Prashanth Ponnala
About Candidate
| • Experienced Security Analyst with a robust 4-year background in SOC operations, specializing in Security Analysis, Incident Response, and Security Monitoring. • Proficient in utilizing SIEM tools such as HP ArcSight, IBM QRadar, DLP, and Device Management, with hands-on expertise in RSA. Adept at recognizing and mitigating email security threats, and analyzing email headers, attachments, and URLs. • Proven track record in creating and managing formal incidents, conducting thorough investigations, and providing root cause analysis. Skilled in differentiating false positives from genuine intrusion attempts, ensuring efficient incident remediation. • Possesses a strong grasp of Windows/Unix Security Logs, IDS/IPS, HIDS, DLP, Cisco ASA, Next Generation Firewalls, Anti-Virus/Malware, and Active Directory Integration. • Collaborative team player with a comprehensive understanding of OSI layers and protocols. Proficient in implementing and managing IDS/IPS, Firewall, VPN, and other security products. • Demonstrated ability to triage various alerts related to Malware or Phishing attempts. Capable of reading and interpreting system data, providing tuning recommendations, and tracking incidents based on suspicious alerts. • Keen on staying ahead of security trends globally, integrating insights into triaging processes. Contributes to the refinement of team processes and procedures, ensuring alignment with industry best practices. • Diligently stays informed about current threats and vulnerabilities, actively participating in the enhancement of the overall security environment. |
Education
Work & Experience
• Real-time monitoring of Network Security devices (IPs, Firewalls, Endpoint Security, Operating systems, Email security) • Intrusion Detection and Prevention • Log review and analysis for detecting cyber intrusions and compromises • Report and Dashboard development in ArcSight & QRadar • Signature-based attack recognition • Vulnerability Assessments on web applications and servers • ArcSight ESM event life cycle understanding • Malware Analysis using AV and other tools • Incident documentation and collaboration with stakeholders • Tuning and filtering recommendations for engineering teams • Data retrieval and analysis for daily, weekly, and monthly reports • Second-level analysis of incidents • Abnormal behaviour and traffic anomaly detection • Incident response activities, including host triage, malware analysis, and end-user interviews • Recognition and prevention of cyber-attacks • Analysis of network traffic and host activity across diverse technologies • Development of advanced queries and alerts for detecting adversary actions • Leadership in response and investigation of advanced/targeted attacks • Simulation of attacker behaviours to identify IT infrastructure gaps • Expert analytic support for large-scale and complex security incidents • Direct experience with core security.
