Back to Developers
Bhagya Reddy Reddy

Bhagya Reddy Reddy

Security Analyst

4+ yrs exp 79 ยท Very Good

About

Security Analyst with 4.5 years of experience in threat detection, incident response, and vulnerability management. Skilled in SIEM, EDR, phishing analysis, and security monitoring across cloud and on-prem environments.

Skills & Expertise (31)

Microsoft Sentinel Advanced
8.6/10
4.5
Years Exp
Microsoft Defender Advanced
8.5/10
4.5
Years Exp
SIEM Advanced
8.5/10
4.5
Years Exp
Incident Response Advanced
8.5/10
4.5
Years Exp
Security monitoring Advanced
8.5/10
4.5
Years Exp
Microsoft Azure Advanced
8.5/10
4.5
Years Exp
Splunk Advanced
8.0/10
4.5
Years Exp
EDR Advanced
8.0/10
4.5
Years Exp
Cyber Kill Chain Intermediate
7.5/10
4.5
Years Exp
MITRE ATTACK Framework Intermediate
7.5/10
4.5
Years Exp
Malware Analysis Intermediate
7.5/10
4.5
Years Exp
AWS Intermediate
7.0/10
4.5
Years Exp
QRadar Intermediate
7.0/10
4.5
Years Exp
Threat Detection Vulnerability Management Sandboxing Phishing Analysis Azure Virtual Machines Security Awareness Microsoft Entra ID Microsoft Defender for cloud Azure Log Analytics Azure AD CrowdStrike Abnormal Security ProofPoint Varonis Jira ServiceNow CrowdStrike Sentinel One

Work Experience

Security Analyst

Capgemini

Nov 2021 - Apr 2026

Analyze potentially malicious emails (phishing, spoofed, spam, etc.) to determine their legitimacy. Block and quarantine messages with harmful attachments or URLs using Proofpoint. Designed and developed dashboards and reports for all integrated devices, providing actionable insights. Monitor Microsoft Azure AD to detect and respond to risky user sign-in activities. Configured and managed multiple data connectors in Microsoft Sentinel to onboard security telemetry from Azure resources, Microsoft 365, Defender products, firewalls, endpoints, and third-party security solutions into Azure Log Analytics Workspace. Administered Azure Log Analytics Workspaces by optimizing data ingestion, retention policies, workspace architecture, and monitoring health to support efficient threat detection and incident investigations. Implemented, configured, and maintained Microsoft Sentinel analytics rules, automation rules, workbooks, watchlists, and incident management processes to improve SOC detection and response capabilities. Managed Microsoft Defender for Cloud by enabling and maintaining appropriate Defender plans for Azure subscriptions, ensuring continuous security posture assessment and compliance with organizational security standards. Configured and administered Microsoft Defender for Servers (Plan 1 and Plan 2), enabling endpoint protection, vulnerability assessment, file integrity monitoring, and threat detection across Windows and Linux servers. Performed onboarding and continuous monitoring of Azure resources within Microsoft Defender for Cloud, investigating security recommendations, regulatory compliance findings, and high-severity security alerts to reduce organizational risk. Administered Microsoft Entra ID by managing users, groups, administrative roles, role-based access control (RBAC), Conditional Access prerequisites, and least-privilege access models to strengthen identity security. Will document the tickets fully with all the action taken for the incident and update it on frequent basis and maintain ticket quality by documenting it with all the required comments. Monitored real-time security alerts using SIEM tools like Azure Sentinel and Splunk. Having Knowledge of the Cyber Kill Chain, the MITRE attack framework, various TTPs described within and commonly used by attackers as well as how to write detection rules for them in SIEM and EDR solution. Identifying False-Positive offences and perform fine tuning over them with the help of TEAM. Conducted security monitoring and incident investigation by correlating logs from Microsoft Sentinel, Defender for Cloud, Defender for Endpoint, Azure Activity Logs, and Entra ID Sign-in/Audit Logs to identify suspicious activities and respond to security incidents. Assisted in implementing Azure Role-Based Access Control (RBAC) by assigning built-in and custom roles following the principle of least privilege while supporting periodic access reviews and permission validation. Managed onboarding and security monitoring of Azure Virtual Machines by deploying Azure Monitor Agent (AMA) and validating data collection rules (DCRs) for reliable telemetry ingestion. Adjust detection rules in Microsoft Sentinel to minimize unnecessary alerts and improve response efficiency. Performed Malware Analysis via sandboxing tools. Performed root cause analysis for cloud security alerts by correlating Azure Activity Logs, resource configuration changes, identity events, and endpoint telemetry, enabling timely containment and resolution of security incidents. Troubleshooting SIEM dashboard issues when there are no reports getting generated or no data available. Working on incidents and reviewing the alerts and do detailed analysis on alerts. Collaborate with L1 and L2 support teams, providing guidance on incident response and resolution strategies. I develop detailed Standard Operating Procedures (SOPs) for various use cases. These SOPs not only provide step-by-step guidelines for investigating and resolving incidents but also serve as valuable reference materials for both internal teams and external clients. Ensure well-documented procedures to maintain consistency in incident management and reduce downtime. Regular constructive discussion to resolve the issues with technical investigation to mitigate the root cause for the Security Incidents. Analyze current security setups, identifying vulnerabilities and providing actionable recommendations for improvement. Create targeted use case queries within Azure Sentinel to identify specific threats based on environmental requirements. Facilitate regular training sessions for team members on incident response protocols and emerging threats. Maintain up-to-date documentation of incident response processes to ensure team readiness during incidents. Participate in post-incident reviews to analyze responses and improve future incident handling procedures. Analyzed and reported security threats or incidents within established SLAs, ensuring timely communication. Contacting the customers directly in case of high priority incidents and helping the customer in the process of mitigating the attacks. Handling the different issues like Phishing, Spam, Scam and Malicious email. Presented security awareness sessions on phishing and social engineering. Preparing Daily/Bi-weekly/Monthly Reports for clients. Delivering 24/7 on call support Attended all the daily calls with the team and highlighted the important points and have provided the possible solutions. Conducted knowledge-sharing sessions within the SOC team.

Education

No education history added yet

Certifications

No certifications added yet

Interested in this developer?

Profile Score Breakdown

๐Ÿ“ท Photo 10/10
๐Ÿ“„ Resume 10/10
๐Ÿ’ผ Job Title 10/10
โœ๏ธ Bio 10/10
๐Ÿ› ๏ธ Skills 20/20
๐ŸŽ“ Education 0/10
โฑ๏ธ Experience 14/15
๐Ÿ’ฐ Rate 0/5
๐Ÿ† Certs 0/5
โœ… Verified 5/5
Total Score 79/100

Profile Overview

Member sinceJul 2026