ROHITH KUMAR GURRAM

• Played a crucial role in monitoring and analyzing network traffic, logs, and alerts using various security information and event management (SIEM) tools such as QRadar, ArcSight, having k knowledge in Splunk. • Managed intrusion prevention systems (IPS) and intrusion detection systems (IDS) to detect and prevent unauthorized access, vulnerabilities, and anomalies in the network. • Performed in-depth threat hunting on true positive alerts to identify, investigate, and conduct root cause analysis of anomalous activities and potential security breaches. • Familiarity with security frameworks such as NIST, CIS, MITRE ATT&CK and ISO. • Possessed knowledge of web application security vulnerabilities, including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, and API attacks. • Administered and fine-tuned web application firewalls (WAF) to protect web applications from OWASP Top Ten threats and other malicious activities. • Integrate Vulnerability scanner to QRadar to populate vulnerability information to associate internal assets. • Report common and repeat problems, observed via trend analysis, to SOC management and propose process and techniques. • Oversee the daily operation in a SOC and responsible to find scope basic analysis and managing Tier1 & 2 Security analyst. • Develop SOPs and train employees on application/tools used in daily SOC operations. • Configure Network Hierarchy and Back up Retention configuration in QRadar SIEM. Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers, and malware analysis tools. • Performed Monthly and quarterly Scans using Symantec DLP and done the escalation. • Maintain QRadar components like Console, Event Processors, Flow processors, Event Collectors, Flow collectors to Coach Environment for Log collection and monitoring. • Involved in Security Operation, Vulnerability and Risk Assessment, alerting report generation and analysis with various security tools ( McAfee EPO, Symantec DLP, Imperva, Sourcefire (IDS/IPS) , Analyze and respond to security events and incidents from SIEM, Firewall (FW), Intrusion Detection/Prevention Systems (IDS/IPS), Antivirus (AV), Network Access Control (NAC) and other client data sources.

Soc analyst at Comtech llc ,worked for federal and commercial ,location Noida (MSP). Managing up soc 1 team and can having ability to do soc l2 works. • Triaged security events using SIEM, EDR, and XDR other tools to investigate incidents and develop mitigation strategies, resulting in a 20% reduction in meantime to detect (MTTD) and a 30% reduction in meantime to respond (MTTR). • Phishing EMAILS also verification through online tools. • As Incident Response Lead, handled cross-company security breaches by proactively assessing the impact on the organization, and ensuring compliance with incident response plans to effectively mitigate any risks. • Effectively countered and mitigated credential stuffing attacks resulting from spam and compromised trusted business emails, by implementing proactive measures, safeguarding against unauthorized access. • Performed in-depth threat hunting on true positive alerts to identify, investigate, and conduct root cause analysis of anomalous activities and potential security breaches. • Proficient in executing response plans, procedures, and playbooks that adhere to industry standards, such as NIST, ISO, and SOC 2, for incident response. • Testing XDR tools in VM ware to present our white label solution to client • Managing multiple clients security alerts both our team through both on premise and clous model.