JYOTHI NAGARAJU

Part of 24/7 monitoring and analysis of security events and alerts to identify potential threats, vulnerabilities, and indicators of compromise. • Utilized SIEM platforms and other security tools to investigate and triage security incidents, ensuring timely response and resolution. • Collaborated with cross-functional teams to customize Splunk searches, alerts, and data models, contributing to the continuous improvement of the security monitoring infrastructure. • Developed and maintained playbooks within Phantom SOAR to automate repetitive tasks, ensuring consistent and standardized incident response procedures. • Real Time Log analysis from different log sources such as Firewalls, IDS/ IPS, Application servers, EDR, and responding to intrusion. • Conducted regular security assessments and vulnerability scanning, identifying and remediating security gaps and weaknesses in the organization's infrastructure. • Investigate TAP and Cloud app alerts. • Perform header analysis on user reported phish mails and O365 reported phish mails and take necessary actions. • Analyze malware/spam/phishing or any other malicious content on user reported emails. • Presented findings and recommendations to senior management, enabling proactive decision making and the implementation of targeted security controls. • Escalates and hands off to team members and leadership based on defined threat and priority determination. • Develop and maintain clear and concise documentation during an event. Prioritize the alert based on the log generated device and its impact. • Create suppression rules on the false positive cases based on legit IOCs. • Utilizing threat intelligence tools to support the daily cyber security operations, and produce intel analysis of threat actors, IOCS, and vulnerabilities. • Keep updates on global threats and vulnerabilities and follow up on the IT remediation action. • Integrated IS027000 principles into the network security framework, ensuring compliance with industry best practices.

Analyses, investigate and respond to security events and incidents from IDS/IPS, SIEM, Firewall, Azure Sentinel, DLP, Malware analysis and forensic tools (MDE, MCAS, O365). • Gathered, analyzed, and interpreted threat intelligence from various sources to identify emerging cyber threats and vulnerabilities. • Aligned security controls with NIST 800-53 and conducted a thorough IS027000 audit trail. • Demonstrated expertise in securing Azure cloud environments and conducted a comprehensive risk assessment. • Produced actionable intelligence reports and briefings, providing insights into the evolving threat landscape, and recommending proactive measures to mitigate risks. • Conducted in-depth incident investigations, analyzing malware samples, network traffic, and system logs to determine the scope and impact of security incidents. • Regulatory work with the Tier 2 Incident Response Team to discuss and potentially escalate critical incidents after initial triage. • Assisted in the design and implementation of security controls, including firewall rules, intrusion detection systems, and endpoint protection solutions. • Participated in incident response activities, providing threat intelligence support to incident responders, and aiding in the attribution and tracking of threat actors. • Provided timely and detailed incident reports to senior management and stakeholders, highlighting key findings, lessons learned, and recommendations for improving the organization's security posture. Ensure software is patched and able to protect from threats. • Documents results of cyber threat analysis and subsequent remediation and recovery in an effective and consistent manner. • Conducted post-incident analysis and provided recommendations for improving security controls and response procedures. • Utilize various Threat intelligence tools to collect latest IOCS and update in SIEM. • Analyze network traffic to determine if security alerts are true positive or false positive and perform research on malware through best practice such as Microsoft Defender for Endpoint (MDE) to track possible root cause. • Investigate Cloud app alerts includes impossible travel, mass file deletion and creation...etc. • Implement Advanced hunting queries in KQL (Kusto query language) in EDR/SIEM (MDE/Azure Sentinel)