Tejesh Reddy BVK

• Implemented cyber-security strategy to align with the goals of the business.
• Led MSS team operations as the first point of contact for security incidents.
• Coordinated the activities of triage, containment, eradication, and recovery as Incident Commander.
• Led end-to-end implementation of Acalvio deception technology, which requires a deep understanding of the organisational network, including where to place sensors and configuring trunks.Coordinated with engineers, contractors, and clients to facilitate smooth project progression.
• Deploying strategic breadcrumbs and baits (decoys) to safeguard the crown jewels of the organisation.
• Performing SIEM, IAM, DLP, and EDR admin activities and creating use cases for identifying abnormal activities in the network.
• Deep understanding of payment gateway networks and monitoring all API endpoints in SIEM.
• Prepared detailed reports on Root Cause Analysis, outlining corrective and preventive measures.
• Performed thorough risk analyses, and developed corresponding risk mitigation strategies.
• Improved the performance of the team through the mentoring of junior, mid-level, and senior security engineers.
• Developed specific technical storytelling and solution design vectors for Amex executives.
• Led conceptual proofs for security tools to enhance operational positions.
• Introduced Acalvio deception technology integration with EDR/XDR solutions and SIEM systems to improve threat detection capabilities in the early stages of attack detection in enterprises and government sectors.
• LogRhythm SIEM management for logging, correlation rules, dashboarding, SmartResponse, Incident Investigation, and Compliance Reporting.
• Made sure that the response to incidents and MSS services is compliant with regulations such as ISO 27001, PCI DSS, SAMA, NCA, and ECC.

• Good Understanding of Splunk ,Sentinel components and architecture.
• Administering Splunk, Sentinel and Splunk Apps/Logic apps to include developing new or extending existing Apps to perform specialized functionality
• Design and architect Azure Sentinel environments tailored to meet specific organizational security requirements.
• 2 years linux experience with troubleshooting Qradar files and Splunk configurations.
• Proficient in handling Sentinel, Qradar and Splunk system troubleshooting.
• Collaborate with security analysts, engineers, and other stakeholders to gather requirements and translate them into effective Sentinel configurations.
• Implement and configure Azure Sentinel workspaces, data connectors, analytics rules, and playbooks to enable comprehensive security monitoring and threat detection.
• Ownership and contribution to RFP/RFI processes to ensure that responses are accurate and competitive, and in keeping with customer needs and regional regulations.
• Present engaging technical stories, solution designs, and executivebriefings aligned with client interests and scenarios,with extensive knowledge in cybersecurity, EDR/XDR, SIEM, observability, and security architectures.
• Develop custom detection queries, alerts, and automation scripts to enhance Sentinel’s capabilities and address unique security challenges.
• Integrate Azure Sentinel with other Microsoft security solutions, third-party tools, and data sources to enrich security telemetry and streamline incident response workflows.
• Provide technical guidance and support to security operations teams for troubleshooting, fine-tuning, and optimizing Sentinel deployments.
• Stay current with emerging threats, security trends, and Azure Sentinel updates to continuously improve security posture and resilience.
• Document architecture designs, configurations, and best practices for Azure Sentinel deployments.
• Conduct training sessions and knowledge transfer sessions for internal teams to increase proficiency with Azure Sentinel usage and administration.
• Participate in security assessments, audits, and compliance activities to ensure Azure Sentinel environments meet regulatory requirements and industry standards
• Implementing and administering Splunk,Sentinel and Manage Users accounts
• Building and maintain Splunk components (indexer, forwarder, search head and cluster environment) and installing AMA,configuring data connectors.
• Ensure data stored in Spunk indices can be read by external data movement tools such as Cribl
• Integration with Guidewire and other platforms, external data inputs and Splunk best practices (apps, add-ons, searches, etc.)
• Troubleshooting Splunk,Sentinel performance issues / Opening support cases with Splunk amd microsoft support.
• Understanding of System Log Files and other structured and non-structured data
• Troubleshoot log feeds, field extractions, search time, Data model, indexing etc
• Provide Granular, Role-based Security, restrict access to sensitive logs/data
• Understanding with virtualization technologies (Hypervisor, VMware, etc.)
• Experience with Linux and Windows agents for Splunk administration with a solid understanding of the Splunk system
• Setting up syslog server/Splunk Forwarding for new application tiers introduced into the environment ,DCR in Sentinel and Sentinel one
• Represented organisation in industry networking events and professional associations to develop client relationships and industry presence.
• Wrote new manuals, definitions and SOPs guiding individual job titles on expectations and processes.
• Compiled information about current workflows, job descriptions and structures to inform decision-making about potential improvements.

Threat hunting and Threat Intelligence:

• Strong understanding of network protocols, traffic analysis techniques, and network forensics tools
• IOC based hunting and creating hypothesis.
• 1.5 years of experience on bash scripting.
• Thorough understanding of Windows OS and Linux internals.
• Knowledge on Powershell, Python and VBScript.
• Experience with threat modeling or other risk identification techniques.
• Hands-on experience in log analysis, threat detection, and response coordination
• Proficient in network traffic analysis and security log correlation.
• Background in monitoring and analyzing dark web forums

• Working with multiple clients on Shared Platform with Real time threat management using
• SIEM and solutions
• Complete understanding on Architecture of IBM QRadar and Other Security Tools like
• Radware, TrendMicro DSM, Arbor, Darktrace (Cyber AI) and TrapX (Deception
• Technology Grid)
• Real Time Log analysis from different network devices such as Firewalls, IDS, IPS
• Operating Systems like Windows, UNIX, Proxy Servers, Windows Servers, System
• Application and Networking Devices
• Good experience on analyzing alerts and events generated by Network Security, Web and
• Email Gate Way Security, Endpoint Security Tools, IDS/IPS, firewall, Vulnerability management and identifying the true positives and false positives
• Good experience on doing basic and advanced analysis on security events like phishing email attacks, malware attacks, Sandbox testing to understand the static & dynamic behavior of the malware and providing defensive methods to overcome them in future
• Performing administrative tasks like creation of correlation rules, creating dashboards, Log source integration, troubleshooting, Creating Custom DSM, Event Mapping and Writing custom Parsers in SIEM tool
• Strong understanding of Security Operations Center (SOC) and Incident Response practices and methodologies
• Analyzing and creating the documenting root cause for critical security incidents
• Communicating with the client through emails, calls and meeting their requirements
• Preparation of daily shift reports to the clients
• Ensuring anti-fraud protection by responding to user's emails and by organizing phishing campaigns
• Have worked for finance-based clients and provided them support in security which is of high confidentiality.
• Promoted safe working environment by implementing regulatory standards, policies and guidelines.
• Trained and mentored employees to maximise team performance.
• Identified issues, analysed information and provided solutions to problems.

• SIEM- QRadar
• Responsible for log & event analysis, incident investigation, reporting
• Responsible for Integration of OS logs from windows and Unix flavored (RHEL/HPUnix/CentOS)
• Integrating new Devices with SIEM (IBM QRadar) along with Database to collect real time logs
• Troubleshooting log source devices for any issues on log collection
• Case study and Implementation of basic correlation rules
• Creation of reports, dashboards and rules fine tuning
• Determine the scope of security incident and its potential impact to Client network, assessment of risk; recommend steps to handle the security incident with all information and help them to mitigate the risks and threats
• Messaging Gateway TrendMicro IMSVA -
• Monitoring and sending alerts of inbound the threats detected by DDI and escalating to the respective team
• Checking email sender's reputation and accordingly set bad and good sender list to restrict the access
• Anti-DDOS - Radware DefensePro
• Monitoring the Radware and analyzing threats
• Blacklisting and Whitelisting IP's on Radware based on business requirement
• Analyzing the Weekly/Monthly Reports
• Anti-APT - Trend Micro DDI, DDA
• Monitoring and sending alerts of inbound the threats detected by DDI and escalating to the respective team
• Detecting the C&C Communications and Lateral movements
• Incident Management
• Raised incidents or service requests through HP Service Manager and get it closed by follow ups with respective teams.
• Analysed system risk to identify and implement appropriate security countermeasures.
• Designed, implemented and maintained security systems and controls.

• Review current IT systems, such as network, software and hardware features for any errors or issues
• Collaborate with employees and department heads to determine which system requirements are necessary to remain efficient
• Build new systems that address and fix any issues shown in the current systems
• Create analysis reports that represent the cost-benefit of any proposed upgrades
• Assist the IT team in implementing any new system that was recently drawn up and approved
• Test and troubleshoot any recently implemented plans to ensure they're operating efficiently
• Instruct other employees on how to use these new systems through training programs and documents
• Submit and implement all systems under strict deadlines and budget restrictions
• Gather and analyze system requirements
• Design and document systems
• Facilitate communication between stakeholders
• Ensure system quality and performance
• Support system implementation and integration

• Identified and resolved issues related to hardware, software, and applications to keep the system stable.
• Solved network problems that resulted in fixing the internet connection.
  Finished set up tasks for companies such as setting up PCs, telephones, and printers.
• Successfully addressed technology problems through phone assistance, remote assistance software, and onsite help.
• Installed and set up computer systems and applications for smooth technology integration for clients.
• Finished installation projects on schedule with superior quality.
• Identified and corrected software problems. Handled debugging and software package reinstallation.
• Maintained computers and peripherals on a regular basis to extend the life span.
  Analyzed and comprehended technical information supplied to carry out a repair.
• Optimised customers' hard drives to improve performance and capacity.
  Organized the inventory of IT equipment, accessories, and software, tracking assets and demands.