Summary
Overview
Work History
Education
Skills
Certification
Languages
Timeline
Generic

Phanisree Bandi

Summary

Professional cybersecurity specialist skilled in threat analysis, network security, and incident response. Strong focus on team collaboration and achieving results, adapting to changing needs seamlessly. Known for robust problem-solving abilities, strategic thinking, and effective communication. Expertise includes risk management, vulnerability assessments, and regulatory compliance.

Overview

9
9
years of professional experience
1
1
Certification

Work History

Cyber Security Analyst

Administrative Office Of The U.S. Courts
11.2022 - 02.2025
  • Conducted vulnerability assessments and application security testing on servers, web applications, databases, and network devices for the Judiciary's public servers, following OWASP Top 10 and CIS Benchmarks
  • Assessed service assets, performed threat correlation, and conducted security risk assessments to identify and mitigate risks
  • Performed annual and ad hoc vulnerability scans, generated risk reports, and conducted remediation scans on organizational assets
  • Provided remediation guidance to stakeholders for discovered vulnerabilities, ensuring timely and effective resolution
  • Improved vulnerability management processes by reducing false positives and conducting regular network vulnerability scans, ensuring compliance with business standards for daily, weekly, and monthly assessments
  • Utilized industry-standard security tools such as Burp Suite, Nessus Pro, and Tenable Security Center for thorough security analysis and enhanced protection
  • Conducted web application penetration testing on client applications, focusing on OWASP Top 10 vulnerabilities to identify and mitigate risks
  • Prepared comprehensive assessment reports based on CVSS Risk Ratings and Residual Risk analysis to prioritize and address critical security issues
  • Applied the NIST Cybersecurity Framework (CSF) to assess and improve organizational security postures, ensuring alignment with industry best practices and regulatory requirements
  • Integrated risk management principles into vulnerability assessments and security testing, identifying gaps and developing mitigation strategies to reduce organizational risk
  • Conducted access control reviews to ensure proper user permissions and adherence to the principle of least privilege
  • Acquired knowledge of various operating systems, including Windows and Linux
  • Implemented and managed SIEM (Security Information and Event Management) tools such as Splunk, IBM QRadar, and Microsoft Sentinel to monitor, detect, and respond to security incidents in real-time
  • Configured SIEM correlation rules and dashboards to identify suspicious activities, such as unauthorized access, malware, and data exfiltration
  • Conducted forensic analysis using SIEM tools to investigate security incidents and identify root causes
  • Generated compliance reports from SIEM tools to meet regulatory requirements such as HIPAA, PCI DSS, and GDPR
  • Collaborated with security teams to optimize SIEM workflows, improve threat detection, and reduce response times

Information Security Analyst

OpenSystems Technologies
09.2019 - 11.2022
  • Developed processes and implemented tools and techniques to perform ongoing security assessments of the environment
  • Identified and resolved false positive findings in assessment results to ensure accurate vulnerability reporting
  • Analyzed Vulnerability Assessment results and collaborated with technology partners and business units to resolve identified vulnerabilities
  • Performed Continuous Identification and Vulnerability Analysis using Tenable Security Center
  • Documented all vulnerabilities and assisted technical teams in their resolution, ensuring timely remediation
  • Developed remediation plans and security procedures, supporting the rapid execution of information security initiatives
  • Maintained prioritization, focus, and persistence in a dynamic environment of significant change and growth
  • Stayed current with vulnerabilities, attacks, and countermeasures, dedicating time to research and development activities
  • Monitored and ensured compliance with employee HIPAA and security training requirements to maintain a security-aware workforce
  • Performed risk assessments based on NIST and HIPAA requirements, identifying gaps and implementing remediation strategies
  • Worked with security tools and platforms such as Zscaler, PaloAlto, Panorama, Microsoft Defender, Azure, and AWS security components
  • Gained experience with automation tools and scripting, such as SQL, Python and PowerShell
  • Designed and implemented Identity and Access Management (IAM) solutions to manage user identities, roles, and access permissions across systems and applications
  • Conducted access reviews and role-based access control (RBAC) audits to ensure compliance with the principle of least privilege
  • Integrated IAM solutions with enterprise systems (e.g., Active Directory, cloud platforms) to streamline user provisioning and de-provisioning processes
  • Developed and enforced IAM policies to enhance security and reduce the risk of unauthorized access
  • Automated IAM workflows using scripting and tools to improve efficiency and reduce manual effort

Security Analyst

Global Pharmatek
01.2017 - 09.2019
  • Responsible for identifying emerging vulnerabilities, the technical controls that exist in the environment to mitigate the risk posed by the vulnerabilities
  • Responsible for guiding the technical team in relevant actions for remediating the vulnerabilities
  • Solid and demonstrable comprehension of end-to-end Vulnerability Management to include industry standards such as CVE, CPE and CVSS
  • Governance and oversight of vulnerability management activities to develop solutions to address control gaps
  • Performing scans to identify vulnerabilities or confirm compliance with security standards
  • Configure and run automated vulnerability scanning tools, prioritize remediation and track false positives
  • Responsible for assessment of threats and vulnerabilities based on enterprise vulnerability management framework

Associate Security Analyst

JPI Technology LLC
04.2016 - 12.2016
  • Responsible for identifying, classifying, planning mitigations and tracking results for detected cyber security vulnerabilities
  • Worked with program manager to develop and maintain a vulnerability intelligence process that monitors emerging systems vulnerabilities
  • Collect necessary data, develop and deliver a monthly Cyber Vulnerability Metrics report
  • Develop and deliver documentation supporting cyber indications and warnings
  • Responsible for developing cyber threat analysis for known threats
  • Responsible for documentation and delivering reporting activities related to cyber threat situational awareness
  • Performed complex security related testing, created test cases, performed manual and automated tests
  • Reporting on problems encountered and documented test results for follow-up

Education

Bachelor of Science - Computer Science Engineering

JNTU
Hyderabad
05-2006

Skills

  • Risk assessment
  • Incident response
  • Digital forensics
  • Network security
  • Vulnerability assessment
  • SIEM management
  • Incident response management
  • Identity management
  • Penetration testing
  • Information security policies
  • Risk management
  • Cybersecurity frameworks
  • Cyber threat analysis
  • SIEM tools

Certification

  • Certified Ethical Hacker (CEH) - EC-Council.

Languages

English

Timeline

Cyber Security Analyst

Administrative Office Of The U.S. Courts
11.2022 - 02.2025

Information Security Analyst

OpenSystems Technologies
09.2019 - 11.2022

Security Analyst

Global Pharmatek
01.2017 - 09.2019

Associate Security Analyst

JPI Technology LLC
04.2016 - 12.2016

Bachelor of Science - Computer Science Engineering

JNTU
Phanisree Bandi