Revanth Choudhary

Cybersecurity Governance & Policy Management:

• Develop and maintain cybersecurity policies, standards, and procedures aligned with frameworks including NIST CSF, ISO 27001, and CIS Controls, ensuring governance consistency across enterprise systems.

• Coordinate periodic policy and control reviews, ensuring cybersecurity standards remain aligned with regulatory and business requirements.

• Support implementation of security governance frameworks to strengthen enterprise security posture.

Enterprise Risk Management:

• Conduct cybersecurity risk assessments across enterprise infrastructure and cloud platforms using Tenable Nessus and Qualys, identifying vulnerabilities across Windows, Linux, and hybrid environments.

• Evaluate vulnerabilities based on CVSS severity, exploitability, and business impact, prioritizing remediation activities for critical systems.

• Maintain enterprise risk registers, documenting security risks, mitigation strategies, and remediation timelines.

• Perform security assessments for new technologies and systems, identifying potential risks and recommending mitigation strategies.

Compliance & Audit Support:

• Support compliance initiatives aligned with ISO 27001, SOC 2, PCI DSS, and GDPR, ensuring enterprise security controls meet regulatory requirements.

• Prepare audit documentation and evidence required for internal and external cybersecurity audits.

• Conduct compliance gap assessments and support remediation activities to improve control maturity.

Vendor & Third-Party Risk Management:

• Conduct third-party vendor security assessments, reviewing vendor security documentation and evaluating supplier compliance with corporate cybersecurity requirements.

• Maintain vendor risk registers and coordinate remediation activities for identified supplier security risks.

IT–OT Security Governance Alignment:

• Support governance alignment between enterprise IT systems and operational technology (OT) environments, ensuring consistent security control implementation across corporate and operational systems.

• Evaluate cybersecurity risks affecting industrial systems, considering operational availability, safety requirements, and potential production impacts.

• Incorporate guidance from NIST CSF frameworks when evaluating technology risks and governance controls.

Security Metrics & Governance Reporting:

Created and maintained security metrics dashboards to track vulnerability remediation timelines, policy compliance status, and risk remediation progress, providing actionable insights for leadership.

• Prepared governance reports and security posture updates for leadership, providing visibility into enterprise cybersecurity risks and mitigation activities.

• Supported governance reviews by presenting risk trends, compliance status, and security control effectiveness to internal stakeholders.

Incident Response & Threat Investigation:

• Investigated security incidents using Splunk and CrowdStrike Falcon, correlating logs across endpoints, servers, and network systems to identify indicators of compromise.

• Conducted forensic investigations using FTK and Autopsy, identifying root causes of security incidents and validating remediation efforts.

• Isolated compromised endpoints and coordinated remediation with infrastructure teams, enhancing overall security posture.

Security Monitoring & Threat Detection:

• Monitored enterprise security alerts using Splunk SIEM, detecting abnormal behavior across on-premise and cloud environments.

• Conducted proactive threat hunting using Wireshark and threat intelligence platforms, identifying hidden threats across enterprise systems.

• Tuned SIEM detection rules, enhancing detection accuracy and minimizing false positives.

Cloud Security & Identity Protection:

• Monitored cloud environments using Azure Sentinel and AWS GuardDuty, identifying misconfigurations and unauthorized access attempts.

• Strengthened identity security with Azure AD and Microsoft Entra ID, implementing MFA and enforcing least privilege access policies to mitigate risks.

• Hardened Active Directory security configurations to prevent privilege escalation.

Security Metrics & Incident Reporting:

• Generated incident response metrics and monitoring reports, providing insights into alert trends, incident response times, and detection efficiency.

• Documented post-incident findings and contributed to improving incident response playbooks and detection rules.

• Provided updates to leadership on security incidents, investigation outcomes, and remediation actions.