SAINATH T

Mobile: +1(314) 283-6310 | Email: sainatht2993@gmail.com

PROFILE SUMMARY
 A versatile professional with Nine Years of experience in the Information Technology and Services industry.
 Excellence in Cyber Security and Security tools for Data and network level monitoring.
 Worked as L1, L2 and L3(Security analyst, Senior Security Analyst and Senior Security Engineer) roles leading a
small team. review the incidents investigated by Level 1/Level 2 Analysts and providing suggestions for
improvement.
 Experience handling multiple projects and be a swift team player in any role at any time (24x7) as per the
requirement.
 Experience in Security Operation Centre (SOC), Security Incident and Event Management (SIEM), Incident
Response, SOP creation, Network Operation Centre (NOC), Notable analysis and mitigates security incidents
based on defined process and procedures.
 Excellent empierce in handling multiple teams (Threat Intel and Threat Intelligence, Vulnerability Management,
Endpoint) for in-depth analysis and track of the details, and escalates investigations to CSIRT as required, with the
SOC Manager and respond to escalated email events including phishing and malware.
 Experience Work closely with all Global SOC team members, Information Technology, business units, and
management.
 Expertise in determining which alerts escalated to you from a Level 2 SOC Analyst need immediate action and
which alerts to wait and watch.
 In-depth experience working on Incidents of Compromise (IOC) identified through web and through our threat
intelligence team and investigated it our environment. Experience in creating automated lookup files for triaging.
 Monitor, evaluate, and assist with the maintenance of assigned security systems in accordance with industry best
practices to safeguard internal information systems and databases.
 Maintain an expert understanding of vulnerabilities, response, and mitigation strategies used to support cyber
security operations.
 Responsible to provide metrics and reports on data as assigned.
 Experience working on Network level configurations including blocking the malicious Indicators at firewall level
and working on port issues and sound cognizance of OSI layer & TCP/IP protocol suite.
 Experience working with Endpoint team in initiating the scans and trap scans and reaching out to host to triage the
incident. Experience in depth analysis and respond to alerts from security appliances.
 Experience working and identifying Phishing Email and providing the in-depth analysis. Utilizing sand-box
environment for details investigation adhering to process. Endpoint tools such as Tanium and Cortex EDR for
endpoint Management.
 Expertise working and dealing with tickets in Monitoring queue on Service Now and BMC Remedy, adhering to
timelines in SIEM tools without SLA breach.
 Extensive experience working with Security Use-cases fine tuning and creating new rules as Content development
from scratch adhered with mitre att&ck framework.
 Experience in creating Response plans for security use cases and Design Documents, and help team understand
them.
 Handson experience with Falcon CrowdStrike for in-depth Malware attack investigation and Imperva for WAF
traffic identification effectively and Wire Shark for packet routing and in-depth analysis for the traffic.
 Great Knowledge on SIEM tools such as Splunk and IBM QRadar for Monitoring the data and always up for
challenges and get my hands on New SIEM tools. Expertise in Invoke events and incident response.
  Have great knowledge working on the Security orchestration, automation, and response (SOAR) using Phantom,
Google Chronicle and Cortex XSOAR using Python Scripting.
 Experience working with Cortex XSIAM to automate capabilities and process of Security Operation center for
effective analysis of the threat and attack.
 Experience in creating playbooks and runbooks event and incident documentation for concrete investigation and
automate them based on requirement.
 Experience includes working on Cloud related platforms Such as Azure for User behaviour analytics for end-to-end
investigation.
 Amazon Web Services (AWS) for Data Monitoring and Identity Access Management and RBAC with additional
responsibilities related to onboarding of Cloud related data.
 Hands-on experience on Splunk and its premium packages (Splunk Enterprise Security and Splunk ITSI).
 Experience working as on data onboarding using multiple onboarding techniques (Syslog, SNMP, and from
Multiple log sources).
 Extensive experience working on creating Splunk queries (SPL) for dashboards, Alerts and Detectors creation.
 Outstanding analytical abilities, problem-solving, decision-making, and interpersonal skills.

SKILLS SET
 Security Information and Event  Splunk Enterprise Security  Security Operations (SOC)
Management (SIEM)
 Vulnerabilities Identification  Identity Access Management  Threat hunting and Incident
Response
 Security and Data monitoring  End-point Management and  Use case Content Development
Solution and fine tuning
 Python Scripting  SOAR automation  Data Ingestion
 Splunk Administration and  Dashboards, Alert and Report  Splunk Observability
Development Creation.

EDUCATION
 Master’s Degree in Computer Engineering with Specialization in Cloud.
 Bachelor’s Degree in Computer and Electronic Engineering.

TECHNICAL EXPERTISE
Programming/Scripting Languages Splunk Processing Language (SPL), ESQL, KQL, Python.
Tool/Platform Experience Splunk ES, Splunk Phantom, Cortex XDR, Cortex XSIAM, Google Chronicle, IMPERVA,
Falcon CrowdStrike, Azure, Amazon Web services, Tanium, Exabeam, Service now, BMC
Remedy.

CERTIFICATIONS
 Splunk Certified Power User - Splunk 6.3 | Splunk Certified User - Splunk 6.4
 Advanced Dashboards and Visualization with Splunk 6.5
 Working on acquiring CompTIA Security+ Certification (Currently InProgress).

PROFESSIONAL EXPERIENCE:
Client: Mitsubishi Financial Group Duration: Sep 2024 – Till Date
Role: Senior Security Developer
Responsibilities:
 Working as the Cyber Security Manager for the project and leading a small team of security analyst.
 Hands on experience working with integration of Splunk Phantom to ensure the alerts are reporting to Phantom for notable
analysis and data search.
 Experience working with incident analysis on the Cortex SIAM and create the playbooks according to the use case.
 Worked on creation of playbooks and workbooks to attain the flow of the incident triaging meeting the required criteria.
 Hands on experience working with the automation of the process related to incident analysis and notable integration with
Splunk Phantom and Cortex SIAM.
 Guided junior level analyst to act on the task to perform step-by-step by investigation provided in the playbooks.
 In parallel working as Identity as a security administrator with AWS managing the identity access controls relation to roles
and privileges.
 Working with the team on Phishing email analysis and triaging and in-depth investigation of the endpoint and malware
relation use cases with Falcon CrowdStrike
 Worked on use cases related to Malware and network signature based IPS/IDS based detections.
 Working on onboarding of data using data ingestion techniques.
 Worked on installation of Splunk components (heavy forwarder, Universal Forwarder and Deployment Server).
 Worked on the setting up the connectivity between the components by working with multiple configuration files.
 Experience in working on configuration of ports. Having strong Linux skills.

Skill Set &Tools used: Phantom, Chronicle, Cortex SIAM, Service now, Amazon Web service (AWS), Falcon CrowdStrike,
Python scripting.

Client: Shell Corporation Duration: Feb 2023 – Sep 2024

Role: Senior Security Analyst
Project1
Responsibilities:
 Worked on multiple projects parallel as a Senior Security Developer and Splunk admin.
 Experience working on the Splunk observability and created detectors related to infrastructure monitoring activity and
Experience working with configuring metrics into Splunk Observability.
 Worked on the log monitoring and deep understanding on Splunk logs and troubleshooting of the internal logs related to log
sources.
 Experience in working on data onboarding to Splunk using multiple data ingestion techniques (App/Addon related data
ingestion, Ingestion through open sources, HEC (HTTP event collector) token).
 Worked on the Syslog/Syslog-ng and SNMP integration and onboarding end-to-end to onboard logs into Splunk.
 Worked on installation of Splunk components (heavy forwarder, Universal Forwarder and Deployment Server) and maintenance.
 Worked on the setting up the connectivity between the components by working with multiple configuration files.
 Experience in working on configuration of ports. Having strong Linux skills.
 Hands-on experience in working with REGEX for certain field and key value pair extractions.
 Involved as the key developer for the project dealing with creation of multiple dashboards and work on existing dashboards
to make it more efficient.
 Created alerts based on the user requirements to generate incidents in the Service now.
 Experience working repository tools like Source tree and GIT for maintaining local repository to configure the changes.
Project2
Responsibilities:
 Worked as a primary resource with Security Delivery Senior Analyst for the project.
 Troubleshoot the data that ingested regularly to detect the nonlinear behavior of the log data.
 Primarily worked on the content Developer for the Splunk Enterprise Security premium package to detect complex attack
patterns, leveraging the MITRE ATT&CK framework.
 Responsibilities include creating new cases by understanding the requirement by analyzing the data ingested into the
environment to identify anomalies and potential threats
 Worked on fine tuning of existing use cases with are responsible for high noise and generating heavy number of false
positives.
 Received multiple appreciations from the end user for reducing more than 65% of FP’s and noise from the Use case and
making them more relevant and efficient by embedded with MITRE ATT&CK framework.
 Experience writing Splunk searches using data models and with index-based searches.
 Worked on the data model acceleration to extract and configure the fields required and which were missing for creating the
searches.
 Available 24x7 to ensure no data breaches and no unnecessary alerts are getting generated. Available for on-call supports
regularly.
 Worked with PKI team in generating the certificates and configuring for the required servers
 Experience in working with vulnerability team to make sure all the Splunk servers are getting patched to eradicate the
vulnerabilities and stay up to date.
 Experience in creating changes, Problem Incidents and Requests, representing them at the weekly CAB calls on the timely
manner for approval.
Skill Set and Tools used: Splunk, Splunk Enterprise Security, Splunk ITSI, Observability, Service now, Splunk Processing
 Language (SPL), Tanium.

Client: Delmonte Duration: Sep 2019 – Feb 2023

Role: Security Engineer & Senior Security Engineer
Responsibilities:
 Worked closely with business analyst to understand the technical requirements of the project.
 Monitored data reporting to Splunk and analyzed the data before reporting an incident with help of tools such as Splunk and
BMC Remedy and Service now.
 Performed in-depth investigation on Malware use cases related to host-based detections and signature-based detections &
implemented end-point protection accordingly.
 Reached out to end user to various trap scanning on the host machines for end-point protection.
 Utilized multiple security tools (Cyber SECOPS and Mine meld), performed firewall-related operations that includes setting up
rules for port activation and deactivation, and making changes to block malicious IP/Domains and URL’s.
 Utilized various open-source threat and virus detection tools like (Virus total, Cisco threat intelligence and URL/IP void) to
identify the malicious indicators.
 Extensive experience on working with email phishing and Email Security use cases. Performed in-depth analysis on the logs
related to email if any incident is identified.
 Always adhered to SLA and received appreciation from the client for maintaining healthy & 100% SLA without any breach.
 Identified vulnerabilities using the MYTRE attack method to proceed with further investigation.
 Fine-tuned numerous use cases to improve the search efficiency while retrieving data from Splunk.
 Developed malware & intrusion detection use cases, which were then deployed into the Splunk production environment.
 Contributed to the development of an automated lookup for IOC detection that runs on a weekly basis.
 Experience working with Threat hunting and Threat intel team to gather the IOC’s during online cyber-attacks.
 Received multiple appreciations from the end users and supervisors for the level of in-depth investigation performed for any
log data or use case.

Skill Set and Tools used: Enterprise security, Service now, BMC Remedy, Palo Alto Mine Meld, Cyber SECOPS.

Client: Humana Duration: Jun 2016 – Aug 2019

Role: Security Analyst
Responsibilities:
 Playing a significant role in the security operations team and majorly worked on SIEM platform.
 Worked on the Use Cases related multiple attacks in the alerts generated through them for triaging.
 Providing data security services and incident management.
 Utilizing Splunk and Demisto to monitor data and ServiceNow to report the incident.
 For each index and source type, creating separate dashboards to track license usage.
 Working on end-point solutions as well as firewall management to regulate incoming & outbound traffic by establishing rules
as needed.
 Generating reports as alerts for the weekly and monthly incident data to provide quick access to client
 Developing dashboards in Splunk & Demisto to display daily data status and monitor app health based on client requirements.
 Installing several apps into the Splunk environment, followed by comprehensive integration to deliver auto incident services.
 End-to-end user communication about security events to maintain the platform safe and secure.
 Monitoring and helping in reducing the incident count for effective results by performing fine- tuning of Use Cases related to
port scanning and critical domain-related Use Case.

Skill Set and Tools used: Splunk ES, Service now, Demisto/Cortex XDR.