Uma Devi M

IAM and PAM:

• Configured and managed Conditional Access policies within Microsoft Entra, ensuring secure access to applications based on real-time risk assessments and user conditions.
• Implementation of OAuth/OpenID and SAML SSO applications, as per the feasibility and requirements.
• Implemented a Zero Trust security model using Microsoft Entra IAM, ensuring that all users and devices are continuously verified before accessing organizational resources, minimizing security risks.
• Implemented different types of authentications in the tenant as per the requirements, and configured authentication strength.
• Integrated and configured Microsoft Entra Connect Sync to synchronize identity data between the on-premises environment and Microsoft Entra ID.
• Installed and configured Cyber-Ark PAM components (Vault, CPM, PVWA, PSM, and Private-Ark Client) on client servers.
• Owned complete responsibility for building the CyberArk environment in production and development environments.
• Involved in LDAP integration and adding users with their privileges using AD mapping.
• Involved in version upgrade and disaster recovery activity.
• Set up privileged password management policies for CPM components.
• Created safes, policies, and provided proper authorizations as per process during onboarding.
• Configured session recording and live monitoring on Privileged Session Manager.
• Configured dual-control workflow approvals for the integrated accounts, which need approval as per the client requirements.
• Audited accounts and users' activities using PSM and Cyber-Ark reports.
• Managed the Vault server and other PAS component servers by monitoring their services and preparing a daily health checklist.
• I worked on user station suspension issues while logging into PVWA.
• Worked on onboarding and offboarding of privileged accounts.
• Conduct regular vulnerability scans using Tenable Nessus to identify, assess, and document vulnerabilities across on-premises servers and endpoints.

Vulnerability Management and Threat Analysis:

• Implement custom scanning policies and schedules for network, web application, and cloud environments to ensure comprehensive coverage and up-to-date scanning.
• Leverage Tenable’s CVSS scoring system to prioritize vulnerabilities based on severity, exploitability, and business risk.
• Perform continuous asset discovery to ensure that new assets are added and scanned regularly for vulnerabilities.
• Configured scanning profiles, including custom exclusions and targets, for network devices, endpoints, and cloud infrastructure.
• Analyzed scan results and correlated findings with threat intelligence to provide actionable insights on vulnerabilities and their exploitation risks.
• Managed vulnerability remediation by working with system owners to deploy patches and configurations, ensuring a timely response to critical vulnerabilities.
• Generated comprehensive vulnerability reports for senior leadership, and provided recommendations for improving the organization’s security posture.
• Conduct an in-depth analysis of cyber threats to identify and track advanced persistent threats (APTs) and other threat actors targeting the organization.
• Utilized the MITRE ATT&CK framework to map adversary tactics, techniques, and procedures (TTPs) to aid in defensive strategy development.
• Leveraged a variety of threat intelligence platforms (e.g., ThreatConnect, MISP) to collect, analyze, and share actionable threat intelligence across internal teams.
• Collaborated with incident response teams to identify, analyze, and respond to security incidents and data breaches, using threat intelligence to support effective containment and remediation.
• Developed and maintained comprehensive threat intelligence reports, including indicators of compromise (IOCs), tactics, and detailed assessments of new and emerging threats.
• Provided leadership in threat intelligence operations, and served as a liaison with third-party vendors and external information-sharing partners to enhance threat knowledge.
• Created and maintained OSINT (Open-Source Intelligence) feeds to identify new vulnerabilities and threat actors targeting the organization.

SOC:

• Assess the severity and urgency of security alerts and incidents.
• Initial triage and analysis, with observations and recommendations for the alerts.
• Perform a detailed investigation of high-priority alerts (e.g., malware activity, lateral movement, or data exfiltration) to determine their impact on the organization.
• Fine-tuned QRadar's correlation rules to ensure the detection of advanced threats, with a minimal number of false positives.
• Developed and ran custom searches and queries to investigate suspicious activity, and refine alerting.
• Investigate offenses generated by QRadar, correlate relevant data, and take the necessary actions.
• Analyze flow data in QRadar to identify network traffic anomalies that could indicate a security threat.
• Configure and manage log sources to ensure the accuracy of log collection and processing in QRadar.
• Design, modify, and optimize correlation rules in QRadar or ArcSight to detect emerging threats based on security trends, threat intelligence, and attack vectors.
• Create and maintain custom use cases to address specific organizational needs, and to ensure thorough monitoring.
• Ran SOC advisory for the latest threats and vulnerabilities across the patch, with the latest patch and recommendations.