Vinay Kumar Gandla

Project 1: SOC Operations, Vulnerability & Patch Management

SOC Operations & Vulnerability Management:

• SOC Operations & Vulnerability Management: SOC Integration & Continuous Monitoring: Configured and managed SOC tools (Palo Alto XDR, Securonix SIEM, Microsoft Defender, CrowdStrike) to enable real-time threat detection and effective incident response
• Vulnerability Management & Patch Coordination: Led regular vulnerability scans using Qualys; performed detailed triage and false positive analysis to ensure accuracy in vulnerability reporting
• Tools & Integration: Palo Alto XDR, Securonix SIEM, Microsoft Defender, CrowdStrike
• Vulnerability Management: Regular vulnerability scans using Qualys; triage, false positive analysis, and patch management coordination
• Process & Training: Building and refining SOC processes, playbooks, and providing technical training
• VAPT & Manual Penetration Testing: Testing Scope: Web, API, network, mobile, and thick-client applications
• Reporting: Comprehensive documentation of risk assessments and remediation recommendations

Project 2: VAPT & Manual Penetration Testing:

• Manual Penetration Testing & Analysis: Executed comprehensive manual penetration tests targeting web, API, network, mobile, and thick-client applications.

Employed a combination of automated tools (Nessus, Burp Suite, Metasploit, Wireshark) and manual techniques to identify and exploit vulnerabilities

• Risk Assessment & Secure SDLC Integration: Conducted detailed risk assessments, secure code reviews, and collaborated with development teams to integrate secure coding practices throughout the SDLC

Developed technical reports that included risk assessments, impact analysis, and actionable remediation recommendations

• Reporting & Continuous Improvement: Documented detailed findings from penetration tests, updating vulnerability management strategies and security controls based on evolving threat intelligence

Supported the creation of SOC services for clients using both remote and on-site solutions, ensuring robust protection of information systems

• Extensively working on analysis, Development, Testing, Implementation Maintenance and Production Support activities
• Participated in monthly and technical Release Implementations
• Provide post-deployment support for the changes/projects after Production implementation
• Held Responsible for a detailed root cause analysis for each problem and implements appropriate countermeasures to avoid the problem from reoccurring
• Interacted with Business partners to capture project requirements and reporting parameters
• Develop the code for automation ideas submitted on Innovation hub for repetitive work
• Developed code for data extraction and data migration from Nasco System to WGS system
• Monitoring Daily/weekly/Monthly batch jobs in SAR and maintaining status for Audit purpose

• Liaising closely with line-managers, architects to ensure high-quality, professional and team-focused software engineering environment
• Conducting peer reviews for application design, coding and adherence to set standards, procedures & methodologies, as well as mentoring of junior staff in these disciplines
• Involvement in complete Systems Development Life Cycle (SDLC) of application
• Implementation of Ad-Hoc request and Provides Mailbox support
• Discussion with client to find out requirements and carry out optimization of requirements as per available technologies
• Analyzing programs, implementing business logics by coding new programs and performing existing program change requests
• Perform peer code review of newly developed software programs or existing programs
• Fixed the recurring abends and saved the budget & manual efforts