Abhilash Maroju

Mob: (831)288-5535
Email: abhilash9.soc@gmail.com

Profile Summary:

Extensively 5 Years of dedicated experience in the field of Information Security/Cyber Security.

Currently working as Cyber Security Engineer and Incident responder in Microsoft Headquarters.
I am doing Incident Handling, Vulnerability assessment & Pentesting of Web Applications and
Networks, Malware Analysis, DDoS Mitigation, analyzing threats, testing cyber Attacks, Monitoring
IDS/IPS, Internal Auditing based on (ISO27001, PCI-DSS), and Incident Response (ISOC). Utilize a
Security Event Incident Manager (SEIM) tool:IBM QRADAR, Splunk & Arc Sight. Hands on with
SIEMs, IDS/IPS devices, EndPoint Solutions, Manual Pen testing (Kali, Offensive security) and
products security.Also found multiple SQL injection, Cross Site Scripting (XSS), CSRF, ARP
Poisoning, DNS Spoofing vulnerabilities manually and with Tools. In Certifications I have done CEH
& ECSA certified from EC-COUNCIL, Qualys certified and ITIL . Also I Masters in Computer science &
Infosec + B. TECH in Computer Science.

Tools, Technologies and Skills:

IDS/IPS: SNORT, SourceFire, Nitro Security, Checkpoint and Tipping point.

Auditing: ISO27001, PCI-DSS.
Security:  BackTrack, Kali, VAPT Mobile applications [Android, iOS].
DDoS attack: UDP/ICMP Flood, SYN Flood, HTTP Get Flood, TCP Connection Attack, TCP
Flag-based Attacks.
Data Centre: Cacti, Nagios, Veeam Backup and Replication v5, Cfengine, and HP
management.
Data Security: Cryptocat, OpenPuff, McAfee Data Loss Prevention, RSA Data Loss Prevention Suite,
TrueCrypt, Tor Browser Bundle, Websense's Content Protection Suite, Guardium, PKI, RSA Secure
ID, DLP, digital signature.
Monitoring: BMC Patrol, Site Scope, Imperva SecureSphere, Bluecoat.
Honeypots:- Database Honeypots (Elastic honey), Web honeypots (Glastopf, Shadow Daemon,
Google Hack Honeypot), Service Honeypots (Kippo, troje), Deployment (Dionaea, honeypotpi).
Microsoft technologies:- Microsoft Identity Manager(MIM), AD, LDAP, Windows PKI, SharePoint,
WSUS and SQL Server.
Cloud technologies :- Microsoft Azure, Amazon AWS.
Cryptography: Encryption Algorithms, Digital Signature, Deploying PKI.   
Penetration Testing: Nexpose, GFI Languard, eRetina, McAfee Foundstone, Metasploit, PW dump.
SIEM: IBM QRADAR, ArcSight, MacAfee ESM (Nitro), RSA Envision and Splunk
Malware Analysis: Process Explorer, Process Monitor, Net witness.
VPN: IPSEC, PPTP, L2TP, Open VPN
Virtualization: VMWARE, VMWARE ESXI and ORACLE VIRTUAL BOX.
Web security Tools: SNORT, Acunetix, Burp Suite, Paros, Nessus, Havij, Nmap and Wireshark.
Cyber Forensic tools: Encase, PTK Forensics, FTK, X-Way Forensics, Backlight, and EPRB.
Network Tools: Snort, hping, tcpdump, Ethereal (packet analyzer), Wireshark.
Process Skills: Information Security Management System, BCP/DR Planning.
Programming Languages: -
C, C++, Powershell, PYTHON, SOCKET PROGRAMMING, HTML, XML, MYSQL, SQL Server.
Protocols:- TCP/IP, UDP, HTTP, HTTPS, GRE, SMTP, DNS, BGP, OSPF, IGRP, EIGRP, SSL, DHCP, FTP
And IRC.

WORK EXPERIENCE:

Microsoft Corporation, Redmond, WA Apr-2017 to Present

Cyber Security Engineer

 Enterprise security architectures and security components that implement these

architectures including SIEM (Qradar), DLP, IAM and leading security products.
 Used IBM QRADAR and other events management tools for traffic analysis and
incident management .
 Creates tickets, manages and closes tickets upon completion of incident
investigation and remediation actions.
 Strong working knowledge of network security monitoring and incident response,
as well as superior written and technical communications skills to non-technical
personnel.
 Managed and conducted projects involving incident response, computer forensics,
malware analysis, and information.
 Collected and analyzed intelligence relative to cyber intrusions and incidents to
provide strategic information concerning the tactics and malicious behavior of
cyber-threat entities to answer customers' intelligence requirements.
 Provides input for security incident reports.
 Written multiple powershell scripts to automate my Work also deploying Microsoft
Identity Manager(MIM).
 Done the Auditing of folders, files, admins in windows server 2016.
 Writing multiple Scripts in Python to automate the processes of scanning and
malware sample collection and IR process.
 Enterprise network architectures, topologies and components that implement
these networks including TCP/IP, firewalls, proxies, and routers.
 Using tools to prevent client from DDOS/DOS.
 Client/server architectures and, server and end point component and technologies
including Linux and Microsoft servers, computers, and mobile devices.
 Conduct open-source and classified research on emerging/trending threats and
vulnerabilities.
 Doing Mobile (IOS and Android) Pen testing
 Setup different types of honeypots to collect malware samples.
 Create finished, all-source intelligence assessments for inclusion in various Agency
and IC intelligence products.
 Collaborates with the watch floor to ensure continuity of fusion analysis.
 Handling a team for VAPT for Web and Network. Doing VAPT based on OWASP top
10.
 Performs analysis related to the detection, characterization, monitoring and
warning of suspected unauthorized network activity and relationships that may
pose a threat.
 Initiates projects and plans leveraging broad research and analysis that affect cyber
network defense.
 Experience in planning, developing, implementing, monitoring and updating
security programs, and advanced technical information security solutions, and
 sound knowledge in SOX and PCI compliance requirements and understanding of
NIST and ISO standards
 Experience in planning, developing, implementing, monitoring and updating
security programs, and advanced technical information security solutions, and
sound knowledge in SOX and PCI compliance requirements and understanding of
NIST and ISO standards.

Western Union, CA July-2016 to Mar-2017

Security Analyst

 Worked on Nessus Security Center and Manager for vulnerability management.

 Maintenace, Changes in ACL and Auditing of Cisco ASA.
 Knowledgeable of Security/Information Assurance (IA) products such as PKI, VPN,
firewalls, and intrusion detection and prevention systems.
 Support Customer organization SOC team leads in managing, issuing and tracking
vulnerability patch requirements, cyber security incident and compliance matters
 Coordinate maintenance of security-related systems (Anti-Virus), Logging, Content
filtering, Intrusion Prevention, Security Incident and Event Management, Syslog,
etc.
 Performing as a first responder's on security Incident responses and investigations.
 Performing, analyzing security logs generated by Intrusion Detection/Prevention
Systems (IDS/IPS), firewalls, network flow systems, Anti-Virus, and/or other
security products.
 Working as SPOC for all security related issues
 Analysis of chcekpoints alerts triggered.
 Deploying SOC for the client and Doing the management of that.
 Using tools like MacAfee ESM, Nexpose, MacAfee EPO, and UTMs.
 The responsibilities include Monitoring and analyze network traffic and IDS alerts.
 Investigating intrusion attempts and performs in-depth analysis of exploits.
 Providing network intrusion detection expertise to support timely and effective
decision making of when to declare an incident. Conducting proactive threat
research.
 Reviewing security events that are populated in a Security Information and Event
Management (SIEM) system.
 Analyzing a variety of network and host-based security appliance logs (Firewalls,
NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and
escalation paths for each incident.
 Independently following procedures to contain, analyze, and eradicate malicious
activity.
 Documenting all activities during an incident and providing leadership with status
updates during the life cycle of the incident. Creating a final incident report
detailing the events of the incident
 System performance and health monitoring of IBM Qradar (Created a SIEM
Webpage using VBScript on IIS Server). 
 Monitored events, responded to incidents and reported findings. 
 Utilized Security Information and Event Management (SIEM), Intrusion Detection &
Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and
malware analysis tools. 
 EPS and Utilization monitoring of Qradar
 Develop comprehensive security event reports to address current and potential
security concerns and meet Audit Requirements. 
 User/Group administration and management of access permission for IBM Qradar
 Configure Reference Sets as White lists and Blacklists for Rules and Reports.
 Create and Run Qradar Searches for Rules and Reports. 
 Provide ongoing support of complex Cisco Route Switch and Network solutions
using CISCO ISE.
 Install and Maintain a highly available and scalable network environment.
 Migrating existing Reports and Alerts from RSA envision to IBM Qradar. 
 Aggregate, correlate and analyze log data from network devices, security devices
and other key assets using Qradar
 Procured, stood up, and built out F5 LTM & GTM device infrastructure for
connectivity with network teams to deliver new data centers to support various
line of business
 Design, Develop and execute new installation and mitigation plans for technical
issues.
 Ensure documentation meets quality standards, applicable regulatory compliance
& company guidelines.
 Provide expertise in review of all deliverables across the project lifecycle.
 Review and update functionality whenever and wherever required enhancing the
performance of the system and to meet the user’s requirements.
 Part of technical discussions at Onsite with client.
 Perform Server Migration.
 Coordinate with team to discuss for the production support.
 Installing and configuring Viprion F5 load balancers.
 Assisted with Palo Alto NG Firewall implementation and switch from Checkpoint
Firewall.
 Maintain, and operate lab wide Vulnerability Assessment deployment (Security
Center/ Nessus)
 Installed and configured Qualys Guard server appliances (both physical servers and
virtual cloud based servers), and ran various ad-hoc/custom/standard reports
 Experience in implementing Next Generation Firewalls (NGFW) such as Bluecoat
ProxySG and other vendors such as Palo Alto networks NGFW for URL filtering
 Analysis of co-relational alerts triggered via SIEM i.e AlienVault
 Analysis of the phishing emails and hidden malware drop files.
 Creation of co-relational rules in SIEM.
 Providing on-call Support in off hours when needed.
 Worked on implementation of different third party security tools like Rapid7,
Demistro and DUO
 Handling Weekly meeting and Quarterly and weekly tasks.
Health Plan Services, FL Jan 2016 - June 2016
Security Analyst

 Developing and testing new correlation content and use cases using ArcSight filters,
rules, data monitors, active lists, and session lists.
 Monitoring the logs of Bluecoat and analyzing it.
 Monitoring the IDS alerts, mitigating the alerts for resolving the problems.
 Working with McAfee, BrightCloud, SecureWorks, and submitting
 The latest Signatures, DATs, to increase their protection for WB network.
 Monitoring IDS and Taking reports from ArcSight and Splunk.
 Monitoring database-using Imperva also managing Imperva.
 Doing Malware Analysis, Analyzing the Files, rar, zip, doc, pdf, xls, and jpg.
 Creating Daily, Monthly reports of various devices for WBG.
 Manage Information Security Operations Center 24x7x365 basis
 Monitor multiple security alert sources, identify and triage significant security
events,
 Determine impact and threat severity, escalate according to established procedures,
and open.
 Mobile applications (Android, iOS) security testing.
 Monitoring through BMC Patrol, Site Scope.
 Trouble tickets using the Case Management System.
 Review & Monitor IDS, EPO, ArcSight, FireEye, Palo Alto and SecureWorks.
 Conduct thorough investigative actions based on security events and remediate as
Dictated By standard operating procedures.
 Participate in all the phases of incident response process, including detection,
containment.
 Used data security tools (CyberArk, Cloakware, Guardium, PKI, RSA Secure ID, DLP,
digital signature) for securing the sensitive data.
 Monitor corporate anti-virus infrastructure security alerts and reports.
 Confirm threat classification of case assignments; escalate according to standard
operating procedures.
 Where appropriate, submit malware from investigative work to anti-virus vendor
for new Anti-virus signatures, follow-up with vendor.
 Worked on Cloud Security Products to ensure security of customer from cyber
attacks.
 Working knowledge of HTTP(S), TCP/IP , DNS
 Knowledge of various DDoS attack types (UDP/ICMP Flood, SYN Flood, HTTP Get
Flood, TCP Connection Attack, TCP Flag-based Attacks)
 Participated in the product selection and installation of Qradar Security
Information Event Manager SIEM consisting of multiple collectors and a high-
performanceMS SQL database 
 Designed and implemented enterprise SIEM systems: centralized logging, NIDS,
alerting and monitoring, compliance reporting, based on IBM/ Qradar 7.0 SIEM. 
 Responsible for IBM Qradar SIEM monitoring and configuration aligned to internal
PCI and SOX controls
 Working in 24 X 7 SOC operations in different shifts.
SYMANTEC, CA Sep 2014 - Dec 2015
Security Analyst

 Used many tools like Imperva SecureSphere, Tripwire Novel sentinel, ArcSight,
eRetina, McAfee Foundstone, Source fire, McAfee Intrushield, Securesphere, Source
fire.
 Learn Concepts Of Information Security That Covers Cyber Security, System
Administration, IT Auditing, Cyber Forensics, Data Center Management,
Cryptography, Scripting, Network Defense & Countermeasures (NDC).
 Real time monitoring of Network Security components and devices such as
Firewall,IDS,IPS and windows server to correlate the logs as per client's
requirement.
 Development of various co-relation Rules,Reports,Alerts,Active
Channels,Dashboard.
 Building of rules in Arcsight based on client's use-cases.
  Initial set-up, installation and implementation of new SIEM solution (IBM Qradar
 Migrating existing Reports and Alerts from RSA envision to IBM Qradar. 
 Aggregate, correlate, and analyze log data from network devices, security devices
and other key assets using Qradar
 Created SIEM dashboard for Qradar and reconciliation with Storage, Database
Server, Workstation and Server and Network Devices. 
 Assist multiple security projects with the goal of exceeding compliance objectives. 
 Qradar SIEM and Web Sense - Proxy 
 Responsible for maintenance, administration and configuration of the log
aggregation solution. 
 Along with creating custom views, reporting and automated alerting for both
operational and security use using Qradar. 
 Assisted with management and tuning of our perimeter Intrusion Prevention
Solution. 
 Network traffic visualization to facilitate monitoring and trending analysis. 
 Responsible for maintaining availability, reporting and communication of the SIEM
between it, its event-sources and the endpoints. 
 Analysis of various use cases in the Qradar console like Malware, AD related issues. 
 Managing Phishing Incidents from detection to takedown and providing analysis of
phishing.
 Reporting malwares and blacklisted link and providing threat advisories of
malwares and patch.
 Part of the SOC - 24x7 monitoring for Targeted phishing Sites using SIEM TOOL-
ArcSight, Watermark, Domain analysis, Brand Abuse websites and Abuse mail box.

Flying Freshers, India FEB 2012 to JUL 2013

Cyber Security Trainee

 I was managing the MIS and developing, uploading the website updates.
 Updating security patches and also working as security administrator.
 Monitoring using tools like BMC Patrol, Site Scope.

 PROJECTS CARRIED:-
  CERT-IN (Computer Emergency Response Team) Empanelment.
I was an active team member for CERT-In VA/PT to get CERT-In empanelment for
the organization.
 ENTERPRISE SECURITY ARCHITECTURE.
Design a DMZ, And Implementing a Secure Environment with the Help of IDS
(SNORT), Firewalls, WHATSUP GOLD Tool, Tripwire, Imperva SecureSphere,
VMVARE ESXI and WSUS.
 Email Security: -
Providing anti-spam, antivirus solution for Client. All the mails for the Client domain
and the legacy domains pass through these screening before reaching the exchange
servers for delivery. We block the spam mails at the gateway level and pass the
genuine mails only.
 VAPT (Vulnerability Assessment and Penetration Testing).
Tools Used: Nmap, Nessus, GFI LAN Guard, Acunetix, Grendel, W3af, VEGA,
Metasploit Framework, SNORT, Havij, IPSEC, eRetina, McAfee Foundstone, PPTP,
L2TP and Wireshark,
Methodology: OWASP (Open Source Web Application Security Project)
 Dos Attack and Prevention with the Help of Snort.
We have made a system as server and done DOS attack with the help of LOIC, and
see SNORT was working as IDS also used some other tools like Source fire, McAfee
Intrusion shield.
 Website Security Audits.
Tools used: Nmap, Nessus, Webscarb, Hydra, Acunetix, Grendel, W3af
Methodology: OWASP (Open Source Web Application Security Project).

Cloud Security Skills :

 Good understanding of Layer 7 Attacks and DDOS attacks

 Extraction of required logs and do the required analysis
 Good understanding of Ping,Traceroutes, MTR to troubleshoot network issues.
 Underatanding of different Layer 7 attack rules.
 Perform deep level packet analysis with Wire shark/ tcpdump
 Excellent understanding of HTTP and HTTPS
 Basic understanding Content Delivery

EDUCATION:

Masters in Computer Science, 2015.

Northwestern Polytechnic University, CA, USA.

Bachelor of Technology in Computer Science & Engineering, 2013.

Jawaharlal Nehru Technological University, Hyderabad, INDIA.

CERTIFICATIONS ACCOMPLISHED:

EC Council Certified Security Analyst .

Certified Ethical Hacker v8-CEH .
 Certified Arcsight ESM Security Analyst- AESA .
Certified Information Technology Infrastructure Library – ITIL v3 .
Solarwinds Certified Professional.
Qualys Certified Specialist- Vulnerbility Management

TECHNICAL TRAINING:

Trained Certified Ethical Hacker v8

Trained Arcsight ESM Security Analyst
Trained in Nessus Manager and Security Center
Trained in Vulnerability Management by Qualys Guard
Trained in ITIL v3