komal ganesh ganesh
Cloud Security and SOC Analyst
About
Cloud Security and SOC Analyst with 4+ years of hands-on experience in SIEM, SOAR, and endpoint security, specializing in Azure Sentinel, Splunk, and Logic Apps for advanced threat detection and automated incident response. Expertise in Microsoft Defender XDR, CrowdStrike, and Defender for Cloud (CSPM/CWP) to secure endpoints and cloud environments. Expertise in WAF technologies Cloud Flare and Strong background in Microsoft Purview DLP (MIP & DLP), Entra ID, and Microsoft Intune for data protection, identity management, and device security. Proficient in vulnerability management using Nessus and Qualys, KQL-based threat hunting, and email security within Microsoft 365. Proven ability to enhance SOC operations, reduce MTTR, and implement Zero Trust principles to strengthen overall security posture.
Skills & Expertise (23)
Work Experience
Security Analyst
AECOM Pvt Ltd
Jan 2022 - Present
Monitored Cloudflare analytics and traffic logs to identify anomalies, attack vectors, and malicious traffic patterns. Designed and deployed Cloudflare WAF policies including custom firewall rules, rate limiting, and bot mitigation strategies. Maintained detailed documentation of WAF configurations, incident reports, and security architecture designs. Monitored and analyzed FortiGate NGFW logs (traffic, IPS, UTM, VPN) to detect threats, policy violations, and anomalous activity across enterprise environments. Investigated IPS/IDS alerts on FortiGate, triaging signature-triggered events to distinguish true positives from false positives using packet capture analysis. Hands-on experience in monitoring, analyzing, and responding to security incidents using Azure Sentinel and Splunk SIEM, ensuring 24/7 threat detection and rapid incident containment. Hands-on experience in designing and implementing SOAR automation playbooks using Logic Apps, significantly reducing manual effort and improving incident response time (MTTR). Extensive experience in proactive threat hunting using KQL, analyzing large-scale datasets across endpoints, identity, and cloud environments to detect advanced threats and anomalies. Hands-on experience in endpoint detection and response (EDR) using Microsoft Defender ATP, Microsoft 365 XDR, and CrowdStrike Falcon for malware analysis, incident investigation, and remediation. Conducted hypothesis-driven threat hunts using CrowdStrike Falcon EDR telemetry, proactively searching for malware, ransomware precursor activity, and living-off-the-land (LoL) techniques ahead of automated alert escalation. Performed post-alert deep-dive investigations using CrowdStrike Falcon, correlating behavioral detections with MITRE ATT&CK tactics to reconstruct full attack timelines and assess lateral movement risk. Executed CrowdStrike Real-Time Response (RTR) sessions on compromised endpoints to conduct live forensic triage, terminate malicious processes, remove persistence artefacts, and isolate hosts during active incidents. Experience in implementing and enhancing Microsoft Defender for Cloud (CSPM & CWP) to continuously monitor cloud workloads, identify misconfigurations, and enforce security best practices. Hands-on experience in designing, deploying, and optimizing Microsoft Purview DLP (MIP & DLP) policies to safeguard sensitive data across Exchange Online, SharePoint, OneDrive, and Teams. Experience in email security operations using Microsoft Defender for Office 365, including phishing analysis, malware detection, and investigation of spoofing and business email compromise (BEC) attacks. Experience in conducting vulnerability assessments and risk-based remediation using Nessus and Qualys, prioritizing vulnerabilities based on CVSS scores and business impact. Hands-on experience in managing Microsoft Intune (MDM, MAM, MCM) for endpoint configuration, device compliance, application protection policies, and secure access enforcement. Experience in SIEM content development, including creating, tuning, and optimizing analytics rules, correlation searches, alerts, dashboards, and workbooks to improve detection accuracy. Hands-on experience in log source onboarding and integration, ensuring seamless ingestion of security logs from multiple sources into SIEM for centralized visibility and correlation. Enhanced SOC operational efficiency by automating repetitive security tasks, reducing alert fatigue, and improving incident response consistency using SOAR capabilities. Monitored and triaged AWS GuardDuty findings across multi-account environments, detecting cloud-native threats including credential compromise, cryptomining activity, and unauthorized API access. Performed severity-based triage of GuardDuty findings, escalating confirmed high-severity incidents per SOC runbooks while closing false positives with documented justification. Conducted first-line assessment of malware, credential anomaly, and network threat findings across cloud workloads, routing incidents for escalation or closure based on risk scoring and business context. Reviewed and actioned quarantined emails within Abnormal Security, applying threat indicator analysis, user context evaluation, and business justification to make accurate release or block determinations while maintaining full audit trails for compliance purposes. Applied OWASP Top 10 security controls across web application environments, identifying and remediating critical vulnerabilities including Broken Access Control, Injection flaws, and Security Misconfigurations. Generated executive-level and technical vulnerability reports using Qualys dashboards, providing stakeholders with clear visibility into risk posture, remediation progress, and compliance status.
Education
BSC - Andhra University
- 2020 ยท Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (23)
Click a skill to find developers with the same skill
