Rishitha

[email protected]
Cyber Security-Analyst

Summary:
 Proven track record of conducting cyber security assessments and audits to identify vulnerabilities and security gaps.
 Strong expertise in developing and implementing security policies, standards, and procedures to ensure compliance with
regulations and best practices.
 Proficient in Linux system administration, including configuration, maintenance, and troubleshooting
 Strong understanding of Linux security principles and best practices
 Proficient in deploying and managing Splunk for security log management and analysis.
 Performed services using industry tools such as Encase Enterprise, Encase eDiscovery, Symantec Clear well eDiscovery
Platform, Discovery Attender, Splunk, Access Data’s Forensic Took Kit, MS SQL 2005/2008, MS Visual Studio, VM Ware,
and SIFT Workstation.
 Experienced with Symantec DLP Policies (DLP templates) compliance and regulation standards such as SOX, PCI, and
HIPAA.
 Assessed the System Owners; used Radiant logic VDS, OIM, RACF, MFA, Sail Points, Arcsight, Burp suite, Qualys,
SiteMinder, Securonix (UEBA) and conducted MRA and Splunk.
 Expertise in Cyber security & Information Assurance with deep Knowledge of AWS Cloud, malware detection techniques,
recommended information assurance policies and standards.
 Integrated the data from SAP to ServiceNow by using Javascript API, Web services and captured that data in Service Now
by creating a table.
 Engineered and deployed global Splunk SIEM solution and deployed global Carbon Black Response EDR solution
Engineered and having good experience SAST and DAST applications using tools using Burp Suit and CheckMarx.
 Worked with system owners to achieve FISMA compliance and Authorization to Operate (ATO) for systems based on
guidance from the Federal Financial Institutions Examination Council (FFIEC) and NIST SP, HITRUST, HIPPA, GDPR and
CCPA, and NISPOM regulations and other Risk Management Framework.
 Used Splunk SIEM threat analyst in a managed service security operation center (SOC), triaging cyber threats utilizing
Splunk and various Cloud security tools.
 System Security and administrator Professional, Facility Security Officer (FSO), Information Systems Security Officer
(ISSO), Information Security Management, Firewalls, IDS, Penetration Testing, and industry security standards e.g., ISO
27001:2013, NIST 800 series, HITRUST, HIPPA, GDPR and CCPA, and NISPOM regulations.
 Experience in Splunk friendly regex expressions and optimising Splunk search queries with optimal performance.
 Resolved vulnerabilities in the WebEx and FedRAMP GRC environments, POA&M & NIST, using automated scripts created
in Python, PowerShell, Bash.
 Worked on GRC policies like - ISO Standards - Planning, Implementation and Management of ISO 27001:2013 Information
Security Management System (ISMS) and ISO 20000-1:2011 Service Management System (SMS).
 Getting different log sources to send data to Splunk along with creating and tuning Technical Add-Ons for proper field
extractions using regex
 Efficiently performed web application, vulnerability assessment using Burp Suite, MetaSploit, HP Web Inspect, Nexpose
and IBM AppScan.
 Operated with Splunk professional services to make the best practices that can be followed by everyone to maintain the
performance of Splunk Enterprise Security 7.0.4.
 Experience with various Endpoint tools like McAfee EPO, Carbon Black, BigFix, Symantec EPO (IDS/IPS)
 Hands on experience for HIPAA and PCI-DSS related projects and ServiceNow ticketing.
 Ability to leverage Splunk for incident response, forensic analysis, and threat hunting.
 Hands-on experience with TCP/IP, Trellix tools, security concepts, WAF and LAN concepts, Routing protocols, Firewall
Security policies.
 Improved Tanium Client Deployment Tool (CDT) enterprise-wide by validating deployment scripts, reduced installation
time by 10x; required client license-increase 3 months ahead of schedule
 Created connections with Tanium in to Splunk to track software removals, vulnerabilities, IOC and various hardware
 Familiarity with various network protocols and their behavior, including TCP/IP, DNS, HTTP, etc.
 Strong understanding of Splunk architecture and its application to cyber security use cases.
 Excellent communication and collaboration skills, with the ability to work effectively with cross-functional teams and
external stakeholders.
 Up-to-date knowledge of emerging cyber security threats and vulnerabilities, with a proactive approach to risk
assessment and mitigation.
Professional Experience:
Client: AIG New York, USA
Role: Sr. Cyber Security Engineer Sep 2022 - Till
Responsibilities:
 Guided all the SME's in using Splunk to create dashboards, reports, Alerts etc.
 Extracted the fields using Rex, Regex, IFX, which are not extracted by Splunk SOAR and extracted the fields using Rex,
Regex, IFX, which are not extracted by Symantec SEP.
 Development of assorted testing/build scripts as needed using Selenium WebDriver/IDE written in Python and BASH.
 Involved in standardizing Splunk Phantom SOAR POV deployment, configuration and maintenance across UNIX and
Windows platforms.
 Performed malware reverse engineering and behavioral analysis and Incidence Response handling.
 Experienced with RSA DLP, Symantec DLP versions 12.5, 14.0, 14.5, and 14.6, Forcepoint DLP or native GPO controls and
other tools.
 Worked on Splunk (ES) in building the real time monitoring to get a clear visual picture of organization's security posture,
easily customize views and drill down to the raw events for Incident Response Team (CIRT) and Cyber Security
Operations Center (CSOC).
 Automated the centralized detection of security vulnerabilities with scripts for Vulnerability assessment tools like Qualys
guard and Splunk.
 Deployment of Data loss prevention across the network - Data in motion, Data in Use & data at Rest servers.
 Gained experience with Symantec DLP Software: DLP Cloud Prevent for ForcePoint, DLP.
 Deployed in the cloud and on-premises using Amazon Web Services (AWS) and Single- Server Support.
 Performed tuning of Symantec DLP to reduce false positives and improving detection rates.
 Reviewed and designed security best practices for Symantec EPP and DLP, Anti-Virus, HIPS and DLP. Reporting for the
development and execution of remediation plans.
 Worked on Splunk ES to build the correlation searches, alerts, reports and dashboards to get specific monitoring.
 Integrated the data from SAP to ServiceNow by using API, Web services and captured that data in Service Now by creating
a table.
 Configuration of SPLUNK data inputs by understanding various parsing parameters like Index, source, source typing,
queue sizes, index sizes, index locations, read/write timeout values, line breaks, event breaks and time formats during
index-time.
 Worked on SAST and DAST applications using tools CheckMarx, Fortify and IBM AppScan.
 Migration of Splunk clusters in various AWS accounts to single AWS account rehydration of Splunk cluster on AWS
environment.
 Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows
platforms.
 Worked on Splunk ES to build the correlation searches, alerts, reports and dashboards to get specific monitoring.
 Integrated the data from SAP to ServiceNow by using API, Web services and captured that data in Service Now by creating
a table.
 Developed and publish key metrics for the team to illustrate value and accountability.
 Configuring policies, communication settings and other important features in Symantec endpoint manager 12.x series

Client: Truist Atlanta, GA, USA

Role: Sr. Cyber Security Analyst March 2021 – August 2022

Responsibilities:
● Support Vulnerability Scanning Assessments by identifying vulnerabilities or anomalies, providing mitigation, and
associated reports
● Worked on static source code analysis tools (e.g., Fortify) or open-source tools.
● Troubleshot issues on all Platforms, threat remediation on Splunk Agent, VirusScan Enterprise (VSE), ENS and MNE.
● Worked using Splunk best practice GRC and eGRC standards for OWASP top 10 CIS CSC, DLP, Data classification, and
Encryption standards for Contractors and employee.
● Also, fine tune existing and create new use cases to have all potential Risk indicators identified holistically.
● Worked on Splunk products such as Splunk ES and SOAR and developed and operationalized target network architecture
to have successful interaction with event sources to design, develop, and implement the solution
● Performed Single Tier 2 and 3 Installation of McAfee DLP for test purpose. Also performed two tier and three tier
installations.
● Performed Scans using McAfee DLP and done the escalation of critical data found on Share devices and Shared drives.
Created and managed DLP policies.
● Worked using Splunk best practice standards for OWASP top 10 CIS CSC, DLP, Data classification, and Encryption
standards for Contractors and employee.
● Worked using Perl CGI, python, Java Script, jQuery, Ajax and automating the test cases using python framework
● Created GRC Policy according to HIPPA rule and served as a resource for departments affected by Health Information
Portability and Accountability Act (HIPAA) and provides education on the requirements to perform actions such as initial
inventory, gap analysis, and risk assessments to determine appropriate privacy and security-related organizational
policies and Splunk/Phantom 4.1.94.
● Used Windows and nix* platforms and integrating API-based and REST API for its IOC Detect service and a SOAP API for
integrating the Server platform with a CMDB, SIEM, or in-house tool
● Worked on Splunk Phantom SOAR Proof of Value (POV) project and created regex-based parser to parser logs and
configuring different connectors
● Perform analysis of events/incidents and provide remediation suggestions to relevant owners
● Implement tasks/projects critical to the organizations Endpoint technologies (workstations, laptops, ATMs, mainframes,
servers, etc.)
● Migration of Splunk clusters in various AWS accounts to single AWS account rehydration of Splunk SOAR on AWS
environment.

Client: Truevalue Illinois, USA

Role: Sr. Cyber Security Analyst Apr 2020 – Feb 2021

Responsibilities:
 Worked on solutions for the Cyber Security Program in collaboration with Security Information Event Management
(SIEM), Security Orchestration, Automation and Response (SOAR), User and Entity Behavior Analytics (UEBA),
Deception technology solutions, Email Security Solution, Cloud Access Security Broker (CASB)
 Implemented and managed Cybersecurity solutions tailored to the unique requirements of healthcare environments,
ensuring compliance with HIPAA, PHI, PII, ISO 27001/2, and other regulatory standards.
 Lead the migration from an on-premises SIEM solution to a cloud-based SIEM from a different vendor, including the
seamless transfer of existing log sources, SIEM alerts, reports, and dashboards, as well as the installation of requisite
Add-ons.
 Orchestrated the deployment of Cloud SIEM components in both on-premises and AWS cloud environments while
decommissioning the components of the previous on-premises Splunk solution.
 Performed complete administration and engineering of SIEM solutions, including tasks such as upgrades, patching,
fine-tuning, integrations, content development, log parsing, correlation rules, logs/event collection and management,
incident response, health checks, audit, asset management, and the physical setup, including racking, cabling, and
stacking.
 Developed custom apps and dashboards in Splunk for internal use for the ease of running SOC operations.
 Utilize Artificial Intelligence security and machine learning within UEBA tool to analyze user event and network flow
logs to distinguish between normal and abnormal user behavior, identify early warning signs of irregular user actions
and categorize risky user behavior.
 Assisted in the implementation of the Security Orchestration, Automation, and Response (SOAR) solution within the
client's environment.
 Performed complete administration and engineering of SOAR platform such as content management, health check,
upgradation, user and role management (RBAC & SSO), Docker container management, and deployed live backup
solution.
 Configured SOAR integrations, created tasks, and developed SOAR playbooks, configure incident type, performed
classification and mapping, parsed required fields, built incident layouts that enable analysts to triage and investigate
incidents efficiently.
 Developed SOAR automations, indicator data, and artifact stores, schedule jobs, oversee case management, and foster
collaboration.

Client: Resource Softech Limited Hyderabad, IN

Role: Cyber Security Analyst May 2017 – Dec 2019

Responsibilities:
 Responsible for detection and response to security events and incidents within global Fortune 500 client networks;
utilizing Arc Sight, Splunk, Tipping Point, Virus Total, IPVOID, Fire Eye, Wire Shark, etc. To gather, analyze, and present
forensic evidence of cyber malware and intrusions.
 Review System and firewall logs based on individual preset client policies, rules, and standards; also review all host
activity for a specified timeframe.
 Work directly with ESM engineers and Account Information Security Officers to adjust alert criteria.
 Coordinated escalations to the Forensic Analyst Team with recommendations for remediation.
 Acted as liaison and interacted with leadership, account management teams, and engineers to further define the risk and
remediation plan.
 Evaluated and fulfilled requests from the Account Information Security Risk & Compliance Officers for each client and
aligned with the appropriate run book procedures to attain Client Service Level Objectives and Agreements.
 Adjusted network alerts temporarily to suppress excessive alerts prior to engineers making permanent threshold changes.
 Facilitated and operated direct telephone communication to perform the immediate required escalation requests or
engagements of required teams to support clients.
 Researched McAfee Threat Center, Symantec, and other vulnerability and threat libraries to identify and formulate
remediation plans.

Client: Pep Systems Private Limited Hyderabad, IN

Role: Cyber Security Analyst Oct 2015 - Apr 2017

Responsibilities:
● Threat (APT) actors, their motivations, skill sets, tool sets and intent.
● Registered costumer orders, answer store phone calls, help employees with Azure cloud log in
● Involved in Cloud Security Infrastructure and design for client’s in-house Azure Applications
● Perform cloud security risk assessment for cloud applications already in Azure
● Worked on Splunk Phantom SOAR Proof of Value (POV) for testing the out of the box use cases.
● Setup CI/CD with Code Pipeline to automate with Azure Active Directory and focused on cloud strategy (Microsoft Azure),
product marketing, competitive research, customer journey analysis, and strategic partnerships.
● Created case for the suspicious issue and forwarding it to Onsite SOC team for further investigation.
● Conducted Vulnerability assessment for network using Tenable Nessus
● Utilized LogRhythm Logger as an additional tool to drill deeper into network traffic from LogRhythm.
● Duties include Incident Response for Classified and Unclassified Spills (containment, eradication and recovery).
● Utilized LogRhythm SIEM to solve active threats and alarms for over 40 client accounts
● Tested various threat vectors and present evidence of intent to create signatures/rules to mitigate specific threats.
● Migration of user mailboxes from Exchange 2007 to 2010, Exchange 2010 to Office 365, Open Xchange/Linux based mail
solution/Google Apps/Notes to Office 365.
● Proficient in understanding application-level vulnerabilities like XSS, SQL Injection, CSRF, Authentication bypass, Weak
Cryptography, Authentication flaws etc.
● Managed Cyber Security threat hunting through prevention, detection, response, escalation and reporting in effort to
protect Enterprise IT Assets through Computer Security Incident Response Team (CSIRT) and Process Risk Control
Implementation (PRCI) Teams.
● Worked on Carbon Black technologies and concepts, along with the technological framework for asset management,
security operations, incident investigations and response, threat hunting, vulnerability awareness and security
configuration management.
● Developed Cyber Security Standards on NIST Frameworks and insured their proper implementation to reduce the risk of
vulnerability to IT assets.
● Performed Risk Management and analysis using State approved Risk analysis methodology based on NIST SP 800-30 and
ISO IEC 17799 methodologies.
● Contributed to the tuning and development of security information and event monitoring systems (SIEM) use cases and
other security control configurations to enhance threat detection capabilities
● Worked on APT threat modeling, development of attack plans, performing manual & automated Ethical Hacking, &
develop proof of concept exploits
● Conducted data loss prevention with and implemented appropriate measures.
● Experience in risk control and assessing third party critical assets for any potential vulnerabilities and threats.
● Analyzed potential privacy violations to identify false positives and policy violations with immediate remediation.
● Configured, troubleshoot, and upgraded Next Generation Firewalls solutions for Managed clients, which included network
and/or resource access, software, or hardware problems.
● In-depth understanding of various Data compliance regulations such as PII, GDPR, HIPAA and PCI-DSS.
● Provide technical engineering support and research in the area of advanced persistent threats (APT), software assurance
(SwA) and threat replication and hunting.
● Collaborates with APT Detection technical and threat intelligence analysts to provide indications and warnings, and
contributed to predictive analysis of malicious activity
● Performed penetration testing for external facing web applications. Security areas covering DMZ architecture, threat
modelling, secure coding practices (i.e., OWASP standards) and vulnerability analysis were assessed
● Installed, patched and maintained McAfee EPO 5.X and DLP, utilizing McAfee Orchestrator, and able to deploy DLP and
reporting and working knowledge in ENS 10

Client: Oak Brook Technologies Private Limited Hyderabad, IN

Role: Security Analyst June 2014 – Sep 2015

Responsibilities:
 Monitor computer networks and systems for threats and security breaches
 Install, alter, and update security software and firewalls
 Test systems for potential vulnerabilities
 Develop systems and processes for security best practices throughout the company
 Prepare reports on security incidents and changing responses Monitoring computer networks for security issues
 Investigating security breaches and other cyber security incidents installing security measures and operating software to
protect systems and information infrastructure, including firewalls and data encryption programs
 Keep up to date with the latest security and technology developments research/evaluate emerging cyber security threats
and ways to manage them
 Participate in incident response activities, including containment, investigation, and recovery, for security incidents
involving Linux infrastructure.
 Conduct training and knowledge-sharing sessions to educate team members on Linux security principles, tools, and
techniques.
 Plan for disaster recovery and create contingency plans in the event of any security breaches
 Monitor for attacks, intrusions, and unusual, unauthorized, or illegal activities and evaluate security products
 Design new security systems or upgrade existing ones
 Use advanced analytic tools to determine emerging threat patterns and vulnerabilities and engage in 'ethical hacking, for
example, simulating security breaches identifying potential weaknesses, and implementing measures, such as firewalls
and encryption

Education: Bachelors in computer Science in 2014