Meher PJ - Cyber Security Engineer |
[email protected] |
Location: Middletown, Delaware, USA |
Relocation: |
Visa: |
MEHER P
Email: [email protected] Phone: 302 437 0049 Profile: Cyber Security Engineer Sr. Security Engineer with 10 plus years of experience in Cyber Security, Threat Hunting, Threat Intelligence, Threat Analysis, PAM, Security Monitoring, Operations, Vulnerability assessment, Microsoft Defender for Endpoint, Malware Analysis and Reverse Engineering, Incident Response, investigate incidents using SIEM, Azure Sentinel, Kusto Query Language (KQL), Cyber Kill Chain Analysis, SOC, Static and Dynamic Analysis, Email Spam and URL filtering and Proven knowledge in Information security. Aiming to leverage my skills to successfully fill the Senior Security role at your company. Professional Summary: Accomplished Certified Sr. Threat Research Engineer with extensive expertise in information security, threat intelligence, and incident response. Extensive background in conducting in-depth analysis and research on emerging cyber threats, vulnerabilities, and attack methodologies. Proficient in leveraging advanced threat intelligence tools, performing comprehensive threat assessments, and developing proactive strategies to mitigate risks and fortify organizational security postures. Used Cassandra to actively monitor all the work items for Investigation, created dashboards and filters. Proficiently developed SIEM/SOC rules for testing MOVEit 0-day, WS_FTP RCE, and TeamCity RCE. Skilled in leveraging Azure Sentinel for advanced security analytics, adept at writing intricate queries, and performing robust data analysis using Azure Data Explorer (ADX). Used PowerShell for data collection, log analysis, querying systems, and automating tasks to detect and respond to potential security threats. Demonstrated hands-on experience in threat analysis, incident response, malware analysis, and comprehensive security monitoring. Proficient in analyzing, researching logs from various Security devices & Malware. Proven proficiency across multiple SIEM tools including MicroFocus ArcSight, QRadar, Splunk, and Azure Sentinel. Excels in conducting vulnerability scans, managing end-to-end resolution processes for false negatives (FNs) and false positives (FPs), and creating actionable cases for SOC team investigation. Proficiently executes immediate log analysis, attends to critical alerts promptly, and ensures daily health checklist adherence. Managed Privileged Access Management (PAM) using CyberArk for securing sensitive data and systems. Managed privileged user accounts, defined access controls, and conducted regular audits to ensure compliance with security standards. knowledge of PAM software (CyberArk, Delinea, ThycoticCentrify, BeyondTrust) access control, multi-factor authentication, and security compliance frameworks. Familiarity with identity and access management (IAM) principles. Known for planning and executing routine system repairs, overseeing system upgrades, and leading installations of new IT network equipment and software. Utilized tools or commands like PowerShell, Sysinternals Suite (Procmon, Process Explorer), or built-in Windows utilities (Task Manager, Command Prompt) to view the process tree. Analyze the Process ID of the running process. Worked on Bilbao monitoring tool to identify SID, MID, Even reference and for further investigation. Leverage threat intelligence feeds and databases to cross-reference process names, hashes, or characteristics with known malicious behaviors which help to identify malicious parent processes. Adept at collaborating across multidisciplinary teams, contributing actionable insights, and staying updated on evolving threat landscapes to proactively counteract potential security breaches. Expertise in threat hunting, incident response, malware analysis, and providing strategic guidance based on empirical threat research. Used YARA rules to scan and detect potential indicators of compromise (IOCs) across diverse data sources, including files, memory dumps, network traffic, and system logs. Prioritized and detected IOCs based on their severity and potential impact. TECHNICAL SKILLS: DLP : Symantec SIEM : IBM QRadar, Splunk, Arcsight, Azure sentinel Vulnerability ManTools : Nessus, Wireshark, QualysGuard, Nmap, OpenVAS Antivirus : Trellix EPO, Microsoft Defender EDR : Cybereason, Microsoft Defender for Endpoint SOAR : Palo Alto Demisto/Cortex XSOAR Languages : KQL, SQL, PowerShell Tools : PowerBi, Pestudio, Cassandra, Bilbao, Researcher studio Analytical Skills : Malware Analysis, Threat Analysis, Threat Hunting, Threat Intelligence, Cyber and Technical Threat Analyses, Vulnerability Assessment, Phishing Email Analysis. PAM : Cyberark, Delinea, ThycoticCentrify, BeyondTrust PROFESSIONAL EXPERIENCE Toyota Lift Northwest Kent, WA Role: Cyber Security Engineer Dec 2023 - Present Conducted regular vulnerability assessments to identify and address security weaknesses. Implemented and managed intrusion detection and prevention systems to detect and respond to malicious activities. Implemented rule sets to prevent unauthorized access and protect against various cyber threats. Led incident response efforts to promptly address and mitigate security incidents. Deployed and managed endpoint protection solutions to safeguard individual devices from malware and other security threats. Tools: CyberArk, Nmap, Qradar Microsoft Redmond, WA/India Jan 2022 Present Project 1: Microsoft Threat Experts (MTE) Role: Sr. Threat Engineer Description: The main goal of MTE is to eradicate the advanced sophisticated Threat actor s activity. Microsoft Threat Experts provides Security Operations Centers of Microsoft Defender (MDI, MDO, MCAS, MDE) customers with deep knowledge, expert level monitoring, analysis, and support to identify critical threats in their enterprise. Mainly it has two components 1. Targeted Attack Notifications help identify the scope and impact of malicious activity associated with human adversaries or hands-on-keyboard attackers. 2. Experts on Demand are available to answer customer inquiries related to Microsoft Defender for Endpoint alerts, suspicious activity, or threat intelligence-related questions. Responsibilities Worked on Microsoft Defender products like (MDI, MDO, MCAS, MDE). Successfully led as a Sr. Researcher in Microsoft's Advanced Threat Protection product, focusing on internal signal analysis for robust threat detection. Proficient in conducting threat analysis, fine-tuning traps/use cases for noise reduction, and pioneering pilot batches in collaboration with EDR and Threat Hunting to ensure Microsoft's pioneering role in threat detection. Skilled in crafting and executing advanced KQL queries for log analysis and data analysis. Reviewed all True Positive Escalations made by T1 Analysts and send (FTAN) Fast Targeted Attack Notification to Microsoft s Threat Expert's and customers if needed. Conducted attack techniques mapping by correlating observed threat actor behaviors with known attack techniques. Expertise in handling of attacks from multiple Threat actors such as QakBot, Emotet Banking Trojans, GootKit, SOCGholish, etc and Filing IOCS' and taking proactive steps to stop future attacks. Known for meticulous research and investigation of major threats and malware incidents for a wide range of organizations, including Fortune Global 500 companies. Performed Threat Hunting on Deep and Dark Web to provide actionable intelligence to clients. Performed business security assessment. Actively hunt on large sets of data to surface advanced targeted attacks on customer telemetry. A proactive contributor to Microsoft's threat intelligence by feeding new IOCs and techniques, ensuring proactive mitigation against active threats, and effectively informing clients about critical human adversary actions and malware outbreaks. Informed customers about critical human adversary, malware outbreak (like Banking Trojans, Ransomware) by utilizing Attack Kill Chain and Threat Hunting Knowledge. Performed Malware analysis for the samples received using Pestudio. Categorizing the given samples as Trojan, Adware, Worms, Backdoors, BOT, RAT, Virus, Hijack, System Monitor, etc. to appropriate families based on the analysis. Tools: CMS, BilBao, Cassandra, Kusto Query Language (KQL), Cyberchef, Researcher Studio, Orion Belt, Power BI Project 2: Source Triage Mar 2020 Jan 2022 Role: Threat Engineer Description: Source Triage initiative aimed at efficiently managing security-related data sources, incident logs, and events to enhance incident response capabilities. The project focused on categorizing and prioritizing security incidents and data streams, enabling timely analysis, and facilitating prompt incident response actions within a large-scale security environment. Responsibilities Worked on Microsoft Defender products like (MDI, MDO, MCAS, MDE). Part of source triage team (Open-Source Threat Intelligence / OSINT) External signals, collaboratively worked with Windows, X-plat, Phishing and browser extension teams. Successfully carried out Source Data Triaging with Automated Intelligence Feed processing that collects Publicly available Open-Source Intelligence Feed from Researchers, Blogs, Tweets, Competitors. Recognized and documented the tactics, techniques, and procedures (TTPs) utilized by threat actors during cyberattacks. Researching, analyzing, and creating comprehensive threat intelligence reports to mitigate risks and protect against cyber threats. Generating detailed threat intelligence reports for internal or external dissemination. Integrated external threat intelligence feeds into the threat intelligence platform to enrich and enhance the Microsoft threat detection capabilities. Submitting Weekly, Monthly and quarterly threat intelligence reports and the trend of threats. Managed the ingestion and normalization of threat data feeds from various sources, ensured their compatibility with internal security systems. Developed processes to validate, analyze, and correlate incoming threat intelligence feeds to identify potential security risks and enhance incident response procedures. Collaborated with cross-functional teams to optimize the use of threat intelligence feeds and improve the organization's overall security posture. Mapped adversary behaviors to the MITRE ATT&CK matrix, aiding in the identification of potential gaps in defense strategies and assisting in threat detection and response. Utilized the MITRE ATT&CK framework to categorize and analyze observed adversary tactics, techniques, and procedures (TTPs) Developed and updated various YARA rules for potentially dangerous malware such as TrickBot, Emotet, Ryuk Ransomware and others. Added new Active intelligence feeds (Source confidence, frequency) in to Cassandra. Identified and hunt for undetected malware campaigns, hashes, new phishing campaigns, to ensure that they are detected by Microsoft Defender, and creation of work sets in Cassandra. Used lot of open-source tools for investigation purpose. Performed Threat Hunting on Deep and Dark Web to provide actionable intelligence to clients. Created and updated Threat- Use Cases on monthly basis Provided external and Internal threat intelligence reports to the customer. Presented WSR, MBR and QBR to the customer on the observed attacks, zero day etc. Developed and created Power BI Dashboard to the customers. Written reports and blogs on malware families, ATP groups etc. Created multiple Dashboards internally in Azure DevOps based on the requirement. Collaborated with cross-functional teams to optimize security protocols and maintain a robust security posture. Tools: CMS, BilBao, Azure sentinel, Cassandra, Kusto Query Language (KQL), Cyberchef, Researcher Studio, Orion Belt, Power BI Randstad USA ,Boston, MA/India May 2015 Mar 2020 Role: Security Engineer Description: Worked in MSSP model organization with managing 100+ customers as a Senior Analyst in SOC. Managed Security Services Provider (MSSP) solutions for a diverse portfolio of clients across industries. The project aimed to offer robust cybersecurity protection, threat detection, incident response, and continuous monitoring to safeguard client networks, systems, and data assets. Responsibilities Investigated on the detected behaviors when an incident is escalated by the SOC level 1 analyst. Provided Security Operations Centre (SOC) support on a 24x7x365 basis by shift work rotation Monitored multiple Security alert resources, identified and triaged significant security events, determine impact and threat severity, escalate according to established procedures and open trouble tickets using the Case Management System. Worked on suspicious emails, identifying phishing emails and phishing campaigns. Responded to various security alerts for various client and scanning for vulnerabilities using tools like Nessus server. Created new rules, signatures, reports and use cases using deployed technologies to identify threats. Implemented and managed XSOAR playbooks to automate and streamline incident response processes, reducing response time. Conducted regular threat assessments and vulnerability assessments to proactively identify and address security risks. Collaborated with cross-functional teams to optimize security protocols and maintain a robust security posture. Utilized Cybereason and other EDR tools to detect and mitigate malware, ransomware, and other malicious activities on endpoints. Responded to security incidents promptly, conducting in-depth investigations and producing detailed incident reports. Participated in threat hunting exercises to identify and neutralize advanced persistent threats (APTs). Review automated daily security reports of key security controls, escalate critical security events to the appropriate stakeholders(vendors) and follow-up as required. Participated in all the phases of incident response process, including detection, containment, eradication and post-incident reporting. Protect information assets of the organization. Managed vulnerability scans on applications. Monitoring real-time events using SIEM tools like MICROFOCUS ArcSight & QRadar. Monitoring 24x7 for Security Alerts and targeted phishing sites by using SIEM. Worked on Symantec DLP, to monitor the logs. Anti Phishing Campaign by using Webroot and educate the employees. Worked on Installation, Configuration and upgradation of various connectors, and its troubleshooting. Responsible for preparing the root cause analysis reports based on the analysis. Analyzed daily, weekly, and monthly reports. Tools: MICROFOCUS ArcSight, QRadar, Splunk, Nessus, QualysGuard, Paulo Alto, Securonix, Zscaler, Sophos, Webroot, Crowdstrike, Datadog, Jira Client: Dominos, Hyderabad, India Jan 2014 to April 2015 Role: System Administrator Project: System & Network Maintenance Maintenance of software issues and such as Antivirus / patch management, VPN, Firewall, switches, SAP, MS Office, Microsoft Office, mails, Outlook, Internet Explorer, Servers, Desktops, laptops, printers, LAN/ WAN connectivity. Ensured full and incremental data backups were successful. Performed data restore for users as needed. Configured, troubleshot, and maintained Windows 2003 and 2008 Servers. Experience on PC assembling, OS Installation and troubleshooting. Planned and executed routine repairs and system upgrades. Education: Bachelor of Engineering from JNTU University. Certifications Certified threat Intelligence analyst from EC-Council. Microsoft Certified Security Operations Analyst Associate - SC-200. Certified Secure Delivery for Infrastructure Security. Certified Security Operations and Administration. Keywords: business intelligence information technology microsoft Idaho Massachusetts South Carolina Washington |