Jagadeesh Kumar Ruttala

• Develop and recommend security controls, identify key security objectives to maximize software and system security while minimizing disruption to plans and schedules
• Document and manage Cybersecurity processes, procedures, policies, and control documentation
• Participates in design, implementation, of logging and monitoring processes across various environments
• Accountable for follow-up of all security work requests including collaborating with other IT areas to ensure timely completion/resolution and obtainment of appropriate approval levels
• Acts as the lead liaison for internal and external audit requests and activities
• Leads remedial actions as the result of audit findings
• Investigates business processes to understand and implement security requirements weighing business needs and security risks and resolving issues
• Assist in security reviews, identifies gaps in security architecture and designs and recommends necessary security controls to be integrated within the development lifecycle
• Review and ensure compliance with customer security policies and requirements
• Review new and existing system designs for compliance with security standards and best practices
• Familiar with industry standards and control frameworks, risk assessment frameworks, security assurance auditing standards, best practices guidelines, such as ISO27001, NIST CSF (80053), SANS
• Top 20, OWASP Top 10, etc
• Lead Incident Management activities to monitor and resolve incidents
• Ability to create and maintain custom reports, dashboards and views utilizing the SIEM
• Triage daily queue of alerts from different security log sources
• Develop and maintain SOAR technology on the environment
• Experience performing SIEM rule development
• Experience with log ingestion into the SIEM by raw log ingestion, email, and API
• Lead efforts, oversee work results, provide formal training and serve as a technical resource for
• Information Security team members

• Develop content for the logrhythm, Qradar and Splunk platform around current trending security events to provide real-time, relevant alarming
• Oversee all customers' integration into the MSSP to reliably handed to an operations team to conduct definitive work
• Work with vendors to develop partner relations, besides, to drive innovation for the platform
• Have high awareness of customer service levels when dealing with problems to ensure all SLA's are met
• Maintain operational status of client's SIEM platforms with a 90% efficiency rating based on current SLAs
• Develop data architecture design to enable analysts to perform targeted customer analysis
• Managed creative projects from concept to completion while managing outside vendors
• Develop alerts that trigger on configured setting to send alerts to appropriate business group
• On-boarding new log sources into SIEM, analyzing anomalies and trends, and building dashboards
• Develop SIEM Use Cases, Dashboards, Alerts, and Reports based on different sources of logs
• Management and support parsing fields from unstructured logs
• Implementing and administering Splunk Enterprise within a Linux environment, including common
• Splunk components such as indexer, forwarder, search head, heavy forward
• Onboard data to Splunk via forwarder, scripted inputs, database, and modular inputs from a variety of sources
• Administration and support for Splunk cluster environment
• Validate and approve run books and use cases
• Mentor L1 and L2 analysts

Project: Ministry of Transport and communication (GBM)

• Provide in-depth analysis, response and remediation on cyber incidents and determine course of action to contain and eradicate threats
• Perform in-depth analysis, monitoring, research, assessment and recommendations on Intrusion detection and prevention tools, anomaly detection systems, firewalls, antivirus systems and proxy devices
• Perform in-depth analysis, monitoring, research, assessment and recommendations on Intrusion detection and prevention tools, anomaly detection systems, firewalls, antivirus systems and proxy devices
• Develop and maintain documentation of more complex threats and incidents to enhance event monitoring and incident response function and cyber tools
• Develop internal documentation, such as detailed procedures, playbooks, and operational metrics reports to improve overall response times
• Establish, maintain and execute all components of an incident response plan, including run books, from incident intake through root cause analysis, technical remediation analysis, and reporting
• Execute cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation
• Build and tune custom use cases, dashboards, searches, reports on the SIEM platform based on cybersecurity and business needs
• Establish, maintain and execute all components of an incident response plan, including run books, from incident intake through root cause analysis, technical remediation analysis and reporting
• Develop and maintain processes/procedures around SIEM based on environmental changes
• Familiar with cyber resiliency, disaster recovery, and business continuity concepts
• Preparing analytics in the environment for new threats as part of threat intelligence
• Developed formats and produced the weekly reports and monthly reports
• Played a significant role in memory forensics using the tool Volatility.

Project: Cautela Labs

• Management responsibilities for information security staff, including setting goals, monitoring performance, coaching for improvement, providing feedback to team members, and participation in hiring of new team members
• Responsible for scheduling and ensuring that all shifts are covered
• Provide oversight and management of new customer onboarding and implementation activities
• Manage Client relationships through resolving problems and following up on the status of client issues
• Document, track and communicate until issue is resolved
• Escalate internally as needed with teams that are resolving any Client or network issues
• Ensure the development of and adherence to detailed operational process and procedures to appropriately log, track, analyze, escalate, communicate, and remediate information security incidents
• Ensure the development and reporting of metrics and trending information for Company and Client use and facilitate the ability to perform historical analysis
• Supports the preparation and implementation of necessary information security policies, standards, procedures and guidelines, in conjunction with the Security Committee.
• Responsible for the operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations
• Supports activities relating to contingency planning, business continuity management and IT disaster recovery in conjunction with relevant functions and third parties.

Project: Cautela Labs

• Responsible for monitoring system logs to identify anomalies malware, exploit attempts, access violations or other attacks on customer's network, infrastructure and data
• Deliver high quality security event analytics
• Provide update as the incident progress through the incident response process as requested by client
• Help in Implementation of approved changes to client's security requirements
• Manage security tools, schedule, and coordinate any approved changes to security tools, software, computing assets and process which support the prevention of security exposure
• Responsible for diagnosing and resolving issues and problems with the client's information technology systems and providing detailed alternative solutions
• Identifying rogue, unpatched and unprotected systems and remediate in accordance with the company policy
• Install update operate and maintain malware protection software on all equipment and software equipment used to deliver and support security services
• Perform real time malware protection scanning in accordance with the security policy and schedules
• Configure scheduled automated scans to scan equipment in accordance with customer direction and service levels
• Coordinate with client information security and company activities required to respond to security incident notifications received from company
• Assist investigators of security incidents by collecting and analyzing logging and audit information and providing incident reporting.

Project: Jefferies

• Developing Security Incidence Response (SIR) standards and deliver IT Security policies and procedures and a complete Security Incident/Event Monitoring (SIEM) Solution
• Monitoring offenses and generating reports from STRM (Security Threat Response Manager)
• Adding new servers to STRM, to monitor their network
• Approving different exception requests and notifying the users regarding exception requests
• Responding to Orchestria, ALE and STRM alerts
• Performing daily health checkup and mailing IBM qualys guard status
• Creating new requests using remedy and RSAM
• Checking logs from Splunk
• Monitoring the complete network using the tool SOLERA
• Creating Weekly reports for RSA
• Updating Microsoft security bulletins monthly
• Generating monthly reports for QUALYS and STRM
• Varonis integration

Project: Infraops

• Developing vulnerability management policies and procedures, user training material and monitoring the security events
• Installing, configuring and administering network tools like CACTI and MRTG
• Installing, configuring and administering ticketing system tools like OTRS and Manage sense
• Installing, configuring and administering SIEM tools like Alien Vault and ZenOS
• Hardening the operating systems of the clients
• This includes both windows and linux
• Helped developers in creating oracle database backup
• Cleared old data from the servers, if they exceeded the limit.

Project: ABN AMRO Bank, UK

• Visited ABN Amro Bank to perform a POC on selecting SIEM solution for their bank.
• Shortlisted two SIEM solutions and performed demo out of handful of solutions with respect to the bank needs and network architecture

• Assessing the enterprise architecture and identifying the critical assets
• Discovering the vulnerabilities and sorting the application domain user groups
• Perform Penetration Testing and conduct critical server, security administration and infrastructure architecture diagnostic to conduct Network Security Assessment
• Perform Black Box application testing and review of application architecture and secure code
• Strong familiarity with OWASP Top Ten, NIST, and MITRE ATT&CK
• Understanding of both application and network layer security considerations and how to fix them such as: buffer overflow, ToC vs
• ToU, input validation, encapsulation, insecure protocols, MITM attacks, SQLi,etc
• Educating the users on 'Social Engineering' such as Tail Gaiting, Password Sharing, information
• Sharing, Strolling, Dumpster diving etc
• Mentor and train others in information security in addition to training for other technical groups
• Participated in forensic recovery and analysis.

• Produce “Threat Summary Reports” to effectively summarize incidents and provide recommendations for improvements and additional proactive and reactive countermeasures
• Responsible for assisting in the coordination effort to remediate security alerts and respond to information security related incidents
• Use vulnerability management tools like Nessus, Rapid 7 and penetration tools like Core Insight,
• NMAP, Netcat, and Metasploit
• Scanning a network and identifying vulnerabilities producing a report prioritizing the results
• Responsible for monitoring organization's network, including IDS, firewalls, log capture, etc., and reacting to their output
• Provide technical leadership to the enterprise for the information security program
• Assess threats, risks, and vulnerabilities from emerging security issues
• Draft enterprise security standards and guidelines for system configuration
• Perform and create procedures for system security audits, penetration-tests, and vulnerability assessments.

• Recommended preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy
• Responsible for assisting in the coordination effort to remediate security alerts and respond to information security related incidents
• Scanning a network and identifying vulnerabilities producing a report prioritizing the results
• Responsible for monitoring organization's network, including IDS, firewalls, log capture, etc., and reacting to their output.

• Mobile Game testing on different type of mobiles
• Configuration of internet access on different mobiles for different service
• Experience on different mobile software and operating systems
• Escalating issues to team leader that are not within scope
• Monitor and track the cases that were logged and do proper follow-up to users.