SAIRAM JULURI

• Performed regular vulnerability scans, risk assessments, and penetration tests to identify potential security threats by utilizing the tools Rapid7 , Tenable, Nucleus.
• Experience with Application Security (SCA) tool "Black Duck" to scan the applications and container images to identify code level vulnerabilities and has the knowledge of Integrating the tool to the environment.
• Experience with GitHub CodeQL which acts as SAST (Static Application security testing) which helps in weekly scanning the repositories in GitHub for application vulnerabilities.
• Enabled CodeQL (SAST) scanning on all the repositories of the Enterprise.
• Monitored and worked on remediation for the alerts with Microsoft Defender for Endpoint, Defender for Identity and Defender for Cloud.
• Managed the PowerShell, Python scripts to automate the manual works with context to Microsoft Azure, Azure Active Directory (Microsoft Entra ID).
• Supported the customers by performing security reviews, Technical questionnaire reviews, helping with the audit requirements by gathering evidences and logs.
• Developed monthly KPI Dashboards using PowerBI tool.
• Improved the Azure Identity Secure Score by working on the security recommendations by configuring MFA, conditional access, Risk policies.
• Experience with Endpoint Security (EDR) tool "Crowdstrike" which scans all the endpoints for threats and attacks.
• Worked on blacklisting the URLs and adding IOC's to the EDR tool. Assisted in installing the EDR agents on every endpoint.
• Experience with security administration work like managing both Azure Active Directory and On-prem AD.
• Experience with Azure Sentinel to work on security incidents and configuring the data connectors on sentinel.
• Helping with security assessment questionnaire, policies, audits and gathering for PCI, SOC2, ISO Frameworks.

• Experience with working on Endpoint Detection & Response using Carbon Black and Microsoft Defender.
• Developed threat models in Carbon Black EDR and MS Defender to make sure the EDR tools will flag any suspicious events.
• Experience in working with IBM QRadar for collecting, processing and indexing the network data in real time.
• For the alerts triggered on Defender, during investigation - I used QRadar network data to gather information about the server & user logs and remediate the alerts.
• QRadar helped in remediating threats faster by providing data based on parameters like Event ID, hostnames and others.
• Experience in Vulnerability Management with Rapid7 tool to manage vulnerabilities found on servers and workstations.
• As a part of vulnerability Management, based on the threat intel from vendor, we use the CVE ID's to find vulnerabilities and plan for patching the devices.
• Experience with security administration work like managing both Azure Active Directory and On-prem AD.
• Created prod & non-prod accounts in AD as requested by the projects and managing access to the network shares.
• Experience with Azure Sentinel to work on security incidents and configuring the data connectors on sentinel.
• For better investigation, I have worked on Powershell scripts and KQL queries to gather records in seconds.
• Experience with Azure Sentinel for collection with data connectors, monitoring key metrics and better threat hunting.
• Ensuring that all the endpoints have deployed with Carbon Black Sensors and are up to date with latest versions.
• Operational work like adding hash values and files to policy exclusions if the values are legitimate and assigning the endpoints to the respective policies.
• Experience with Microsoft Defender for managing the security alerts and remediating them. As Sentinel and Defender are bidirectional, i make sure both the tools are updated with threat models.
• Experience with cloud-delivered firewall ( CISCO Umberlla ) working on configuring Destination Lists, Security settings in Policy components.
• Configured the web policies in Cisco Umbrella by setting rulesets to protect organization identities.

• Experience in Identifying and implementing the improvements in existing Security processes and procedures
• In the present role with KPMG, I have conducted assessments of IT risks and controls, including general IT controls and automated controls embedded within information systems in support of our external audit engagements.
• Evaluating the risks and the adequacy of controls associated with IT, applications, operating systems, databases and interfaces, business process controls and entity level controls.
• Experience in creating documentation and performing gap assessments.
• Interacting with various clients to understand their environments and needs; manage expectations of clients and different managers/partners.
• Conducting Risk Assessments to identify Gaps and provide recommendations to enhance their network architecture
• Worked on Security Frameworks NIST, ISO, SOC2, PCI.
• Preparing reports for the overall Assessment conducted and assigning scores to their security domains.
• Developed strategies to reduce security risks across cloud services, servers, network devices and endpoints.
• Assessed and investigated client IT security environments by scheduling interviews and technical discussions.
• Assessing IT network and security architecture as they relate to managing identities and access privileges, delegated administration models.
• Experience across multiple cyber security domains including vulnerability management, Patch management, Malware analysis, NIST cybersecurity Risk assessment, M365 and Azure security assessments.
• Worked on Sophos central tool for Configuring and Monitoring the Alerts using Sophos end point protection.
• Conducting interviews to the clients to gather information regarding their overall cyber structure

• Worked with AWS's native security tools like GuardDuty, Maice, SecuirtyHub, IAM analyzer, Inspector and Shield environments are secure.
• Identify security gaps, and work with different teams within the organization to resolve them.
• Automate security business processes like auto-remediation findings/alerts using event watch and Lambda.
• Monitor, track and analyze security events from many systems both within and outside AWS.
• Conduct incident response analysis using SIEM tool(splunk).
• Have a good understanding of cloud security in designing and executing cloud / technology controls that mitigate those risks.
• Prepared Weekly, monthly and Quarterly security reports by collecting, analyzing, and summarizing data and trends.
• Assist with ensuring controls are being followed for SOC2 compliance.
• Work closely with auditors and other security professionals during security and compliance audits.
• For Vulnerability management, using Nessus and Qualys for scanning the Production, Staging, QA and testing (both public and private IPs).

Role: SOC Analyst

• Realtime monitoring, investigations, Analysis, Reporting and escalation of security events from multiple log sources.
• Developed an internal tool using PowerShell which alerts the team when a new incident triggered and for mitigating the incident within the TTM respective to the severity which helps in achieving 100% SLA of the project.
• Developed custom software solutions for Microsoft Client by automating COSMOS jobs using PowerShell which helps in reducing manual work and saves time for the team members by above 70%.
• Build Queries and Dashboards using Splunk and Power BI.
• Analyzing the logs from different sources and Implementation of rules and event correlation for the SIEM Environment.
• Assist T2 with critical incidents and incidents that needs the involvement of different teams.
• Exploring, analyzing, and understanding log sources from different sources (AWS, Azure, Firewall Logs).
• Generate and present reports to the management with Health check of monitoring and analytical tools.
• Research on the latest threats and vulnerabilities, derive Indicators of Compromise (IOCs) and other intelligence and feed them into the analysis tools.
• Refinement of the steps and maintaining the KB (Knowledge Base) etc.
• Performed event detection, investigations, and root cause analysis (RCA) within agreed Service Level Agreement (SLA) timeline and followed Kill chain process.
• Profound knowledge on Security Standards and Frameworks (MITRE Attack) and the Cyber Kill chain.