venkatateja irrinki

Security Analyst

LTI MINDTREE

Jul 2021 - Present

Hands-on experience in analysing phishing emails and malware emails, performing soft deletes and hard deletes of malicious emails from the email cluster, and adding indicators to the tenant allow list, block list, and based on analysing the IOCs. Experienced in creating conditional access policies and managing licences in Azure Entra ID. Performed folder exclusion policies, device-based policies, and tags in Defender for Endpoint. Good knowledge of MITRE ATT&CK, the diamond model, and other cyber threat kill chains. Good hands-on experience in creating custom detection rules using the KQL language and fine-tuning use cases to reduce false positives in Defender 365 and Azure Sentinel. Experienced in conducting investigations of static analysis, dynamic analysis, and IOCs using sandbox environments. Working experience in a SOC environment with hands-on experience using the SIEM Splunk tool, which includes log analysis, fine-tuning existing correlation rules to reduce false positives, and responding to incidents. Participate in hunt missions using threat intelligence, analysis of anomalous log data, and the results of brainstorming sessions to detect and eradicate threat actors. Splunk SIEM monitoring includes licence monitoring, indexer storage volume monitoring, Splunk application daily health-check monitoring, and event and incident monitoring. Hands-on experience in the installation, configuration, and management of Microsoft Exchange Servers 2016 and above. Experience in creating Log Analytics workspaces, creating conditional access policies, and detection rules using Defender 365 and Azure Sentinel. Extensive experience in creating playbooks using Logic Apps, and fine-tuning use cases using KQL. Configure and manage dashboards, notebooks, data connectors, and playbooks in Azure Sentinel. Hunt security threats using Azure Sentinel. Good hands-on experience in providing KT sessions, training, and assigning tasks to juniors. Execute swift containment and remediation measures for identified security incidents, employing predefined response strategies to isolate affected systems, and prevent further compromise. Conduct in-depth analysis of security events, collaborating directly with customers to escalate, and thoroughly investigate incidents. This involves understanding the scope, impact, and root cause of incidents to tailor the response effectively.