Kolukuluri Varma

Information security analyst

KPMG

07-2022 - Present

Performed Defender XDR deployment, policy tuning, use case management, and performance optimizations to the client – US Based Banking and Financial client -70K Endpoints. Implemented and fine-tuned security policies, including Antivirus (AV), Endpoint Detection & Response (EDR), Attack Surface Reduction (ASR), Threat Protection, Web Content Filtering, and Network Protection to reduce attack risks. Utilized Microsoft Purview components, including Data Catalog, Data Estate Insights, Data Map, and Compliance Manager, to establish data visibility, classification, and protection frameworks. Created and maintained security documentation on Defender ATP policies, configuration guides, playbooks, and incident response procedures. Configured and optimized sensitivity labels, retention policies, and encryption rules to secure confidential information and ensure compliance with industry regulations. Implemented and fine-tuned Microsoft Purview Insider Risk Management, Information Barriers, and Information Protection to mitigate internal threats and enforce data security controls. Developed and optimized KQL-based detection rules, use cases, and queries, improving threat hunting, anomaly detection, and forensic investigations. Troubleshot and resolved log ingestion failures, missing events, and data parsing issues, ensuring accurate and complete security telemetry. Performed investigations and audits using eDiscovery and Communication Compliance, ensuring policy adherence and legal hold requirements. Collaborated with cross-functional teams, including data engineers, compliance officers, and security analysts, to align data governance strategies with business objectives. Configured, deployed, and managed Azure Sentinel for real-time threat detection and incident response, ensuring optimized SIEM/SOAR operations. Created and maintained workbooks and playbooks to improve SOC visibility, investigation workflows, and incident response efficiency. Conducted vulnerability scans using Nessus/Qualys and prioritized remediation activities by assessing risk ratings of vulnerabilities and assets. Deployed, configured, and optimized Microsoft Defender for Endpoint (ATP) and Defender XDR for enterprise-wide threat protection and incident response. Coordinated and validated remediation efforts between technology and business teams to ensure effective impact. Performed investigations and audits using eDiscovery and Communication Compliance, ensuring policy adherence and legal hold requirements. Involved in creating, managing, and fine-tuning policies according to client requirements in MCAS CASB. Experience in various log collection and monitoring methods within Splunk. Conducting moderate to complex investigations using multiple tools, including endpoint, UEBA, public cloud, SAAS using SIEM Splunk. Performed vulnerability assessments on infrastructure and assisted with the mitigation of the identified vulnerabilities. Contributed to web-based penetration testing and remediation on public-facing applications and interfaces. MITRE ATT&CK Framework Mapping: Map threat detection content to the MITRE ATT&CK framework to illustrate product coverage.