Ram Reddy

Result oriented Cybersecurity Professional with 11 years of comprehensive IT experience, including 4+ years of experience in L2 Security Operations Center (SOC) at IVY Comptech. Extensive experience in utilizing Security Information and Event Management (SIEM) tools, particularly Microsoft Defender and Azure Sentinel.

Experience in alert monitoring, activity analysis, advanced threat hunting using Kusto Query Language and incident management, which are crucial for identifying and responding to security threats. Understanding the log sources used for security monitoring, especially from security and networking devices.

L2 SOC Analyst - Programming.com - Hyderabad, India

(2024-05 - 2024-12)

Demonstrated hands-on expertise in analyzing and responding to realtime security alerts using Splunk SIEM.

• Delivered L2 support, ensuring timely resolution of incidents, and adherence to SLAs.
• Conducted log analysis across multiple security platforms to identify anomalies and threats.
• Performed threat hunting using Microsoft Defender and Sentinel One.
• Investigated indicators of compromise (IOCs) using open-source tools and recommended endpoint blocking strategies.
• Strong familiarity with security technologies in general, both at the host and network levels.
• Participated in cross-functional war room calls during critical security incidents, sharing live analysis and logs, and helped contain the incidents within defined impact thresholds.
• Proficient in Splunk Search Processing Language (SPL) and Kusto Query Language (KQL) for log extraction and analysis.
• Preparing daily/weekly incident summaries, threat reports, and SOC metrics.

Senior SOC Engineer - IVY-Comptech pvt ltd - Hyderabad, India

(2021-05 - 2024-03)

Hands-on experience in threat analysis, security monitoring, and operations.

• Experience with SIEM tools and monitoring real-time events using Chronicle.
• Collaborating with cross-functional teams to streamline processes and improve efficiency.
• Collecting logs from all the network devices and analyzing the logs to find suspicious activities.
• Technical knowledge of security tools (anti-virus/malware, IDS/IPS, firewall, vulnerability, etc.) and infrastructure (Network, OS, Database).
• Good understanding relating to event logs, system logs.
• Good understanding of malware and its attack types, proxies, and firewalls.
• Performing malware analysis using multiple open-source tools. Focusing on initial detection and triage, analyzing IOCs, thereby reducing false positives.
• Experience and knowledge in investigating incidents, remediation, tracking, and follow-up for incident closure with the concerned team.
• Strong understanding of the MITRE ATT&CK framework, OWASP Top 10, and common attack vectors like SQL injection, XSS, and man-in-the-middle attacks.
• Experienced in writing and preparing detailed security reports, including daily, weekly, and monthly updates, security advisories, and RCA documents.
• Familiarity with vulnerability scanning tools (Nmap), and incident remediation procedures.
• Proficient in handling security incidents related to phishing, DDoS, ransomware, malware, and other cyber threats.
• In-depth experience performing malware analysis, identifying indicators of compromise (IOCs), and conducting phishing email investigations.

NOC Engineer - Skill-mine Technology Consulting Pvt Ltd - Hyderabad

(2018-08 - 2021-05)

ITCC is the SPOC for all the infra and application-related issues for the banking teams operating 24/7. Responsible for managing the complete infrastructure and escalations of all IT and application-related critical issues within the ICICI Bank network. As a team lead with good experience in providing proper knowledge transfer to the team according to the ICICI standards.

• Monitor the Global Incidents queue, follow up on all unassigned, and medium to high-impact incidents with the respective resolution groups, and have them attended to immediately.
• As part of performance monitoring, having experience on both clientside and server-side metrics using App Dynamics, Appnomics, Dynatrace (one agent), Anabot, Riverbed, and BMS tools.
• As part of various roles, also responsible for monitoring various applications 24/7.
• Participating in On-Call Schedules, Review activities.
• Good experience on incident, change, Problem management.
• Handling alerts, blocking issues, and reporting to the concerned team to avoid issues with application performance.
• Identifying and monitoring memory usage, CPU utilization, and physical reads counters using the APPNOMICS monitor tool.
• Responsible for monitoring various Infra tools, like OEM (Oracle Enterprise Manager), Ops Center, OMW, and SCOM (System Center Operations Manager), and escalating the critical alerts to their respective heads.
• Generate the final performance test report with all performance metrics, including response times, hits per second, throughput, and transactions per second, etc., as per the business requirements.
• Having experience in monitoring multiple applications and coordination with application owners, development, DBA, and business development teams.
• Work closely with the incident managers as part of technical escalations, and work as an incident manager when there are multiple issues reported to ITCC.
• Having experience in adding, removing, or updating user account information, and resetting the passwords with the help of the ARCOS tool.
• Proactive monitoring of high-critical production servers, physical servers, virtual servers, and verifying the issues, and reporting to the respective application teams.
• Participating in the bridge calls for internal discussions and also for major issues, and it ensures that high-impact incidents receive the right attention and resolution within the TAT by providing accurate and relevant updates with a proper timeline.
• Call logging and ticket creation for unresolved issues, and escalating and following up through the raised tickets within the team.
• Tracking of incidents from opening to closure, with timely communication to the business with the help of the ITSM ticketing tool.
• Properly hand over the end-of-shift report and also the ongoing issues to the next shift engineers and managers.
• Having experience in preparing daily, weekly, and monthly work status reports and sending them to the reporting authority or management.
• Creating a runbook for future utilization and knowledge sharing.
• Having experience in preparing correlation reports for the impacted applications that we have been monitoring and analyzing the issue.
• Ability to learn new things, quick learner, team player, flexible, and versatile to adapt to any environment.

Sr. Member Operations (Technical) - Tanla Platforms Ltd - Hyderabad

(2014-05 - 2018-01)

Roles and responsibilities are to monitor the platform through tools like Nagios, which include networks.

• Logging the customer's issues according to severity in the ticketing tool, and sending prior notice when there is an outage.
• Monitoring alerts using Nagios and Netcool tools, and following SLA.
• Handling and responding to the emails, such as providing information to users.
• Creating a ticket and escalating it to the concerned team.
• File systems and process management.
• Configuration of the master server, slave server, and integrating NFS and Autofs.
• Managing User and Group Administration.
• Installing and upgrading Linux using the Kickstart method.
• Package Administration (RPM and YUM)
• Performing Scheduled Jobs (At & Cron).
• Processes, administration, and management, like monitoring, starting, stopping, and killing various processes.
• Monitoring and managing swap space.
• Working with open-source packages like SUDO, OpenSSH, and providing troubleshooting.
• Configuration of remote access utilities, providing user access control on services like Telnet, FTP, and SSH.
• Monitoring system resources, logs, disk usage, scheduling, and monitoring backups and restore.
• Monitoring the queuing system using the RabbitMQ application.

Process Associate - United Health Group India pvt ltd (OPTUM)

(2012-05 - 2013-10)

• Monitoring the calls and quotes sent by the account managers, and emailing appropriate feedback on the call structure, call profiling, areas of improvement, etc. On a regular basis.
• Preparing MIS reports on a daily and weekly basis.
• Resolving claims issues.
• Providing KT for new joiners.

Network Security Administrator - Helios & Matheson (DXC technology Pvt ltd)

(2011-07 - 2012-04)

Worked as a Remote Technical Support. Client: COCA-COLA Atlanta (USA)

• User migration on different application like AD server, Lotus notes, etc.
• Supported Coca-Cola employees across the globe

Technical Support Executive - Quess Corporation Limited

(2010-01 - 2011-05)