Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Harika Kalvakolanu

Charlotte,United States

Summary

Experienced cybersecurity professional with over 8 years in Security Operations, focusing on incident detection and response, external threat monitoring, phishing analysis, and identity breach investigations. Proficient in triaging alerts, conducting log analysis across email, endpoint, network, and responding to threats in real time. Strong understanding of threat intelligence enrichment, risk-based prioritization, and working across teams. Proven ability to operate in 24/7 SOC environments, reduce false positives, and contribute to the development of playbooks, incident workflows, and post-incident documentation.

Overview

6
6
years of professional experience
1
1
Certification

Work History

Senior Security Analyst

Sunbelt Rentals
06.2023 - Current
  • Led automation efforts through a SOAR platform, developing and validating playbooks for phishing response, alert enrichment, domain reputation checks, and automated triage workflows.
  • Streamlined repetitive SOC tasks by building SOAR workflows that auto-triage alerts, trigger IOC lookups, assign severity levels, and initiate ticket creation, reducing manual workload for Tier 1 analysts.
  • Investigated external threats including typosquatting, brand impersonation, social media spoofing, and dark web activity, providing recommendations for blocking or takedown when applicable.
  • Conducted ongoing monitoring and analysis of identity breach alerts, third-party risk indicators, and abnormal behavior patterns, helping prevent credential misuse and unauthorized access.
  • Performed in-depth log analysis of DNS, email, and web traffic to detect malicious activity, trace intrusion attempts, and uncover C2 communications or exfiltration techniques.
  • Investigated and responded to phishing emails, suspicious domains, and IP addresses, leveraging open-source tools and internal data to identify threats and guide response actions.
  • Created detailed incident documentation, executive summaries, and status reports to ensure accurate tracking and communication during and after security events.
  • Worked closely with internal SOC team members to escalate critical incidents, share findings, and support coordinated response efforts.
  • Recommended improvements to alert logic and response workflows, reducing false positives and improving triage efficiency.
  • Contributed to the maintenance of IR playbooks, SOPs, and knowledge base documentation for consistent and scalable response practices.
  • Aligned investigations and detection strategies with the MITRE ATT&CK framework to support structured, compliant incident handling.

Incident Response Analyst

McKinsey & Company
08.2021 - 01.2023
  • Performed real-time alert triage and incident response across SIEM, EDR, and email platforms, identifying and responding to threats such as malware infections, phishing, account compromise, and lateral movement.
  • Conducted in-depth log analysis across DNS, proxy, email, and endpoint telemetry to trace malicious activity and determine root cause.
  • Investigated phishing campaigns, analyzing headers, payloads, and URLs, and recommended appropriate mitigation steps such as purging emails, blocking domains, and notifying impacted users.
  • Worked directly with Legal on incidents involving data exposure, policy violations, and reputational risk, ensuring proper handling and escalation.
  • Collaborated regularly with Threat Hunting, Vulnerability Management, Engineering, and Network teams to contain threats, remediate affected systems, and validate response actions.
  • Communicated clearly and professionally during live incidents, delivering timely status updates, impact assessments, and resolution plans to both technical and non-technical stakeholders.
  • Created and maintained detailed incident documentation, ensuring accurate timelines, actions taken, and lessons learned were recorded for future reference.
  • Participated in post-incident reviews, contributing to process improvements, playbook updates, and tuning of alert rules to improve accuracy.
  • Supported security policy enforcement by reviewing vulnerability scan results and working with owners to address critical exposures.

Associate Threat Analyst

Zerofox
06.2021 - 08.2021
  • Analyzed and validated incoming alerts related to external digital threats, including impersonation accounts, phishing attempts, domain spoofing, and brand abuse.
  • Performed quality assurance (QA) on threat datasets to ensure accuracy, prioritization, and alignment with client risk profiles.
  • Assisted in the identification of physical threats near client locations by monitoring open-source channels and geotagged digital chatter, escalating location-based risks when appropriate.
  • Drafted detailed threat summaries and actionable recommendations to support client protection strategies across digital and physical domains.
  • Collaborated with internal operations and intel teams to refine alert workflows and provide timely responses to customer inquiries.
  • Utilized internal platforms and threat intelligence tools to track digital risk indicators, improve alert accuracy, and support client-specific threat reporting.

Security Analyst-Virtual Security Operations Center

Uber
08.2020 - 03.2021
  • Monitored real-time alerts from SIEM and EDR platforms, identifying security incidents including malware infections, phishing activity, and account compromise attempts.
  • Investigated inbound phishing reports and suspicious emails by analyzing headers, links, and attachments, escalating confirmed threats per defined playbooks.
  • Triaged tickets from the SOC mailbox, prioritizing alerts based on severity, risk, and business impact, and ensured timely follow-up and case documentation.
  • Utilized endpoint tools to examine malicious process behavior, unauthorized file execution, and system-level anomalies across user devices.
  • Conducted root cause analysis and whitelist validation to reduce alert noise and fine-tune SOC alert thresholds.
  • Analyzed network logs and proxy traffic to identify anomalies, command-and-control communications, and lateral movement indicators.
  • Worked closely with Tier 2 and IR teams to escalate complex threats, contributing to containment and remediation strategies.
  • Documented investigation steps, findings, and outcomes in internal ticketing systems and supported post-incident reviews.
  • Provided support in policy enforcement and threat mitigation, offering recommendations to harden endpoints and improve overall detection coverage.
  • Operated in a 24x7 SOC environment, ensuring consistent shift coverage and readiness to respond to time-sensitive incidents.

Security Consultant

Infosys
08.2020 - 01.2020
  • Provided Tier 1 incident response support, handling initial triage and investigation of security alerts related to malware, phishing, and unauthorized access attempts.
  • Analyzed phishing emails reported by internal users, reviewing headers and payloads to assess threat severity and escalate confirmed incidents.
  • Monitored log forwarding and ingestion status across integrated security tools to ensure real-time visibility into the threat landscape.
  • Used internal ticketing systems to document cases, assign severity levels, and ensure timely handoffs to senior analysts when escalation was required.
  • Generated end-of-shift reports summarizing open cases, completed investigations, and key alerts to ensure smooth transitions across shifts.
  • Operated in a 24/7 SOC environment, providing coverage during nights, weekends, and holidays as needed.
  • Communicated effectively with team members and supervisors to provide updates on ongoing cases and share investigation findings.

Security Analyst- Global Security Operation Center

IBM
08.2019 - 01.2020
  • Performed real-time security event monitoring, detection, and triage within a 24x7 SOC environment, responding to incidents across endpoints, networks, and email infrastructure.
  • Utilized SIEM tools (e.g., QRadar) to analyze logs, correlate alerts, and detect suspicious behaviors including brute-force attempts, malware execution, and policy violations.
  • Investigated phishing campaigns targeting the organization by analyzing email metadata, URLs, and attachments, and escalated validated threats for containment.
  • Reviewed vulnerability reports and collaborated with internal teams to verify asset exposures and assist in prioritizing remediation tasks.
  • Handled critical incident escalations (P1/P2) by coordinating with SOC leads and ensuring proper containment actions and communication were executed within SLA.
  • Managed SOC inbox and responded to user-submitted reports of suspicious activity, providing first-level investigation and filtering false positives.
  • Worked with the Cyber Threat Intelligence (CTI) team to identify ongoing threats, validate indicators of compromise, and contribute to threat mitigation strategies.
  • Participated in incident response support, documenting timelines, affected systems, and containment steps for compliance and post-incident review.
  • Contributed to process improvement initiatives by providing feedback on detection rules, response workflows, and use case tuning.
  • Maintained up-to-date knowledge of threat actor TTPs, malware indicators, and emerging attack vectors to support proactive threat detection.

Education

CIVIL Engineering -

Jawaharlal Nehru Technological University
01.2015

Skills

  • Security Operations & Monitoring: Incident Response, Threat Hunting, Alert Triage, Log Analysis, Root Cause Analysis, False Positive Reduction
  • Threat Intelligence & Analysis: IOC Investigation, Phishing & Malware Analysis, External Threat Monitoring, Identity Breach Detection, Digital Risk Protection
  • Security Tools & Platforms: Splunk, CrowdStrike, Microsoft Defender, QRadar, Proofpoint, UpGuard, ZeroFox, Zscaler, Varonis, Joe Sandbox, ANYRUN, ServiceNow, Jira
  • Email & Endpoint Security: Email Threat Analysis, Phishing Takedown, Endpoint Forensics, Web Proxy Analysis, Whitelisting & Policy Enforcement
  • Cloud & Network Awareness: DNS/Proxy Log Analysis, Azure,AWS CloudTrail, Cloudlock, G-Suite Security, Firewall & Network Traffic Review

Certification

  • Certified Ethical Hacker - EC Council
  • AZ-900 Azure Fundamentals
  • CompTIA Security+


IBM Badges:


  • Cybersecurity Roles, Processes & Operating System Security
  • Cybersecurity Compliance Framework & System Administration
  • Penetration Testing, Redteam, Incident Response and Forensics

Timeline

Senior Security Analyst

Sunbelt Rentals
06.2023 - Current

Incident Response Analyst

McKinsey & Company
08.2021 - 01.2023

Associate Threat Analyst

Zerofox
06.2021 - 08.2021

Security Analyst-Virtual Security Operations Center

Uber
08.2020 - 03.2021

Security Consultant

Infosys
08.2020 - 01.2020

Security Analyst- Global Security Operation Center

IBM
08.2019 - 01.2020

CIVIL Engineering -

Jawaharlal Nehru Technological University
Harika Kalvakolanu