Thota Srikanth | Freelancer Resume

Srikanth Thota Email:-| Ph No: - Professional Summary Cybersecurity Analyst with over 3+ years of experience in Security Operations, GRC, and Threat Intelligence. Skilled in SIEM tools like Microsoft Sentinel and Splunk, and experienced in risk assessments, incident response, and ISO 27001/NIST compliance. Proven ability to bridge technical security operations with policybased frameworks. Strong in threat hunting, vulnerability analysis, audit readiness, and scripting automation in Python and PowerShell. Familiar with GDPR, Cyber Essentials, and SOC setup and operations. Professional Experience Security Analyst General Logic Pvt. Ltd., Hyderabad |March 2024 – Present               Delivered comprehensive ISO 27001 gap assessments, identifying security weaknesses and building tailored remediation roadmaps to improve client ISMS maturity. Facilitated client workshops to communicate risks and compliance requirements effectively. Conducted NIST CSF maturity reviews and risk analysis sessions, aligning organizational security goals with business objectives and recommending prioritized improvements for risk reduction. Developed and optimized SOC detection use cases based on MITRE ATT&CK and NIST 800-53, improving alert accuracy and reducing false positives for better incident detection and response. Led the design and implementation of security policies, risk registers, and controls, supporting client audits and certification readiness activities such as Cyber Essentials and ISO surveillance audits. Automated repetitive SOC workflows, including IOC enrichment and log parsing, by developing Python scripts, enhancing SOC efficiency and reducing analyst workload. Managed real-time monitoring and incident triage on Microsoft Sentinel and Splunk, performing indepth analysis to identify malicious activity and coordinate incident response. Researched and profiled adversary TTPs using multiple OSINT platforms such as Shodan, VirusTotal, and Maltego to enrich threat intelligence and improve proactive defenses. Authored detailed risk assessment reports, audit findings, and remediation status updates, communicating complex technical information clearly to both technical teams and executive leadership. Mentored junior analysts on best practices in threat hunting, log analysis, and vulnerability prioritization, fostering a culture of continuous learning and improvement within the team. Created comprehensive SOC documentation including standard operating procedures, incident playbooks, and compliance templates to streamline operations and support audit requirements. Participated in tabletop and simulation exercises to test incident response capabilities, identify detection gaps, and improve readiness for real-world cyber threats. Designed client-facing dashboards for tracking audit progress, vulnerability remediation, and risk treatment activities, providing clear visibility into security posture. Maintained ongoing communication with key stakeholders through weekly meetings, presenting security updates, risk summaries, and next steps to ensure alignment with client expectations. Collaborated closely with cross-functional teams including DevOps, cloud, and application owners to conduct security posture assessments and drive remediation actions for identified vulnerabilities. SOC Analyst Info Matrix Digital Solutions | 2022 – 2024               Skills          Monitored Tier-2 security alerts across Splunk and Microsoft Sentinel, performing detailed analysis on incidents such as phishing campaigns, privilege abuse, and data exfiltration to guide timely response actions. Conducted OSINT investigations to map threat actor infrastructure and behaviors, compiling actionable TTP and IOC reports to enhance detection and response strategies. Developed and maintained detection rules and dashboards within Splunk aligned to MITRE ATT&CK techniques and NIST 800-53 controls, improving the SOC’s ability to identify sophisticated threats. Prepared detailed incident reports summarizing attack timelines, affected assets, and recommended mitigations, supporting post-incident reviews and continuous improvement. Assisted compliance teams by conducting log reviews and validating SIEM use cases to ensure adherence to regulatory requirements such as GDPR and ISO 27001. Supported risk and security posture assessments by identifying gaps in controls, recommending corrective actions, and contributing to audit evidence preparation. Tuned correlation rules and detection logic continuously to reduce false positives and optimize analyst focus on high-risk alerts. Performed malware triage using sandbox environments and threat enrichment tools like VirusTotal to rapidly classify and contain malicious code. Developed and maintained asset inventories and risk registers, providing comprehensive visibility into organizational attack surfaces and vulnerabilities. Authored in-depth profiles on threat actors and campaigns to inform threat hunting and proactive security measures. Collaborated in Purple Team exercises to test and improve detection capabilities, leveraging real-world attack simulations to validate controls. Stayed current on emerging cyber threats, vulnerabilities, and zero-day exploits, sharing intelligence updates with SOC teams to maintain situational awareness. Facilitated internal ISO 27001 meetings and client workshops, presenting findings, managing expectations, and coordinating remediation efforts. Managed the full incident lifecycle including root cause analysis, remediation tracking, and closure documentation to ensure comprehensive resolution and audit compliance. Security Operations: SIEM Monitoring, SOC Setup, Incident Response, Threat Hunting, Purple Teaming GRC & Compliance: Risk Assessments, ISO 27001, NIST CSF, GDPR, Cyber Essentials, Audit Support Threat Intelligence: IOC/TTP Analysis, Threat Actor Research, OSINT, CTI Writing Tools & Platforms: Microsoft Sentinel, Splunk, Shodan, Maltego, VirusTotal, Recorded Future Security Technologies: IDS/IPS, Firewalls, Antivirus, Endpoint Protection, Vulnerability Scanners Scripting & Automation: Python, PowerShell, Bash – Log Analysis, IOC Enrichment, SOC Tasks Documentation: Audit Reports, Risk Registers, Incident Reports, Threat Intelligence Briefs Networking: TCP/IP, DNS, VPNs, Firewall Rules, Network Monitoring Soft Skills: Analytical Thinking, Stakeholder Communication, Mentorship, Workshop Facilitation Education B.Tech in Mechanical Engineering-Seshadri Rao Gudlavalleru Engineering College, Andhra Pradesh — 2020 Projects & Contributions       Built a home SOC lab with Splunk, Sysmon, and MITRE ATT&CK integration for hands-on detection engineering and incident response practice. Authored multiple blogs on best practices in CTI report writing, adversary emulation, and audit preparation for cybersecurity teams. Developed Python automation scripts to streamline threat feed ingestion and IOC scoring processes, improving analyst productivity. Created visual dashboards for tracking NIST CSF maturity and SOC key performance indicators, aiding management oversight. Ranked in the Top 25% globally in the Splunk BOTS Capture The Flag (CTF) competition by demonstrating strong detection and investigation skills. Actively participate in cybersecurity forums, CTI working groups, and mentor junior analysts through knowledge-sharing initiatives. (Srikanth Thota)