Ghana Mounica Panchakarla
United Kindom
Summary
Cybersecurity professional with 4+ years of experience as Security Analyst, securing on-premises, cloud, and DMZ environments. Skilled in vulnerability assessments, risk management, and ensuring compliance with security frameworks. Worked alongside cross-functional teams to strengthen security measures and protect sensitive data. Committed to continuous learning and enhancing security protocols to reduce risks and ensure business continuity.
Overview
4
4
years of professional experience
1
1
Certification
Work history
Security Analyst
Dynamic Leads
Portsmouth
01.2025 - Current
- Optimized load balancing for improved redundancy and high availability, reducing application downtime by 20% and managing digital certificate lifecycle.
- Implemented various industry-leading tools including WebInspect, Burp Suite, Nessus, OpenVAS, Metasploit, Qualys Guard, Nexpose Fortify, and Black Duck to carry out thorough assessments of secure software maturity, DevSecOps practices, and security solutions for applications and infrastructure.
- Being familiar with vulnerability management tools like Qualys, system hardening techniques, and applying patches based on vulnerability scores.
- Assisted in adoption of Governance, Risk, and Compliance (GRC) tool, known as One Trust, to streamline assessments of vendor security and Data Protection Impact Assessments (DPIA).
- Supported deployment of GRC tool, specifically One Trust, which facilitated vendor security assessments and Data Protection Impact Assessments (DPIA).
- Identified risks within Archer system, submitting risk forms for discussion during Decision Change Meeting (DCM), thereby accurately documenting risks in risk register.
- Contributed to IT Road Map by assessing risks for projects not covered in mandatory 2022 IT Road Map, guaranteeing identification and mitigation of all potential risks.
- Led efforts to ensure compliance with PCI-DSS control requirements, thus upholding industry standards and best practices.
- Executed Just-in-Time (JIT) Least Privilege Model (LPM) policies and conducted user audits as part of Payment Card Industry (PCI) audit process.
- Investigating phishing, spam, and spoofed emails using Proofpoint email gateway, by implementing rules to filter out suspicious emails.
- Utilized Meta Compliance to simulate phishing emails, thus enhancing awareness of phishing threats and bolstering organization's defenses.
- Conducted workshops and comprehensive awareness training programs, enhancing staff knowledge about information security and promoting adherence to security standards within organization.
- Possessing knowledge in identifying and addressing operational gaps in investigations, and fine-tuning use cases, thresholds, and tools.
- Developing internal control systems and audit logs to maintain appropriate information access levels and security clearances.
- Investigated unusual incidents thoroughly provided detailed reports that led to strategic action against possible cyber threats.
- Thoroughly understanding IT risks, controls, and mitigation techniques.
- Recommended appropriate updates to outdated hardware and software systems; bolstered overall system performance and resilience against malicious activities.
Cyber Security Analyst
Cognizant Technology Solutions
India
11.2021 - 12.2024
- Deployed firewalls, Intrusion Detection/Prevention Systems (IDS/IPS), file integrity monitoring, and endpoint security solutions, strengthening security architecture and reducing security breaches by 50%.
- I possess extensive expertise in various security components, including Active Directory, anti-malware protection, vulnerability scanners, intrusion detection/prevention, system hardening, network segmentation, DDOS mitigation, and threat analysis.
- My involvement extends to change management, release management, and incident management activities, utilizing Service-Now. I bring wealth of knowledge in security incident management.
- Acquiring exposure to SIEM platforms such as Sentinel and Rapid7 as well as using security logging and event management tools for real-time security alert monitoring.
- I have practical experience working with SIEM platforms, security logging, event management tools, and real-time security alert monitoring.
- Analyzed & validated security vulnerability data to identify applicability, false positives and exceptions recommended corrective actions and applied it on Rapid7 tools, ensuring generation of accurate vulnerability reports.
- Leveraged Microsoft Azure cloud services and gained hands-on experience with security tools like Microsoft Defender, Sentinel, Web Application Firewall (WAF), and O365 security features.
- Documented security incidents and supported incident response, improving efficiency and reducing impact by 40%.
- Taking responsibility for preparing detailed root cause analysis reports based on meticulous analysis.
- Through collaboration with key stakeholders, I actively monitor and enhance cybersecurity improvement plans.
- Crafting policies, standards, and security frameworks, including NIST and CIS, with adept skills in formal documentation.
- Monitoring 3rd Party security websites to check and prepare advisories for critical & Zero-Day vulnerabilities and working with patching teams for remediation.
- Possessing knowledge and experience in field of Identity and Access Management (IAM).
- My knowledge extends to Single Sign-On (SSO) and Identity services, and I am well-versed in SAML.
- Gaining hands-on experience with Identity and Access Management (IAM) and Privilege Access management on CyberArk, including managing server-level maintenance and configuration changes.
- Developed policies, procedures, standards, and guidelines aligned with ISO standards, thus establishing robust security framework for organization.
- Provided recommendations for internal policies to meet compliance requirements, aligning them with ISO27001 (Information Security Management System) standards.
- Ensured resolution of identified vulnerabilities, offering necessary steps for mitigation or compensatory controls to align with business needs.
- Evaluated effectiveness of controls, conducted risk assessments for all services, and implemented required risk mitigations.
- Conducted annual checks on security controls, ensuring timely collection and validation of evidence to meet established security benchmarks.
- Configured Symantec Endpoint Web Proxy for content filtering and McAfee Anti-Virus to block malicious domains, reducing security incidents by 35% and enhancing overall security posture.
- Displaying in-depth understanding of adversary tools, techniques, and procedures.
- Collaborating closely with key stakeholders to monitor and enhance cybersecurity improvement plans.
Education
Bachelor of Computer Science - Computers
DMSSVH College of Engineering
IndiaSkills
- Network Security: TCP/IP, SSL/TLS, IPSec, VPN
- Cloud Security: AWS, Azure
- Application Security: SAST, DAST, OWASP ASVS
- Security Information and Event Management (SIEM): Splunk, Sentinel
- Firewalls, Intrusion Detection/Prevention Systems (IDS/IPS), Anti-Virus, Web Proxy
- Email Security: DMARC, SPF, DKIM
- Identity and Access Management (IAM)
- Endpoint Detection and Response (EDR)
- Data Loss Prevention (DLP)
- Risk Management, Threat Management and Malware Analysis
- Security Frameworks: ISO 27001, NIST CSF, MITRE ATT&CK, SOC2, GDPR, HIPAA
- Vulnerability Management: Nessus, Qualys, Rapid7
- Digital Forensics and Incident Response (DFIR)
- Scripting and Automation: Python, bash, PowerShell
- Infrastructure as Code (IaC): Terraform
- Operating Systems: Windows, Linux, macOS
Certification
- SC-200: Microsoft Security Operations Analyst (Training)
- Vulnerability Management - Qualys (Training)
Timeline
Security Analyst
Dynamic Leads
01.2025 - Current
Cyber Security Analyst
Cognizant Technology Solutions
11.2021 - 12.2024
Bachelor of Computer Science - Computers
DMSSVH College of Engineering