sreeharsha kuchana
Cyber Security and Incident Response Analyst
About
Results-driven Cyber Security and Incident Response Analyst with 6+ years of experience in protecting information systems and networks from cyber threats. Proven expertise in Incident Response, Threat Hunting, Vulnerability Management, Digital Forensics, and Cloud Security. Adept at leveraging security frameworks such as MITRE ATT&CK, OWASP Top 10, and NIST Standards to enhance security postures. Skilled in using SIEM tools (Azure Sentinel, Splunk, QRadar), IDS/IPS (Suricata, FireEye), and malware analysis tools to detect and mitigate risks in on-premises and cloud environments (AWS, Azure). Strong communicator with a track record of improving security processes, mentoring teams, and ensuring compliance with regulatory standards (HIPAA, GDPR, PCI DSS).
Skills & Expertise (65)
Work Experience
SOC Analyst
Wipro Technologies
Feb 2021 - Present
Led advanced incident investigations escalated from Tier 1 SOC analysts, performing comprehensive analysis to assess threats and business impact. Utilized SIEM platforms such as Azure Sentinel and Splunk to create, fine-tune, and optimize detection rules and correlation logic for improved alert accuracy. Collaborated with SIEM engineers to enhance rule performance, reduce false positives, and increase visibility into multi-vector threats across hybrid environments. Developed and maintained incident response playbooks, identifying and implementing automation opportunities to streamline remediation workflows. Conducted in-depth log and telemetry analysis using Azure Sentinel and Splunk to extract Indicators of Compromise (IOCs), attacker TTPs, and malware attributes. Mapped incidents and detection logic to frameworks like MITRE ATT&CK, aligning detection coverage with evolving threat landscapes and adversary behaviors. Performed static and dynamic malware analysis to identify payload delivery mechanisms, persistence techniques, and lateral movement. Acted as the lead responder for major incidents, coordinating cross-team investigations and delivering actionable containment and remediation strategies. Delivered expert-level threat detection using Microsoft Defender for Endpoint, Defender for Identity, and Microsoft Cloud App Security (MCAS). Provided technical mentorship and support to Tier 1 promoting continuous learning and improved incident triage effectiveness. Led SOC onboarding activities for new clients, ensuring seamless integration of log sources, detection content, and monitoring procedures into Azure Sentinel and Splunk. Evaluated and reported on the effectiveness of security controls using audit frameworks such as NIST 800-53, ISO 27001, and CIS Controls. Engaged in continuous improvement of SOC operations by reviewing incident trends, KPIs, and detection gaps, and recommending tool and process enhancements. Delivered clear and concise threat reports and briefings to internal stakeholders, including executive leadership, to support risk-informed decision-making.
Associate Cyber Security Analyst
Voya Financial
Feb 2020 - Jan 2021
Monitored and triaged security events using Splunk and Palo Alto Cortex XSIAM to ensure early detection and timely escalation of potential incidents. Analyzed alerts to eliminate false positives and escalated validated security events to Level 2 analysts for advanced investigations. Prioritized alerts based on severity, asset criticality, and business impact to support efficient incident response. Generated SOC reports (daily and weekly) summarizing alert trends, incident volumes, and response activities for internal review. Maintained and fine-tuned SIEM correlation rules and detection logic to improve alert fidelity and reduce noise. Provided Level 1 operational support across SIEM, IDS/IPS, endpoint security, and firewall log monitoring, ensuring continuous visibility. Created, updated, and tracked incident tickets in case management systems, ensuring accurate documentation and adherence to response SLAs. Collaborated with IT and infrastructure teams to validate anomalies and apply immediate containment actions when necessary. Managed and optimized SOC dashboards to provide real-time visibility into event trends, system health, and rule performance. Followed SOC playbooks and SOPs to respond to phishing, malware analysis, and unauthorized access attempts. Maintained operational continuity through shift handovers, incident review calls, and knowledge sharing with the SOC team. Communicated incident details, containment actions, and response steps to stakeholders to ensure coordinated remediation. Contributed to SOC process improvement by documenting new use cases, refining detection logic, and recommending rule tuning based on activity trends.
Education
Electronics and Communications Engineer - Kamala Institute Of Technology And Science
- 2020 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Open to Relocation
Skills (65)
Click a skill to find developers with the same skill
