyze information across multiple security tools.
  Error Handling & Debugging: Implemented robust error-handling mechanisms within playbooks to ensure smooth execution. Actively debugged issues in playbook logic, addressing integration challenges and workflow bottlenecks to maintain reliability..
  Improving SLA Compliance: Leveraged automation to acknowledge and investigate alerts within SLA limits, enhancing consistency in response times across high-volume cases.
  Testing & Continuous Improvement: Conducted thorough testing of playbooks in various scenarios, refining logic based on incident patterns and feedback to enhance performance and scalability.
  Cross-Tool Integrations: Integrated Phantom with various security tools (e.g., CrowdStrike, AWS GuardDuty, Gmail, and SIEM platforms) to build end-to-end automated workflows that increase incident detection and response accuracy.
  

• Monitored security alerts using IBM QRadar SIEM tool to ensure active threat detection and response.
• Developed active channels, correlation rules, reports, and dashboards in IBM QRadar for real-time monitoring of alerts.
• Identified and analyzed security threats and investigated reported anomalies.
• Created detailed templates for newly detected alert signatures to facilitate client reporting.
• Managed incident response within SLA requirements to maintain timely handling and resolution.
• Fine-tuned SIEM event rules to minimize false positives and enhance alert accuracy.
• Conducted daily health checks to maintain SIEM tool functionality.
• Developed SOPs for new SOC procedures to streamline operations.
• Prepared and delivered weekly and monthly reports as per client specifications.