Home

SivaKumar Mandhati - Information Security Analyst / Cybersecurity Analyst / Security Operations Analyst

[email protected]

Location: Raleigh, North Carolina, USA

Relocation: YES

Visa: H1B

Sivakumar Mandhati [email protected] Phone: 636-675-0026 Siva Kumar Mandhati | LinkedIn Raleigh, NC, 27617 Summary Dedicated and detail-oriented Information Security Analyst having over 8 years experience with a strong understanding of cybersecurity principles and a passion for protecting organizational digital assets. Experienced in security monitoring, vulnerability management, threat intelligence, incident response, and security awareness training. Proficient in various SIEM tools, vulnerability management tools, and cloud security solutions. Possess a strong analytical mindset and excellent problem-solving skills, with a proven ability to work collaboratively with cross-functional teams. Professional Summary Experience in the field of cyber security operations and incident response and information systems security function, including reviewing planning and implementation, and management of security controls for the organization. Experience in monitoring and working with security breaches, investigating violations. Analyze the logs and events triggered in SIEM Tools and investigation of type of attacks and logs and providing security to the network environment. Support security incident response processes in the event of a security breach by providing incident reporting. Analyzing Phishing, Spamming, and Malicious URL sites and blocking them using Web Content Filtering Proxies. Plans, schedules, implements, and maintains scalable vulnerability scans using vulnerability management scanning tools Qualys/Rapid7/Tenable. Troubleshoots technical issues with scan configurations to ensure accuracy and completeness Ensures safe and timely scanning that has little to no impact on scan targets. Supports and maintains vulnerability management scanning and reporting tools. Conducts internal vulnerability audits of servers, network devices, applications, and other devices. Interfaces with internal and external auditors, providing detailed information on remediation efforts. Reviews, assesses risks and scope, and decides to escalate to Management if necessary. Monitored the traffic of pass-through firewalls (which allows all the traffic) and created the new policies and helped to improve security concerns and blocked all unnecessary traffic. Familiarity with Demonstrating knowledge of the Cyber Kill Chain Framework and working familiarity of the MITRE ATT&CK Framework. Familiarity with ISO27001 assessment / HITRUST specifications for a framework of policies and procedures that include all legal, Physical, and technical controls involved in an organization s risk management along with HIPAA, NIST 800-53. Experience with next generation firewall technology (Palo Alto, Check Point, Fortinet) Experience with SIEM, Threat Intelligence, and SOAR platforms. Experience in working to maintain intrusion detection / prevention signatures. Analyze security breaches to determine their root cause and recommend/install appropriate tools and countermeasures. Knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls. Worked on security patch updates on different types of servers. And identify and mitigate incidents, threats, compromise, and vulnerabilities. Experience in identifying and executing new cyber security technologies and best practices into enterprise cloud offerings. Experience with threat and vulnerability management tools that include and commercial and open source for Unix systems. PROFESSIONAL EXPERIENCE New York State Department of Financial Services - New York, US (Jan 2022 Present) Information Security Analyst Responsibilities Conducted comprehensive risk assessments to identify vulnerabilities and recommend security enhancements in line with regulatory requirements. Developed and implemented security policies and procedures to protect sensitive financial data and ensure compliance with industry standards, including PCI DSS and GDPR. Led incident response efforts for security breaches, coordinating with cross-functional teams to mitigate risks and recover systems swiftly. Performed security audits and penetration testing to evaluate the effectiveness of existing security measures and identify potential weaknesses. Monitored and analyzed security alerts from SIEM systems, investigating incidents to determine impact and escalate as necessary. Collaborated with IT and compliance teams to ensure security solutions align with business objectives and regulatory requirements in the financial sector. Trained staff on cybersecurity best practices, fostering a culture of security awareness and reducing the likelihood of human error-related incidents. Evaluated and selected security tools and technologies to enhance the organization's security posture and protect against emerging threats. Maintained up-to-date knowledge of threat landscapes and emerging cyber threats relevant to the financial industry, implementing proactive defense strategies. Developed incident response plans and playbooks tailored for financial operations, ensuring rapid recovery from security incidents. Managed third-party risk assessments to ensure vendors comply with security policies and protect client data. Generated detailed security reports for executive leadership, providing insights on vulnerabilities, incidents, and the overall security posture. Utilized advanced threat intelligence to inform risk management decisions and improve detection capabilities. Participated in regulatory examinations and audits, demonstrating compliance with financial industry standards and best practices. Facilitated security awareness workshops and simulations to prepare employees for potential phishing attacks and other social engineering tactics Wells Fargo - Bangalore, India (Jul 2020 Dec 2020) Information Security Analyst Responsible for security monitoring of networks, websites, applications, databases, and other infrastructures to protect them from cyber threats and documentation. Spearheaded the deployment of advanced endpoint protection solutions, enhancing the organization s defense against malware and ransomware attacks. Implemented data loss prevention (DLP) strategies to safeguard sensitive financial information and ensure compliance with data protection regulations. Conducted threat hunting activities to proactively identify and mitigate potential security incidents before they impacted business operations. Collaborated with software development teams to integrate security best practices into the software development lifecycle (SDLC), ensuring secure application deployments. Designed and executed security awareness campaigns, resulting in a measurable reduction in phishing attempts and security incidents reported by staff. Developed and maintained a comprehensive security framework, aligning with ISO 27001 standards to strengthen organizational security posture. Analyzed security architecture and provided recommendations for improvements to enhance resilience against cyber threats in financial systems. Oversaw the security incident management process, ensuring timely reporting, documentation, and resolution of security events in line with established protocols. Led cross-functional security assessment workshops to identify risks and develop collaborative strategies for enhancing overall security posture. Researched and implemented emerging security technologies, such as zero trust architecture and machine learning-based detection systems, to address evolving threats. spamming, and malicious URL sites and block them using web content filtering proxies. Infosys - Bangalore, India (Oct 2018 Jul 2020) Information Security Engineer Conduct scheduled and ad hoc application and system scans, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and communicate findings effectively by using Qualys VMDR. Generate scheduled and ad-hoc reports for different vulnerability scans using Qualys. Established metrics and KPIs for security performance, enabling data-driven decision-making and continuous improvement of security programs. Managed the security incident response team, streamlining processes to ensure quick and effective handling of security breaches and minimizing downtime. Developed secure cloud architecture guidelines to facilitate the safe adoption of cloud technologies within financial operations. Conducted forensic investigations of security incidents, analyzing compromised systems to determine root causes and prevent future occurrences. Facilitated the integration of identity and access management (IAM) solutions, ensuring proper user permissions and reducing the risk of unauthorized access. Participated in industry forums and conferences, representing the organization and staying informed on the latest security trends and best practices relevant to the financial sector. Onboarding Threat intelligence information from multiple sources by using formats like STIXX & TAXII, XML and Suricata/Yara alert rules. Capgemini - Bangalore, India (Jun 2016 Oct 2018) SOC Analyst/Incident Response Analyst Check outbound email messages and inspect them according to data loss prevention policies. Monitor and analyze IDS logs, prioritize potential intrusion attempts, and conduct log analysis. Collect, correlate, and categorize to determine analytics on threats, tactics, and procedures [TTP s] by using Cyber kill chain framework. Review and update System Security Plan (SSP) based on findings from Assessing controls using NIST SP 800-18 rev1, NIST SP 800-53A rev4 and NIST SP 800-53. Categorizing vulnerabilities by using OWASP top 10 and SANS top 25 vulnerabilities guide. Installing, configuration and deployment of Splunk Forwarders, indexes, search heads and deployment server. Working with OWASP tools such as ZAP proxy to detect vulnerabilities. Scanning assets and confirm vulnerabilities using Rapid 7 tools. Investigate security incidents and recommend actions needed to resolve situations. Austin Group Hyderabad, India (May 2015 May 2016) Junior Security Analyst Ensure timely proactive identification and reporting of security gaps and vulnerabilities to the critical business information, systems, and network infrastructure. Engage closely with engineers and system admin during maintenance windows. Assist with information security compliance audits to verify completeness of security required configurations and verify system hardening. Keeping The Anti-Virus Agents and components With Latest Version. Scheduled scanning dates and times to have the least performance impact on systems. Investigate security incidents and recommend actions needed to resolve situations. Familiar with Vulnerability Scanning Tools such as Rapid7 and analyses reports to vulnerabilities. EDUCATION: Bachelor of Technology in Electronics and Communication Engineering (2011 2015). Master of Science in Cybersecurity Information Assurance, University of Central Missouri, Lees Summit, MO (Jan 2021 Dec 2021). Core Competencies Security Tools: Splunk, ELK, IBM Qradar, Proofpoint, Cisco AMP, Tanium, Fortify, Check Marx, Nessus, Qualys, Rapid7 Insight VM Cloud Platforms: AWS, Azure (IAM, VPC, Encryption, Key Management) Programming/Scripting: Python, PowerShell, Bash Frameworks: NIST Cybersecurity Framework, ISO 27001, PCI DSS, GDPR, CCPA Technologies: Next-Gen Firewalls (Palo Alto), IDS/IPS, DLP, SIEM, EDR, VPN, SSL/TLS, MFA Risk Management & Governance (GRC) Phishing Triage: KnowBe4 Incident Response Automation, Playbook Development, Workflow Automation, Integration with SIEM and Security Tools, Threat Intelligence Integration, Alert Management, Incident Triage and Escalation. Technical Skills Programming/Scripting: Python, PowerShell, Bash Security Tools: Firewalls, IDS/IPS, EDR, SIEM, DLP, Vulnerability Scanners (Qualys, Nessus) SOAR Platforms, Threat Modeling (STRIDE, OWASP) Encryption Technologies, SSL/TLS, MFA, VPNs Certifications Microsoft Certified: Azure Security Engineer Associate (AZ-500) CompTIA Security+ Qualys Specialist Certified Fortinet Network Security Expert Level 2 Palo Alto Networks EDU-210 Certified Keywords: active directory information technology Arizona Missouri North Carolina