Gopiraju Karumuri

Responsibility:

• Preparing and Maintaining the CMDB or Inventory details as per the ServiceNow CMDB Database.

• On-Boarding and Decommission of servers to Nexpose tool based on the CMDB data.

• Scheduling the scans for active servers as per the shared time slots.

• Initiating Ad-hoc scans based on ServiceNow requests and sharing with requesters.

• Running reports for completed scans and preparing the customized reports to share with patching team.

• Working on troubleshooting techniques for the IP's which are not reachable/failed during the scan.

• Monitoring status of Scanners and working with POC to bring scanners online if incase scanners went to offline.

• Tracking False Positive & Exceptions based on the evidences shared by system managers.

• Raising cases with Nexpose Support team to get the support for the issues which we faced in real time.

• Helping to server owners for remediating the vulnerabilities.

Monitoring the 3rd Party security websites to check and prepare the advisories for critical & Zero-Day vulnerabilities and working with patching teams for remediation.

• Working on the ServiceNow integration issues with security operation teams to resolve.

• Preparing the PPT's & KPI's and presenting to the customer/client.

• Preparing and Updating the SOP'S.

Responsibility:

• Experience in Vulnerability assessment and Vulnerability Management

• Monthly basis worked with platform teams to get the inventory details for active servers.

• Performed the Ad-hoc scans and scheduled vulnerability scans.

• Deployed the cloud agents on the AWS, Azure cloud platform related servers.

• Provided the support to Network and Server teams to deploy the Qualys Physical and Virtual scanner appliances.

• Follow-up with platform teams reg to remediation status for the sev4 and sev5 vulnerabilities

• Worked on the Trouble shooting issues like cloud agent reachability issues and Authentication issues.

• Created the policies in Qualys policy compliance module with technologies wise and added the controls to respective technologies.

• Performed the policy compliance scans on windows and linux servers.

• Worked with server teams to fix the Failed controls.

• Performed the MFNA control checks on the Network devices and worked with concern team to set the correct configurations as per the followed standards.

• Monitor the server logs and events in splunk and worked with L2 team for the servers which are not sending events to splunk.

• Provided the KT to freshers or New Joiners.

Responsibility:

• Prepared and shared the security advisories to the stakeholders.

• Performed the Authenticated scans for the active servers.

• As per system manager request, Initiating Ad-hoc scans and Scheduled scans.

• Preparing the Customized report for High and Critical vulnerabilities and sharing with platform teams for remediation.

• Created the Option Profile as per the business requirements.

• Maintaining and updating the Authentication records in Qualys VM module.

• Scheduling the vulnerabilities report to send it to remediation team members for taking required action.

• Worked on the Zero-day vulnerabilities and remediated by taking help from patching team within defined SLA'S.

• Monitoring status of Scanners appliances.

• Creating the Qualys accounts to the New joiners based on the manager approval.

• Weekly calls with platform teams to gather the remediation progress status updates.

• Monitoring the IBM QRadar console for identifying the suspicious events.

• Worked with different teams for the incidents which is related to Firewall, Login Failures and Malware.

• Maintaining and updating the Incident tracker with latest comments.

• Providing the weekly and monthly reports to client.