ASHOK REDDY SANIKOMMU
Incident Response Specialist
Abu Dhabi
Summary
Post Graduated Master of Technology in Cyber Security(UCEK JNTUK) and working as IR Specialist (SIEM/SOAR) in Injazat I possess about 5+ years of total IT related work experience, worked with NII, Genpact, UAE Exchange and played roles like SOC analyst and Information Security Analyst , IR Specialist. Expertise in Azure Sentinel and IBM Qradar SIEM Technologies
Overview
5
5
years of professional experience
3
3
Certifications
Work History
Incident Response Specialist
Injazat
Abu Dhabi
12.2022 - Current
- Managing Azure Log Analytics: Creating workspace, Adding VM for monitoring.
- Configuring Alerts for Log analytics workspace.
- Analyzing security and log data to identify potential threats or weaknesses and handling Service Now incidents.
- Setting up Security policies and Pricing tier for Log Analytics.
- Working with the team for MMA installation in VMs for log monitoring.
- Setup and configuration of Azure Security Center.
- Performing the health check of the servers.
- Fine-tuning the rules in Log Analytics and Sentinel and Adhoc requests for any whitelisting.
- Created MCAS policies and conditional access policies (Session policies).
- In MCAS worked on Sanctioned and Unsanctioned apps. WDATP integration for blocking the unsanctioned Apps.
- Working on Automation Accounts to automate the Reports.
- Created Logic app and Automation account for Email Header Analysis using PowerShell.
- Report alerts and investigate issues identified during monitoring the live traffic.Preparing Daily/weekly/Monthly Reports for clients
- Collaborate with L2 and L3 analysts for incident escalation and resolution.
- Generate compliance reports, security dashboards, and executive summaries to communicate the effectiveness of the SIEM solution and the organization's security posture. Ensure adherence to regulatory requirements and industry best practices.
- Develop and follow incident response processes to promptly address security incidents and breaches. Coordinate with internal teams or external stakeholders to contain and mitigate the impact of incidents. Provide support during forensic investigations and ensure timely closure of incidents.
- Monitor real-time security events and alerts generated by the SIEM system. Conduct in-depth analysis of suspicious activities, anomalies, and potential indicators of compromise (IOCs). Investigate and validate security incidents using log data and other available sources
- Monitor and triage alerts and incidents within the SOAR platform.
- Execute predefined automated response actions for low-level incidents.
Cyber Security Consultant
Genpact
Hyderabad
07.2021 - 11.2022
- Created cybersecurity best practice communications to educate staff against known threats and potential vectors of attack.
- Developed and maintained incident response protocols to mitigate damage and liability during security breaches.
- Authored security incident reports, highlighting breaches, vulnerabilities and remedial measures.
- Monitored computer virus reports to determine when to update virus protection systems.
- Investigated and resolved incidents of unauthorized access to sensitive information.
- Reviewed violations of computer security procedures and developed mitigation plans.
- Conducted security audits to identify vulnerabilities.
- Analyzed network traffic and system logs to detect malicious activities.
- Monitor security logs and alerts from various sources, including intrusion detection systems, Endpoint Detection and Response (EDR) systems, and security information and event management (SIEM) tools.
- Investigate and analyze security incidents, identify root cause, and develop appropriate mitigation strategies.
- Execute security response actions, including full remote remediation of endpoints.
- Perform threat hunting and proactive analysis to identify potential security risks and vulnerabilities.
- Collaborate with cross-functional teams, including product, engineering, and support, to resolve customer incidents or issues.
- Mentor and provide guidance to junior security analysts, sharing knowledge and best practices.
- Conduct health checks and architecture reviews, providing technical expertise and real-life experience in creating solutions, designs, and recommendations.
Network Intelligence, Cyber Security Analyst
City Online Service Pvt Ltd
09.2019 - 07.2021
- QRadar SIEM:
- Monitoring and daily reporting of network/internet security using QRadar
- Responsible for IBM QRadar SIEM monitoring and configuration aligned to internal PCI and SOX controls
- Aggregate, correlate, and analyze log data from network devices, security devices and other key assets using QRadar
- Creating custom views, reporting and automated alerting for both operational and security use using QRadar
- Managing the day-to-day log collection activities of source devices that send log data to SIEM IBM QRadar
- Designing and implementing enterprise SIEM systems - centralized logging, NIDS, alerting and monitoring, compliance reporting based on IBM/QRadar SIEM
- Performing dashboard customization and all other QRadar Tabs Dashboards, Log Activity, Network Activity, Assets, etc
- Classifying Incident, assigning impact, urgency and priority good knowledge on Creating and Configuring different types of custom contents like rules/algorithms, reports, dashboards in SIEM
- Utilizing QRadar as Cyber Security Analyst to secure organization Network and vulnerability management
- Developing plans to safeguard files against unauthorized modification, disclosure, and destruction, implementing and upgrading anti-virus and malware protection systems, encrypting data transmissions and erecting firewalls to conceal confidential information
- Implementing password authentication to keep away unauthorized users from assessing sensitive data, performing risk assessments, and tests on running data processing activities and security measures
- Preparing post incident review documents and attending problem management review meetings to ensure determination of root cause, preparing accurate, appropriate and timely communication to internal and external stakeholders
- Performing initial investigation on alerts and offenses created by QRadar Analyses log for attack patterns & security incidents
- Coordinating and developing event detection and incident management plans with MDR partner
- Documenting all actions, decisions, and outcomes throughout the duration of a cyber security incident and responsible for tracking and reporting on information security vulnerabilities and risks
- Performing Red Team exercises, business impact and risk analysis
- EDR:
- Managing Endpoint Detection and Response (EDR) with Carbon Black Defense/Protect/Response, Crowd strike
- Overhauling enterprise security by adding more security tool to environment like Carbon Black EDR, Crowd strike & Windows Defender ATP
- Carrying out problem management to identify root causes of repeating incidents, preparing major incident reports and liaising with Problem Management post major incident to investigate the root cause analysis
- Creating rules for data theft and leakage by auditing and controlling the transfer of sensitive data to attached storage devices on Windows and Mac computers
- Using CrowdStrike to analyze processes on computers to hunt for malicious processes through advanced queries
- Monitoring threats using advanced threat indicators, CrowdStrike events, file details, and alerts
- O365 Security and Compliance:
- Reviewing, configuring and monitoring O365 Security & Compliance center
- Performing a discovery of environment and designing a technical on boarding process for Azure/O365 tenants
- Designing & developing cloud-specific security policies, standards, & procedures like O365 Tenant Management and configuration, identity management & access control, firewall management, auditing & monitoring, security incident and event management
- Monitoring all components like Dashboard, Alerts, Data Privacy, Mail flow and Compliance
- Safeguarding sensitive data of the business, creating new methods to infiltrate database and information, troubleshooting security and network problems, testing and identifying network and system vulnerabilities, and responding to all system and network security breaches
- Defining & validating the solution’s technical and functional aspects as per business needs & standards
- Reviewing existing Infrastructure elements such as Active Directory, Azure AD, Office 365, Azure Cloud and providing detailed action plan for improvement
NOC Analyst
City Online service
Kakinada
05.2015 - 08.2016
- Monitored network hardware operations to evaluate proper configuration.
- Improved overall user experience through support, training, troubleshooting, improvements and communication of system changes.
- Documented support procedures, processes and solutions in centralized systems, enabling user self-service.
- Provided faculty and staff with security software and network configuration support.
- Designed and evaluated WAN and LAN connectivity technologies.
- Investigated and corrected problems with printers, copiers and other peripheral devices.
- Performed network security design and integration duties.
Education
Master of Science - Cyber Security
Jawaharlal Nehru Technological University
INDIA 07.2016 - 08.2018
Bachelor of Science - Computer Science
JNTU Kakinada
INDIA 07.2012 - 05.2015
High School Diploma -
SBTET
INDIA 07.2009 - 05.2012
Skills
SIEM Toolsundefined
Additional Information
- ACCOMPLISHMENTS , Achieved the STAR OF THE LEARNERS GROUP award in Genpact training. Achieved the STAR TEAM award in Genpact for the outstanding contribution to the Driscolls Project. Received appreciation from the product owner for the dedication towards Identifying Zero Day attacks of a critical Server in the Driscoll’s project
- Splunk Fundamentals 1 - 2021
- Qualys certified specialists on Vulnerability Management - 2020
- Nse1 Network Security Associate - 2020
- Nse2 Network Security Associate - 2020
- Demisto Fundamentals: Introduction to Next Generation Soc - 2019
- Cortex Xsoar: Threat Intel Management Training – 2019
Certification
AZ-500 -Microsoft Certified: Azure Security Engineer Associate
Timeline
MS-500 - Microsoft 365 Certified: Security Administrator Associate
05-2023
SC-200- Microsoft Certified: Security Operations Analyst Associate
02-2023
Incident Response Specialist
Injazat
12.2022 - Current
AZ-500 -Microsoft Certified: Azure Security Engineer Associate
12-2022
Cyber Security Consultant
Genpact
07.2021 - 11.2022
Network Intelligence, Cyber Security Analyst
City Online Service Pvt Ltd
09.2019 - 07.2021
Master of Science - Cyber Security
Jawaharlal Nehru Technological University
07.2016 - 08.2018
NOC Analyst
City Online service
05.2015 - 08.2016
Bachelor of Science - Computer Science
JNTU Kakinada
07.2012 - 05.2015
High School Diploma -
SBTET
07.2009 - 05.2012
Similar Profiles
Abey VargheseAbey Varghese
IT Technical Support at Injazat Information System LLCIT Technical Support at Injazat Information System LLC
Seshagiri Rao PSeshagiri Rao P
Practice Lead – Supply Chain and Manufacturing at Injazat/Core42Practice Lead – Supply Chain and Manufacturing at Injazat/Core42
Rajesh RajanRajesh Rajan
Associate Director - Digital Solutions at CORE42/INJAZAT DATA SYSTEMSAssociate Director - Digital Solutions at CORE42/INJAZAT DATA SYSTEMS
ASHETHA PETERASHETHA PETER
HCC Medical Coder at ChampionsHCC Medical Coder at Champions
Muhammad Tahir BegMuhammad Tahir Beg
TEAM LEADER / MARINE OPERATIONS (Tankers) at ADNOC Logistics and ServicesTEAM LEADER / MARINE OPERATIONS (Tankers) at ADNOC Logistics and Services