Summary
Overview
Work History
Education
Skills
Additional Information
Certification
Timeline
Generic
ASHOK REDDY SANIKOMMU

ASHOK REDDY SANIKOMMU

Incident Response Specialist
Abu Dhabi

Summary

Experienced CSIRT Specialist with over 9 years of IT-related work experience, specializing in cyber security within Core42. Successfuly navigated roles as a SOC Analyst, Information Security Analyst, and IR Specialist at reputable organizations such as NII, Genpact, and UAE Exchange. Proficient in DF Security and SOC technologies such as Azure Sentinel and IBM QRADAR, demonstrating a strong foundation in threat detection and incident response strategies.

Overview

9
9
years of professional experience
4
4
Certificates

Work History

Incident Response Specialist

Injazat
Abu Dhabi
12.2022 - Current
  • Managing Azure Log Analytics: Creating workspace, Adding VM for monitoring.
  • Configuring Alerts for Log analytics workspace.
  • Analyzing security and log data to identify potential threats or weaknesses and handling Service Now incidents.
  • Setting up Security policies and Pricing tier for Log Analytics.
  • Working with the team for MMA installation in VMs for log monitoring.
  • Setup and configuration of Azure Security Center.
  • Performing the health check of the servers.
  • Fine-tuning the rules in Log Analytics and Sentinel and Adhoc requests for any whitelisting.
  • Created MCAS policies and conditional access policies (Session policies).
  • In MCAS worked on Sanctioned and Unsanctioned apps. WDATP integration for blocking the unsanctioned Apps.
  • Working on Automation Accounts to automate the Reports.
  • Created Logic app and Automation account for Email Header Analysis using PowerShell.
  • Report alerts and investigate issues identified during monitoring the live traffic.Preparing Daily/weekly/Monthly Reports for clients
  • Collaborate with L2 and L3 analysts for incident escalation and resolution.
  • Generate compliance reports, security dashboards, and executive summaries to communicate the effectiveness of the SIEM solution and the organization's security posture. Ensure adherence to regulatory requirements and industry best practices.
  • Develop and follow incident response processes to promptly address security incidents and breaches. Coordinate with internal teams or external stakeholders to contain and mitigate the impact of incidents. Provide support during forensic investigations and ensure timely closure of incidents.
  • Monitor real-time security events and alerts generated by the SIEM system. Conduct in-depth analysis of suspicious activities, anomalies, and potential indicators of compromise (IOCs). Investigate and validate security incidents using log data and other available sources
  • Monitor and triage alerts and incidents within the SOAR platform.
  • Execute predefined automated response actions for low-level incidents.

Cyber Security Consultant

Genpact
Hyderabad
07.2021 - 11.2022
  • Created cybersecurity best practice communications to educate staff against known threats and potential vectors of attack.
  • Developed and maintained incident response protocols to mitigate damage and liability during security breaches.
  • Authored security incident reports, highlighting breaches, vulnerabilities and remedial measures.
  • Monitored computer virus reports to determine when to update virus protection systems.
  • Investigated and resolved incidents of unauthorized access to sensitive information.
  • Reviewed violations of computer security procedures and developed mitigation plans.
  • Conducted security audits to identify vulnerabilities.
  • Analyzed network traffic and system logs to detect malicious activities.
  • Monitor security logs and alerts from various sources, including intrusion detection systems, Endpoint Detection and Response (EDR) systems, and security information and event management (SIEM) tools.
  • Investigate and analyze security incidents, identify root cause, and develop appropriate mitigation strategies.
  • Execute security response actions, including full remote remediation of endpoints.
  • Perform threat hunting and proactive analysis to identify potential security risks and vulnerabilities.
  • Collaborate with cross-functional teams, including product, engineering, and support, to resolve customer incidents or issues.
  • Mentor and provide guidance to junior security analysts, sharing knowledge and best practices.
  • Conduct health checks and architecture reviews, providing technical expertise and real-life experience in creating solutions, designs, and recommendations.

Cyber Security Analyst

Network intelligence India
09.2018 - 07.2021
  • QRadar SIEM:
  • Monitoring and daily reporting of network/internet security using QRadar
  • Responsible for IBM QRadar SIEM monitoring and configuration aligned to internal PCI and SOX controls
  • Aggregate, correlate, and analyze log data from network devices, security devices and other key assets using QRadar
  • Creating custom views, reporting and automated alerting for both operational and security use using QRadar
  • Managing the day-to-day log collection activities of source devices that send log data to SIEM IBM QRadar
  • Designing and implementing enterprise SIEM systems - centralized logging, NIDS, alerting and monitoring, compliance reporting based on IBM/QRadar SIEM
  • Performing dashboard customization and all other QRadar Tabs Dashboards, Log Activity, Network Activity, Assets, etc
  • Classifying Incident, assigning impact, urgency and priority good knowledge on Creating and Configuring different types of custom contents like rules/algorithms, reports, dashboards in SIEM
  • Utilizing QRadar as Cyber Security Analyst to secure organization Network and vulnerability management
  • Developing plans to safeguard files against unauthorized modification, disclosure, and destruction, implementing and upgrading anti-virus and malware protection systems, encrypting data transmissions and erecting firewalls to conceal confidential information
  • Implementing password authentication to keep away unauthorized users from assessing sensitive data, performing risk assessments, and tests on running data processing activities and security measures
  • Preparing post incident review documents and attending problem management review meetings to ensure determination of root cause, preparing accurate, appropriate and timely communication to internal and external stakeholders
  • Performing initial investigation on alerts and offenses created by QRadar Analyses log for attack patterns & security incidents
  • Coordinating and developing event detection and incident management plans with MDR partner
  • Documenting all actions, decisions, and outcomes throughout the duration of a cyber security incident and responsible for tracking and reporting on information security vulnerabilities and risks
  • Performing Red Team exercises, business impact and risk analysis
  • EDR:
  • Managing Endpoint Detection and Response (EDR) with Carbon Black Defense/Protect/Response, Crowd strike
  • Overhauling enterprise security by adding more security tool to environment like Carbon Black EDR, Crowd strike & Windows Defender ATP
  • Carrying out problem management to identify root causes of repeating incidents, preparing major incident reports and liaising with Problem Management post major incident to investigate the root cause analysis
  • Creating rules for data theft and leakage by auditing and controlling the transfer of sensitive data to attached storage devices on Windows and Mac computers
  • Using CrowdStrike to analyze processes on computers to hunt for malicious processes through advanced queries
  • Monitoring threats using advanced threat indicators, CrowdStrike events, file details, and alerts
  • O365 Security and Compliance:
  • Reviewing, configuring and monitoring O365 Security & Compliance center
  • Performing a discovery of environment and designing a technical on boarding process for Azure/O365 tenants
  • Designing & developing cloud-specific security policies, standards, & procedures like O365 Tenant Management and configuration, identity management & access control, firewall management, auditing & monitoring, security incident and event management
  • Monitoring all components like Dashboard, Alerts, Data Privacy, Mail flow and Compliance
  • Safeguarding sensitive data of the business, creating new methods to infiltrate database and information, troubleshooting security and network problems, testing and identifying network and system vulnerabilities, and responding to all system and network security breaches
  • Defining & validating the solution’s technical and functional aspects as per business needs & standards
  • Reviewing existing Infrastructure elements such as Active Directory, Azure AD, Office 365, Azure Cloud and providing detailed action plan for improvement

NOC Analyst

City Online service
Kakinada
05.2015 - 08.2016
  • Monitored network hardware operations to evaluate proper configuration.
  • Improved overall user experience through support, training, troubleshooting, improvements and communication of system changes.
  • Documented support procedures, processes and solutions in centralized systems, enabling user self-service.
  • Provided faculty and staff with security software and network configuration support.
  • Designed and evaluated WAN and LAN connectivity technologies.
  • Investigated and corrected problems with printers, copiers and other peripheral devices.
  • Performed network security design and integration duties.

Education

Master of Science - Cyber Security

Jawaharlal Nehru Technological University
INDIA
07.2016 - 08.2018

Bachelor of Science - Computer Science

JNTU Kakinada
INDIA
07.2012 - 05.2015

High School Diploma -

SBTET
INDIA
07.2009 - 05.2012

Skills

SIEM Tools

Additional Information

  • ACCOMPLISHMENTS , Achieved the STAR OF THE LEARNERS GROUP award in Genpact training. Achieved the STAR TEAM award in Genpact for the outstanding contribution to the Driscolls Project. Received appreciation from the product owner for the dedication towards Identifying Zero Day attacks of a critical Server in the Driscoll’s project
  • Splunk Fundamentals 1 - 2021
  • Qualys certified specialists on Vulnerability Management - 2020
  • Nse1 Network Security Associate - 2020
  • Nse2 Network Security Associate - 2020
  • Demisto Fundamentals: Introduction to Next Generation Soc - 2019
  • Cortex Xsoar: Threat Intel Management Training – 2019

Certification

AZ-500 -Microsoft Certified: Azure Security Engineer Associate

Timeline

CISM- certified information security manager

07-2025

MS-500 - Microsoft 365 Certified: Security Administrator Associate

05-2023

SC-200- Microsoft Certified: Security Operations Analyst Associate

02-2023

AZ-500 -Microsoft Certified: Azure Security Engineer Associate

12-2022

Incident Response Specialist

Injazat
12.2022 - Current

Cyber Security Consultant

Genpact
07.2021 - 11.2022

Cyber Security Analyst

Network intelligence India
09.2018 - 07.2021

Master of Science - Cyber Security

Jawaharlal Nehru Technological University
07.2016 - 08.2018

NOC Analyst

City Online service
05.2015 - 08.2016

Bachelor of Science - Computer Science

JNTU Kakinada
07.2012 - 05.2015

High School Diploma -

SBTET
07.2009 - 05.2012

Similar Profiles

CREATE PROFILE
ASHOK REDDY SANIKOMMU Incident Response Specialist