Summary
Overview
Work History
Education
Skills
Timeline
Generic

Gowtham Kiran Kommineni

Irving

Summary

  • Senior-Level Cybersecurity Specialist with over 6 years of progressive experience in SOC Operations, Incident Response, and Security Engineering across the Banking, Healthcare, Retail, and Commerce sectors.
  • Master of Science in Cybersecurity graduate, effectively bridging advanced theoretical research in cryptography and network security with real-world enterprise defense strategies.
  • Expert in managing the full Incident Response Lifecycle (NIST/SANS), specializing in the containment and eradication of advanced persistent threats (APTs) within high-stakes financial and medical environments.
  • Proven track record in Cloud Security Architecture, utilizing AWS and Azure native tools to secure elastic workloads and microservices for global E-Commerce platforms.
  • Technical mastery of SIEM orchestration using Splunk ES, Microsoft Sentinel, and LogRhythm, including the development of custom correlation rules and AI-driven detection logic.
  • Advanced proficiency in Endpoint Detection and Response (EDR/XDR), managing enterprise-wide deployments of CrowdStrike Falcon and Microsoft Defender to prevent ransomware and lateral movement.
  • Deeply versed in Regulatory Compliance, ensuring 100% audit readiness for HIPAA (Healthcare), PCI-DSS 4.0 (Retail), and GLBA/SOX (Banking) frameworks.
  • Skilled in Automation and Security Scripting using Python and PowerShell to build custom tools for automated IOC ingestion and rapid evidence collection during forensic investigations.
  • Extensive experience in Vulnerability Management, utilizing Qualys and Nessus to perform risk-based prioritization and patch governance across thousands of global assets.
  • Adept at Identity and Access Management (IAM), implementing Zero Trust architectures, MFA, and SSO via Okta and Azure AD to secure privileged commerce accounts.
  • Expert in Network Security and Traffic Analysis, utilizing Wireshark and Zeek to perform deep packet inspection (DPI) and identify command-and-control (C2) communication.
  • Strategic leader in Threat Hunting, utilizing the MITRE ATT&CK Framework to proactively identify adversary tactics, techniques, and procedures (TTPs) before a breach occurs.
  • Proficient in Application Security (AppSec), conducting SAST/DAST scanning within CI/CD pipelines to secure web portals against OWASP Top 10 vulnerabilities.
  • Demonstrated excellence in Digital Forensics (DFIR), utilizing EnCase and FTK Imager to maintain chain-of-custody and perform root-cause analysis for executive-level reporting.
  • Skilled in Perimeter Defense, optimizing firewall policies for Palo Alto (NGFW) and Fortinet to protect sensitive transaction gateways and telehealth systems.
  • Expert in Data Loss Prevention (DLP), configuring Symantec and Forcepoint policies to prevent the unauthorized exfiltration of PII, PHI, and sensitive trade secrets.
  • Strong background in System Analysis and Design, ensuring that "Security-by-Design" principles are integrated into the initial stages of the software development life cycle (SDLC).
  • Experienced in Operational Excellence, authoring over 30+ Standard Operating Procedures (SOPs) and Incident Response Playbooks to standardize global SOC operations.
  • Highly analytical communicator, capable of translating complex technical vulnerabilities into actionable business-risk insights for C-suite executives and Board Directors.
  • Dedicated to continuous learning and professional growth, leveraging an MS in Cybersecurity to stay ahead of emerging threats like AI-driven malware and supply-chain attacks.

Overview

7
7
years of professional experience

Work History

Senior Cybersecurity Analyst

US Client 2
07.2024 - Current
  • Lead the Tier 3 Incident Response team for a global Commerce platform, protecting high-volume transaction systems and B2B trade secrets from advanced persistent threats (APTs).
  • Orchestrate high-level incident response "War Rooms" during P0/P1 events, facilitating real-time communication between Legal, IT, and Executive leadership to minimize brand reputation damage.
  • Design and deploy advanced KQL (Kusto Query Language) and SPL (Search Processing Language) hunting queries to detect "living-off-the-land" (LotL) techniques targeting commerce databases.
  • Direct the integration of Threat Intelligence Platforms (TIP) into the SIEM environment to automate the ingestion and blocking of malicious IPs and domains associated with retail fraud botnets.
  • Lead deep-dive digital forensic investigations (DFIR) on compromised assets using EnCase and FTK Imager to preserve chain-of-custody for legal review during corporate espionage attempts.
  • Architected a Zero Trust Network Access (ZTNA) framework, significantly reducing the corporate attack surface by phasing out legacy VPN dependencies for a distributed global workforce.
  • Optimize the SOAR (Security Orchestration, Automation, and Response) platform to automate 60% of repetitive Tier 1 triage tasks, saving 20+ man-hours weekly in high-speed commerce environments.
  • Perform quarterly Red Team simulations to test the efficacy of existing detection logic against the MITRE ATT&CK framework, specifically targeting supply chain vulnerabilities.
  • Conduct sophisticated malware analysis in isolated sandboxes to reverse-engineer "zero-day" threats and extract unique Command & Control (C2) signatures targeting trade platforms.
  • Manage the security posture of Microsoft 365 and Azure AD, implementing strict Conditional Access policies to prevent unauthorized account takeovers of executive-level commerce accounts.
  • Mentor a global team of 15+ security analysts, conducting daily technical briefings and monthly professional development workshops on emerging threats in the global trade sector.
  • Oversee the External Attack Surface Management (EASM) program to identify and secure "shadow" cloud assets and forgotten public-facing subdomains used for seasonal commerce marketing.
  • Drive Operational Excellence by re-engineering the Incident Response Plan (IRP) to comply with updated SEC cyber-disclosure and reporting regulations for publicly traded commerce entities.
  • Collaborate with DevOps to secure Kubernetes (K8s) clusters, implementing runtime security monitoring and automated container image scanning for microservices-based commerce apps.
  • Utilize Python-based data visualization libraries to present complex threat trends and risk metrics to the CISO and Board of Directors regarding the safety of customer transaction data.

Cybersecurity Analyst / Engineer

US Client 1
01.2023 - 06.2024
  • Engineered and maintained secure cloud architectures in AWS and Azure, ensuring all retail deployments followed CIS Benchmarks and PCI-DSS 4.0 standards for payment safety.
  • Developed custom Python scripts to automate the continuous scanning of S3 buckets for public exposure, effectively preventing leaks of customer PII and purchase histories.
  • Managed the enterprise Vulnerability Management (VM) program using Qualys, overseeing the remediation lifecycle of 10,000+ monthly vulnerabilities across e-commerce web servers.
  • Implemented DevSecOps practices by integrating Checkmarx (SAST) and BlackDuck (SCA) into the Bitbucket CI/CD pipeline to secure retail app code before deployment.
  • Configured and tuned Web Application Firewalls (WAF) to defend critical retail portals against SQL Injection, XSS, and seasonal Layer 7 DDoS attacks during peak shopping events.
  • Designed an automated SSL/TLS Certificate Management system to prevent critical service outages on checkout pages caused by unexpected certificate expirations.
  • Conducted Identity Governance reviews, utilizing Okta and Azure AD to strictly enforce the Principle of Least Privilege (PoLP) for retail store managers and corporate staff.
  • Facilitated annual SOC2 and PCI-DSS audits, gathering technical evidence and demonstrating control effectiveness to external third-party auditors for payment gateway security.
  • Authored complex Terraform scripts to deploy "Security-as-Code," ensuring consistent firewall rules and security groups across multiple cloud regions hosting e-commerce databases.
  • Investigated security anomalies in SQL Server and Oracle databases, identifying and blocking unauthorized data extraction attempts targeting customer credit card data.
  • Partnered with the Network Team to implement Micro-segmentation using Cisco TrustSec, limiting the potential lateral spread of ransomware from corporate offices to retail POS systems.
  • Led the "Phishing Defense" initiative, successfully reducing the employee click-through rate from 18% to 2% through targeted simulations for seasonal retail staff.
  • Analyzed VPC Flow Logs and CloudTrail events to identify misconfigured security groups and over-privileged IAM roles in production e-commerce environments.
  • Maintained a centralized Secret Management system using HashiCorp Vault to protect API keys, tokens, and sensitive payment processor credentials.
  • Developed a "Risk Management Dashboard" using PowerBI to track remediation progress of retail store vulnerabilities across different regions in real-time for leadership.

Cybersecurity Analyst

Client 2
07.2021 - 08.2022
  • Monitored and responded to high-priority security events in a global Healthcare SOC environment utilizing IBM QRadar and Splunk Enterprise to protect sensitive Patient Health Information (PHI).
  • Performed deep-packet inspection (DPI) of network traffic to identify data exfiltration attempts occurring via non-standard communication ports in hospital network environments.
  • Investigated User Entity Behavior Analytics (UEBA) alerts to detect potential insider threats and compromised medical professional service accounts.
  • Managed the Fortinet and Palo Alto firewall estate, reviewing and optimizing over 1,000+ firewall rules to ensure secure access to telehealth and electronic medical record (EMR) systems.
  • Conducted manual Penetration Testing on internal HR and Healthcare Payroll applications to identify logic flaws and broken access control vulnerabilities.
  • Coordinated the rapid response to the Log4j vulnerability, identifying impacted healthcare assets and applying emergency patches within a 48-hour window to protect patient data.
  • Automated the ingestion of Open Source Intelligence (OSINT) feeds into the SIEM to keep blocklists updated against emerging global threats targeting the medical sector.
  • Verified the integrity of enterprise backup systems, ensuring that "immutable" backups of patient records were isolated and safe from ransomware encryption.
  • Analyzed Windows Event Logs (4624, 4625, 4768) to detect pass-the-hash attacks and credential harvesting targeting healthcare administrators.
  • Supported the IT Infrastructure team in migrating legacy Windows 2008/2012 servers (used for medical imaging) to modern, secure Operating System versions.
  • Assisted in the deployment of Data Loss Prevention (DLP) agents to endpoints to prevent the unauthorized transfer of sensitive patient HIPAA-regulated data.
  • Managed Mobile Device Management (MDM) security policies for 2,000+ corporate-issued devices for doctors and nurses to ensure encryption and remote-wipe capabilities.
  • Created detailed "Incident Playbooks" for DDoS mitigation, outlining clear steps for traffic scrubbing to ensure medical portal availability 24/7.
  • Documented all security incidents in ServiceNow, maintaining a clear, defensible, and comprehensive audit trail for HIPAA and HITECH compliance investigations.
  • Acted as the technical lead for the "Patch Tuesday" committee, prioritizing critical security updates for the healthcare enterprise server farm.

SOC Analyst

Client 1
05.2019 - 06.2021
  • Served as a foundational member of a 24/7 Global Banking SOC, performing high-fidelity monitoring of 5,000+ daily events related to financial transactions.
  • Utilized Splunk ES to identify anomalous patterns, specializing in the detection of brute-force attacks on retail banking login portals.
  • Executed initial incident containment protocols for workstation infections within the banking branch network, effectively isolating compromised hosts from the production core.
  • Developed and refined over 50+ custom Regex (Regular Expression) filters to clean noisy log data and improve SIEM correlation accuracy for SWIFT and wire-transfer logs.
  • Conducted deep-packet analysis using Wireshark to investigate suspicious traffic originating from external malicious IPs targeting banking APIs.
  • Performed comprehensive email header and attachment analysis in sandboxed environments to neutralize sophisticated phishing campaigns targeting bank employees and customers.
  • Collaborated with the Network Engineering team to update Firewall and IPS/IDS signature sets based on newly discovered Indicators of Compromise (IoCs) in the financial sector.
  • Maintained 100% compliance with Service Level Agreements (SLAs) for Ticket Triage, ensuring rapid response to critical banking threats and potential fraud.
  • Automated the generation of weekly "Threat Landscape" reports using Python, providing leadership with visibility into blocked attack vectors targeting the loan-origination systems.
  • Managed the lifecycle of enterprise antivirus and EDR agents, ensuring 100% deployment coverage across all legacy Windows/Linux banking assets.
  • Participated in monthly Purple Team exercises, assisting senior engineers in validating the effectiveness of internal banking security controls.
  • Audited "Shadow IT" and unauthorized hardware devices using network scanning tools, reducing the unmanaged attack surface of the bank’s internal network by 20%.
  • Assisted in the documentation of over 20+ new Standard Operating Procedures (SOPs) for incident escalation and evidence preservation for financial crime reporting.
  • Coordinated with the Identity team to remediate "Orphaned Accounts" and access discrepancies discovered during routine SOX and GLBA security audits.
  • Acted as a primary point of contact for internal bank staff regarding security policy inquiries, fostering a strong culture of cyber awareness across all branches.

Education

Master of Science - Information Technology

University of The Cumberlands
Williamsburg, KY
05-2024

Skills

  • SIEM & Log Management: Advanced proficiency in Splunk ES, IBM QRadar, LogRhythm, and Microsoft Sentinel; expert in developing complex correlation rules, managing data ingestion pipelines, and creating executive dashboards to monitor real-time threat landscapes across Commerce and Banking sectors
  • Incident Response & Digital Forensics (DFIR): Comprehensive experience in the full IR lifecycle (NIST/SANS); skilled in using EnCase, FTK Imager, and Volatility for memory and disk forensics to identify root causes of breaches in high-stakes Healthcare environments
  • Endpoint Detection & Response (EDR/XDR): Extensive hands-on management of CrowdStrike Falcon, Microsoft Defender for Endpoint, and SentinelOne; specialized in threat containment, host isolation, and EDR policy tuning to prevent ransomware propagation
  • Cloud Security Architecture: Expertise in securing AWS (GuardDuty, CloudTrail, IAM) and Azure (Microsoft Defender for Cloud, Sentinel); proven ability to implement "Security-as-Code" using Terraform to enforce compliance in Retail E-Commerce environments
  • Vulnerability & Patch Management: Mastery of Qualys, Tenable Nessus, and Rapid7; led enterprise-wide remediation programs, utilizing CVSS v31 scoring to prioritize critical patches on mission-critical banking servers and medical imaging systems
  • Identity & Access Management (IAM): Advanced administration of Okta, Azure AD (Entra ID), and CyberArk (PAM); implemented Multi-Factor Authentication (MFA), Single Sign-On (SSO), and Role-Based Access Control (RBAC) to meet GLBA and HIPAA requirements
  • Network Security & Traffic Analysis: Expert-level use of Wireshark, Zeek (Bro), and Cisco Stealthwatch for deep packet inspection (DPI); skilled in identifying data exfiltration and command-and-control (C2) traffic in complex Commerce networks
  • Application Security (AppSec): Proficient in OWASP Top 10 mitigation; utilized Burp Suite, Checkmarx (SAST), and Veracode (DAST) to identify and remediate SQL injection and XSS vulnerabilities in E-Commerce web portals
  • Automation & Security Scripting: Advanced Python and PowerShell development for SOC automation; created custom scripts to automate IOC ingestion from Threat Intel feeds and to streamline repetitive user-provisioning tasks
  • Threat Intelligence: Skilled in utilizing MITRE ATT&CK mapping to track adversary tactics; integrated feeds from Anomali, AlienVault OTX, and FireEye (Mandiant) to proactively hunt for threats in the Retail sector
  • Perimeter Defense: Administration and rule optimization for Palo Alto Networks (Next-Gen Firewalls), Fortinet, and Check Point; managed GlobalProtect VPNs and Web Application Firewalls (WAF) to secure transaction gateways
  • Regulatory Compliance & Governance: Deep understanding of PCI-DSS 40 (Retail), HIPAA/HITECH (Healthcare), SOX, GLBA (Banking), and NIST CSF; led multiple successful audits by providing technical evidence and gap analysis
  • Data Loss Prevention (DLP): Implemented and managed Symantec DLP and Forcepoint to monitor and prevent the unauthorized transfer of sensitive PII, PHI, and financial records across endpoint and network layers
  • DevSecOps Integration: Integrated security scanning tools into Jenkins and GitLab CI/CD pipelines; ensured container security by scanning Docker images and Kubernetes (K8s) configurations for vulnerabilities
  • Operational Excellence: Expert in authoring Standard Operating Procedures (SOPs) and Incident Response Playbooks; experienced in using ServiceNow and Jira for streamlined security ticket management and audit trails
  • Email Security & Phishing Defense: Managed Proofpoint and Mimecast gateways to prevent Business Email Compromise (BEC); conducted targeted phishing simulations to improve the security posture of banking branch staff
  • User Entity Behavior Analytics (UEBA): Utilized Exabeam and Splunk UBA to detect insider threats, account takeovers, and anomalous behavior patterns among medical staff and privileged administrators
  • Database Security: Performed security hardening and auditing for SQL Server, Oracle, and MongoDB; implemented database activity monitoring (DAM) to protect sensitive client ledgers and healthcare records
  • Encryption & Key Management: Expertise in managing SSL/TLS certificates, HashiCorp Vault, and AWS KMS to ensure data-at-rest and data-in-transit remain encrypted and compliant with federal standards
  • Leadership & Strategic Communication: Proven ability to lead War Room sessions during major incidents; skilled in translating technical cyber risks into business-level impact reports for C-suite executives and board members

Timeline

Senior Cybersecurity Analyst

US Client 2
07.2024 - Current

Cybersecurity Analyst / Engineer

US Client 1
01.2023 - 06.2024

Cybersecurity Analyst

Client 2
07.2021 - 08.2022

SOC Analyst

Client 1
05.2019 - 06.2021

Master of Science - Information Technology

University of The Cumberlands
Gowtham Kiran Kommineni