Sripal M

Cloud Application Security Engineer

Moneris

01.2023 - Current

Consolidated logs from diverse sources such as CrowdStrike, AWS Observability prod account logs, Cisco Meraki IDS, Email-Gateway, Slack, and Jira etc., into Sumo Logic SIEM solution.
Developed and optimized queries within the SIEM to extract actionable insights from the collected logs.
Implemented alert mechanisms for detecting failure logins and monitoring relational database performance.
Established alerts for cloud-related activities, including security group changes, IAM role modifications, and configuration changes.
Proficient in deploying CrowdStrike CSPM (Cloud Security Posture Management) for security posture assessment and remediation, including the detection of IOCs (Indicators of Compromise) and IOAs (Indicators of Attack).
Utilized CrowdStrike EASM (External Attack Surface Management) to safeguard external-facing assets like APIs and prevent unauthorized access and service interruptions.
Managed temporary elevated access through Team Temporary Elevated Access Management for secure privilege escalation in production environments.
Facilitated change enablement processes, ensuring all modifications adhere to established protocols.
Collaborated with the security compliance team to support SOC2 Type 2 report generation by providing necessary evidence and documentation.
Maintained Confluence pages and authored runbooks for Kubernetes agent installation and ECS Fargate agent deployment procedures.
Vigilantly monitored Guard Duty logs, CloudWatch, and CloudTrail for identifying and mitigating potential threats, including IOCs (Indicators of Compromise) and IOAs (Indicators of Attack).
Demonstrated familiarity with OWASP Top 10 security risks and applied relevant strategies for mitigation.
Hands-on experience with SAST, SCA, and DAST tools within GitLab for application security testing.
Engaged in team management within a 24/7 SOC environment, ensuring operational efficiency and incident response readiness.
Leveraged support from tool providers as needed to enhance operational capabilities and resolve complex issues.
Managed CSPM, observability logs, and AWS Control Tower configurations logs from organizational account using StackSets and CloudFormation templates.
Collaborated cross-functionally to enforce security best practices for applications and systems.
Utilized the MITRE ATT&CK framework for threat hunting and incident response strategies, enhancing proactive security measures and incident resolution effectiveness.
Monitored DLP (Data Loss Prevention) tools to detect any instances of Gmail being shared outside the organization.
Implemented proactive measures by reaching out to employees for verification upon detection of Gmail sharing outside the organization.
Developed an automation system to create a Jira ticket and send alerts to designated Slack channels automatically whenever Gmail sharing outside the organization is detected, streamlining incident response and resolution processes.