Ravi Kiran E A

SOC Analyst L2 with 4.3+ years of experience in 24x7 enterprise SOC operations, covering threat detection, incident response, SIEM monitoring, and SOAR automation at Tata Consultancy Services. Proficient in IBM QRadar, Microsoft Sentinel, Splunk, Cortex XSOAR, CrowdStrike Falcon, Cortex XDR, Azure AD, and Prisma Cloud. Experienced in IOC validation, WAF log analysis, phishing and malware investigations, MITRE ATT&CK-aligned threat hunting, and SLA-driven incident escalation.

Microsoft

Certified (SC-200, AZ-500).

SOC Analyst L2 - Tata Consultancy Services - Chennai

(2022-02)

• Conducted real-time 24x7 SOC monitoring and triage of 20 to 30 security alerts per day using IBM QRadar SIEM across global enterprise environments, maintaining strict SLA adherence for P1 to P4 incidents.
• Performed end-to-end incident response covering triage, containment, eradication, IOC validation, root cause analysis, and post-incident documentation in line with SOC playbooks and SOPs.
• Managed and acknowledged security incidents through Cortex XSOAR (ITSM), and built automated playbooks that reduced manual analyst workload on recurring alert types, delivering a 30% improvement in MTTR.
• Worked with Splunk Enterprise SPL and Microsoft Sentinel KQL for log analysis, alert investigation, incident monitoring, threat detection, and security event correlation across enterprise environments.
• Tuned SIEM correlation rules and suppression logic to eliminate low-value alerts, achieving a 25% reduction in false positives and improving overall detection fidelity.
• Investigated phishing, malware, and insider threat incidents by correlating logs from Azure AD, Google Workspace, and UEBA (GRA); mapped adversary behaviour to MITRE ATT&CK TTPs and produced structured RCA reports.
• Analysed WAF logs to detect injection attempts and application-layer threats; enriched IOC investigations using Recorded Future, VirusTotal, and AbuseIPDB, and blocked confirmed malicious IPs and domains at firewall and proxy level.
• Responded to Azure AD / Microsoft Entra ID anomalies including geo-impossible logins, MFA bypass attempts, risky sign-ins, and privilege escalation events; worked with Identity Protection, Conditional Access policies and Privileged Identity Management (PIM) controls to strengthen access security and reduce identity-based threats.
• Contained an active ransomware attack using CrowdStrike Falcon through rapid host isolation and IOC blocking, preventing lateral movement with zero business disruption.
• Mentored L1 SOC analysts on alert handling, escalation protocols, and documentation standards; recognised by management for shift leadership and cross-team collaboration.

Bachelor of Engineering - Mechanical Engineering - Sanketika Vidya Parishad Engineering College (2016 - 2019)

Diploma - Mechanical Engineering - Sanketika Polytechnic College (2013 - 2016)