Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Harika Jonna

Arizona City,ARIZONA

Summary

Dynamic Senior Cybersecurity Engineer with over six years of experience securing diverse environments, including enterprise, banking, aviation, and global manufacturing sectors across India and the United States. Expertise in designing and implementing comprehensive cybersecurity solutions that align with business objectives and regulatory standards, with a focus on Security Operations (SOC), Incident Response, Threat Hunting, and Security Engineering. Proven track record in safeguarding high-volume transaction systems such as UPI and RuPay at NPCI while ensuring compliance with RBI and PCI-DSS regulations. Recognized for proactive threat mitigation strategies, effective cross-functional collaboration, leadership in high-severity incident investigations, and a commitment to mentoring emerging security professionals.

Overview

7
7
years of professional experience
1
1
Certification

Work History

Cybersecurity Engineer

IT Syntax Inc
03.2025 - Current
  • Directed efforts to enhance cybersecurity measures for corporate networks, manufacturing operations, SAP systems, and multi-cloud infrastructures.
  • Architected zero trust security framework, integrating MFA, conditional access, micro-segmentation, and PAM to safeguard sensitive data and resources.
  • Implemented strategies for managing and optimizing SIEM and SOAR platforms (Splunk / Microsoft Sentinel) to facilitate rapid incident response and improve threat detection capabilities.
  • Executed comprehensive threat hunting and incident response initiatives to enhance system security.
  • Developed and maintained cloud security protocols to ensure secure workload configurations and IAM governance.
  • Implemented risk prioritization and executive reporting strategies within enterprise vulnerability management program, leveraging CVSS and risk scoring models.
  • Implemented and refined security protocols, ensuring robust protection via Palo Alto firewalls, IDS/IPS, WAF, EDR (CrowdStrike/Microsoft Defender), and DLP solutions.
  • Implemented and maintained compliance protocols for NIST CSF, ISO 27001, SOC 2, and CIS standards to support regulatory assessments.
  • Executed comprehensive DevSecOps integration by establishing SAST, DAST, container security protocols, and secure CI/CD pipeline controls.
  • Executed comprehensive third-party risk assessments to enhance vendor security governance frameworks.
  • Designed and delivered executive-level security dashboards, KPIs, and risk metrics for senior leadership.
  • Guided junior security engineers and acted as L3 escalation point for high-severity security incidents.
  • Enhanced protection of critical information assets through proactive identification and resolution of security vulnerabilities.
  • Directed security incident monitoring and response operations to maintain 24/7 safeguarding of essential transaction systems across UPI, IMPS, RuPay, AEPS, and NACH platforms.
  • Executed and oversaw SIEM solutions (IBM QRadar / Splunk) for log aggregation and correlation rule development.
  • Performed in-depth threat assessments and root cause analyses to enhance security protocols and mitigate risks.
  • Administered comprehensive security protocols to safeguard banking operations and maintain system integrity.
  • Executed comprehensive risk analysis and vulnerability assessments to strengthen security posture.

Security Engineer

SR Soft Inc
06.2021 - 02.2025
  • Executed comprehensive monitoring and support for security operations at L2/L3 in a 24/7 SOC, focusing on enterprise infrastructure and cloud environments.
  • Executed comprehensive management of SIEM platforms, focusing on log integration, rule optimization, and effective threat detection strategies.
  • Managed security incident investigations and responses to ensure timely containment and remediation of malware outbreaks, phishing attacks, and insider threats.
  • Conducted comprehensive threat hunting activities to identify and mitigate potential security risks through log analysis and IOC tracking.
  • Led initiatives to deploy and manage firewall technologies and security solutions, aimed at ensuring robust protection against cyber threats.
  • Facilitated remediation efforts by collaborating with infrastructure and application teams following vulnerability assessments.
  • Configured and maintained endpoint security systems while analyzing DLP alerts to safeguard sensitive information.
  • Supported cloud security initiatives Azure including security group reviews, IAM policies, and log monitoring (CloudTrail / Azure Security Center).
  • Executed comprehensive privileged access reviews and managed user provisioning and de-provisioning within IAM framework.
  • Facilitated comprehensive risk assessments and internal audits to ensure adherence to ISO 27001, PCI-DSS, and SOC 2 compliance requirements.
  • Authored and organized incident response playbooks, SOPs, and knowledge base articles to support effective incident management.
  • Generated detailed weekly and monthly security metrics reports and dashboards, ensuring stakeholders received timely insights into security operations.
  • Conducted thorough security assessments and vulnerability analyses to enhance overall system resilience.

System Security Engineer

Capgemini
05.2019 - 05.2021
  • Directed cybersecurity operations to safeguard critical aviation systems and passenger data across booking platforms and airport operational networks.
  • Executed comprehensive monitoring and response strategies for security incidents using SIEM tools (Splunk / QRadar) to facilitate 24/7 threat detection and effective incident resolution.
  • Configured and maintained next-generation firewalls (Palo Alto / Fortinet), IDS/IPS, WAF, and anti-DDoS solutions, ensuring robust protection for internet-facing applications.
  • Oversaw security measures for cloud environments, ensuring effective IAM policy management and conducting thorough security group reviews.
  • Performed comprehensive vulnerability assessments and penetration testing to enhance security posture and ensure timely resolution of critical findings.
  • Executed threat hunting and malware analysis to identify indicators of compromise, ensuring the mitigation of advanced threats.
  • Integrated endpoint detection and response (EDR) solutions, such as CrowdStrike, Symantec, and McAfee, to enhance cybersecurity measures across enterprise systems.
  • Monitored and enforced compliance with DGCA aviation regulations, ISO 27001, and PCI-DSS standards to enhance security of payment processing systems.
  • Administered identity and access management (IAM) systems, focusing on RBAC, privileged access controls, and regular user access certification reviews.
  • Strengthened booking and check-in platform security by applying secure coding best practices and configuring WAF policies to mitigate vulnerabilities.
  • Executed business continuity planning (BCP) and disaster recovery (DR) exercises to ensure operational resilience of mission-critical airline systems.
  • Designed and documented incident response playbooks and SOPs, producing executive-level security reports for strategic leadership review.
  • Executed security protocols to safeguard organizational assets and data integrity.
  • Performed detailed evaluations of payment systems to uncover potential security vulnerabilities.
  • Coordinated with diverse teams to implement comprehensive strategies for improved cybersecurity.

Education

Bachelor of Science - ECE

Vishnu Institue Technology
01-2018

Skills

Security Operations (SOC)

  • 24/7 Security Monitoring, Incident Response, Threat Hunting, Digital Forensics, Root Cause Analysis (RCA), Security Playbooks

SIEM & SOAR

  • Splunk, Log Correlation, Use Case Development, Alert Tuning, SOAR Automation

Network Security

  • Palo Alto, Fortinet, Check Point Firewalls, IDS/IPS, VPN, NAC, Network Segmentation, Zero Trust Architecture

Endpoint Security

  • Microsoft Defender, Symantec, McAfee, EDR/XDR, Endpoint Hardening

Vulnerability Management

  • Qualys, Tenable, Nessus, CVSS Scoring, Risk-Based Prioritization, Patch Management

Cloud Security

  • Azure security, Security Groups, CloudTrail,Defender for Cloud, CSPM

Identity & Access Management (IAM)

  • RBAC, MFA, SSO, Privileged Access Management (PAM), Access Reviews, Conditional Access Policies

Application Security

  • Web Application Firewall (WAF), API Security, Secure SDLC, SAST/DAST, OWASP Top 10

Compliance & Frameworks

  • NIST CSF, ISO 27001, PCI-DSS, SOC 2, CIS Controls, RBI Guidelines, DGCA Security Compliance

Payment & Banking Security

  • UPI, IMPS, RUPAY AEPS Security Monitoring, Transaction Fraud Detection

Aviation & Enterprise Security

  • Passenger Data Protection, Booking Platform Security, Corporate & Manufacturing Security (OT/IT)

Operating Systems

  • Windows Server, Linux (RHEL, Ubuntu), Active Directory, Group Policy

Tools and Platforms

  • ServiceNow, JIRA, Wireshark, NMAP, METASPLOIT(basic), PowerShell (basic scripting)

Certification

  • CEH
  • CompTIA Security+
  • CompTIA Network+

Timeline

Cybersecurity Engineer

IT Syntax Inc
03.2025 - Current

Security Engineer

SR Soft Inc
06.2021 - 02.2025

System Security Engineer

Capgemini
05.2019 - 05.2021

Bachelor of Science - ECE

Vishnu Institue Technology
Harika Jonna