Yash Suryawanshi

Experience

• 

  Pristine InfoSolutions Pvt. Ltd.

  Mar 2019 - Jun 2019

  Cyber Security Analyst Trainee

  ▪ Executed disk cloning, data recovery, Fsevent extraction, and USN journal extraction as part of forensicinvestigation, showcasing proficiency in digital forensics techniques.▪ Prepared detailed reports on web application vulnerability assessments and penetration tests, providingcomprehensive insights into security vulnerabilities and recommended solutions.

• 

  Pristine InfoSolutions Pvt. Ltd.

  Jan 2020 - Apr 2020

  Cyber Security Analyst Trainee

  ▪ Instructed CISEH course students in foundational cybersecurity concepts, emphasizing practical skills andknowledge.▪ Collaborated with event management for the organization's Hacker's Meetup, contributing to the seamlesscoordination and execution of the event.▪ Authored educational materials covering malware basics, cryptography, subdomain enumeration, and Nmap, fostering a comprehensive understanding of key cybersecurity topics.

• 

  TalaKunchi Networks Pvt Ltd

  May 2021 - Jul 2021

  Cyber security Intern

  ▪ Conducted comprehensive research to identify and analyze vulnerabilities in the AWS environment, enhancing understanding of common misconfigurations that contribute to security risks. Provided insightful summaries and recommended mitigations to address identified security risks.▪ Experimented with the implementation of an Active Directory Domain Controller (ADDC) environment in theAWS cloud, utilizing evaluation versions of Windows Server and Windows Enterprise to create an OVA file,subsequently importing it as an AMI. Show less

• 

  CloudTech24

  Nov 2022 - now

  ▪ Triaged and validated security events, promptly responding to true positive incidents and facilitating incidenthandling processes of customers.▪ Enhanced detection capabilities of Microsoft Sentinel and Microsoft Defender for Endpoint by developing and optimizing analytics rules and queries using Kusto Query Language (KQL).▪ Optimized the performance of the Security team operations. o Automated closure of known non-malicious events through Azure Logic Apps and Microsoft Sentinel Automation, significantly improving efficiency and reducing manual workload. o Authored detailed playbooks for common security events, outlining analytics rules and detailed procedures for assessment, investigation, response, and communication, which improved the investigation and response quality. o Extended functionality of Real-Time Response (CrowdStrike Falcon) and Live Response (Defender) through PowerShell scripts, ensuring efficient incident response.▪ Managed Linux systems dedicated to CEF log forwarding for Palo Alto Firewall, CrowdStrike, and Ironscale,utilising OMS agents for seamless log collection and transmission.▪ Created a bash script that leverages PAM's existing modules, as well as pam_pwquality module, to enforcepassword policies efficien Show less ▪ Triaged and validated security events, promptly responding to true positive incidents and facilitating incidenthandling processes to customers.▪ Enhanced detection capabilities of Microsoft Sentinel and Microsoft Defender for Endpoint by developing and optimizing analytics rules and queries using Kusto Query Language (KQL).▪ Produced actionable monthly and weekly Vulnerability Assessments, identifying and addressing vulnerabilities within client environments▪ Optimized the performance of the Security team operations. o Automated closure of known non-malicious events through Azure Logic Apps and Microsoft Sentinel Automation, significantly improving efficiency and reducing manual workload. o Authored detailed playbooks for common security events, outlining analytics rules and detailed procedures for assessment, investigation, response, and communication, which improved the investigation and response quality. o Streamlined Custom Detection Rules (CDR) deployment for Microsoft Defender for Endpoint using Golang scripts, significantly reducing deployment time.▪ Managed Linux systems dedicated to CEF log forwarding for Palo Alto Firewall, CrowdStrike, and Ironscale,utilising OMS agents for seamless log collection and transmission. Show less

  • Security Operations Center Analyst

    Jun 2023 - now

  • Security Operations Center Analyst

    Nov 2022 - May 2023