Home

Narasimha Mallegari - Cyber Security Engineer

[email protected]

Location: Jersey City, New Jersey, USA

Relocation: YES

Visa: H1B

Narasimha Email: [email protected] Phone: 732-853-8072 LinkedIn: www.linkedin.com/in/narasimha-mallegari- Professional Summary: 6+ years of highly skilled Cybersecurity Engineer with extensive experience in designing and implementing robust security solutions, I have a proven track record in safeguarding critical infrastructure. My expertise encompasses configuring firewalls, IDS/IPS, and VPNs, conducting comprehensive vulnerability assessments, and deploying advanced SIEM solutions to enhance threat detection and response. I am adept at automating security workflows through custom scripting and integrating APIs to improve tool interoperability. Designed and implemented network security solutions, configuring firewalls, IDS/IPS, and VPNs to safeguard critical infrastructure. Conducted vulnerability assessments using Nessus, Qualys, and OpenVAS, identifying and mitigating critical risks to ensure security compliance. Developed and deployed SIEM solutions, including Splunk and QRadar, to monitor and analyze security events, enhancing threat detection and response. Automated security workflows and incident response tasks by creating custom Python scripts and integrating APIs for improved tool interoperability. Performed penetration testing and vulnerability exploitation using Metasploit, Burp Suite, Nmap, and Wireshark to identify and remediate vulnerabilities. Led incident response efforts, analyzing log data, and managing containment, eradication, and recovery during major cyber incidents using EDR tools such as CrowdStrike and Sentinel One. Conducted digital forensics investigations, performing malware analysis and log correlation to identify and mitigate advanced persistent threats (APTs). Deployed and configured Web Application Firewalls (WAF) to protect against OWASP Top 10 vulnerabilities and mitigate web-based threats. Created detailed incident reports, security documentation, and compliance artifacts in alignment with NIST, ISO 27001, and PCI-DSS frameworks. Monitored and analyzed network traffic and endpoint activity to detect potential threats, reducing response times to security incidents by 40%. Managed network security architecture across platforms including Azure and Cisco Nexus Series, ensuring robust firewall management and intrusion prevention with Palo Alto Networks Firewalls and Cisco Meraki MX100 Firewall. Engineered and deployed security measures using IDS/IPS, encryption technologies (RSA, AES), and tokenization to protect sensitive data and maintain integrity across enterprise systems. Configured and maintained Check Point Firewall, Squid Firewall, and Blue Coat Proxy, optimizing network performance and security configurations to safeguard against potential threats and unauthorized access. Utilized Wireshark and Nmap for network monitoring and security auditing, identifying vulnerabilities, and implementing proactive corrections to fortify network defenses. Developed security protocols and scripts in Python, PowerShell, and JavaScript to automate security tasks and streamline threat detection processes across Cisco Wireless LAN Controllers and Juniper Networks Firewalls. Implemented network protocols and services including DNS, MPLS, IPSec VPN, NAT, VoIP, QoS, PBR, WCCP, and VPN, increasing network efficiency and reliability. Managed F5 BIG-IP, Cisco Load Balancer, and Citrix load balancing solutions, optimizing web application delivery and performance while ensuring high availability and fault tolerance. Executed comprehensive Wi-Fi analysis using tools like AirMagnet and Ekahau, assessing and enhancing wireless network coverage, performance, and security. Monitored and analyzed security events using SIEM tools like Splunk, QRadar, and Microsoft Sentinel to detect and respond to anomalous activities across the enterprise network. Configured and maintained key security systems, including SIEM, IDS/IPS, and DLP solutions, for proactive network traffic monitoring and threat detection. Utilized Splunk SPL searches to generate reports, tune alerts, and create new alerts, dashboards, and data models to monitor and troubleshoot firewall, web proxy, IPS, and endpoint security events. Provided operational support for Check Point Firewalls, F5 APM VPN, F5 LTM reverse proxies, SSL certificate renewals, vulnerability remediation, McAfee MWG, and Blue Coat proxy change requests. Contributed to a reverse proxy migration project from Blue Coat to F5 LTM, including VIP creation, SSL installation and renewals, and testing with application teams to ensure successful migration and cutover. Conducted packet capture and analysis using tcpdump, PCAP, Wireshark, HTTP Watch, and Fiddler to troubleshoot issues and identify root causes, escalating to vendor support when necessary. Contributed to developing and updating security plans in alignment with NIST 800.53 standards, collaborating closely with team members to ensure compliance and best practices. Led the design and delivery of comprehensive security training programs for employees and initiated quarterly phishing simulation exercises to strengthen organizational resilience against cyber threats. Correlated logs from firewalls, web proxies, IDS/IPS, and endpoint devices to identify and investigate potential threats. Conducted malware analysis using sandboxing tools like FireEye AX, Joe Sandbox, and VMRay to assess malicious behavior and develop countermeasures. Configured and managed security systems, including IDS/IPS, DLP, and endpoint protection platforms, to enforce security policies and prevent unauthorized activities. Technical Skills: Security Tools & Platforms: SIEM: Splunk, QRadar, Microsoft Sentinel. IDS/IPS: Nessus, Qualys, OpenVAS Firewall: Check Point, Palo Alto, Cisco Meraki, Juniper. EDR: CrowdStrike, Sentinel One. WAF: Veracode, Checkmarx. Proxy: Blue Coat, McAfee MWG, Symantec. Network Security Tools: Wireshark, Nmap, tcpdump, Burp Suite, Metasploit. Vulnerability & Penetration Testing: Nessus, Qualys, OpenVAS, Burp Suite. Encryption & Authentication: RSA, AES, IPSec VPN, OAuth, SSL/TLS. Programming Languages: Python, PowerShell, JavaScript, Bash. Cloud & Network Platforms: Azure, Cisco Nexus Series, Kubernetes. Compliance Frameworks: NIST, ISO 27001, PCI-DSS, OWASP Top 10. Incident Response & Forensics: Malware analysis, Log correlation, Digital forensics, Threat hunting. Monitoring & Analysis: Packet capture, traffic analysis, log management, and threat detection. Load Balancing & Networking: F5 BIG-IP, Cisco Load Balancer, Citrix, DNS, MPLS, NAT, VoIP Automation & Orchestration: SOAR platforms, API integration, Security workflow automation. Professional Experience: Client: Verizon, Nashville Nov 2022 Present Role: Cybersecurity Engineer Responsibilities: Vulnerability Management: o Addressed vulnerabilities in on-prem and cloud infrastructure, ensuring compliance with audit mandates and regulatory frameworks. o Conducted vulnerability assessments and remediation efforts using Qualys, Prisma Cloud, and Rapid7. o Provided guidance on remediating findings from vulnerability scans, prioritizing critical security risks across applications, networks, and containers. Container Security: o Ensured security hygiene for containerized applications by implementing container vulnerability scanning using Prisma Cloud. o Developed container security policies, enforced image scanning for vulnerabilities, and streamlined remediation efforts. o Automated compliance reporting and remediation tracking for containerized workloads in Kubernetes. Engineering & Development for Security Tools: o Developed and integrated security tools to provide real-time visibility into security risks. o Built custom automation scripts using Python and JavaScript to streamline security tool integrations and automate vulnerability management workflows. o Designed API-based integrations between security platforms and SIEM solutions to enhance threat detection and incident response. Cloud Security & Compliance: o Strengthened cloud security posture by implementing best practices for AWS, Azure, and Kubernetes security. o Ensured alignment with CIS benchmarks, NIST 800-53, ISO 27001, and internal security policies. o Conducted cloud security risk assessments and enforced remediation actions for cloud-native threats. Automation & Process Optimization: o Automated vulnerability scanning, reporting, and remediation tracking for enterprise security programs. o Developed scripts to automate security patching and ensure continuous compliance with security controls. o Built real-time dashboards to track vulnerability remediation efforts, reducing exposure to security risks. Environment: Vulnerability Management: Qualys, Rapid7, Prisma Cloud, Cloud Security: AWS, Azure, Kubernetes, Docker, Programming & Automation: Python, JavaScript, Bash, API Integrations, Security Tools & Integrations: SIEM (Splunk, QRadar), EDR (CrowdStrike, SentinelOne), Compliance & Governance: NIST 800-53, ISO 27001, PCI-DSS, Container Security: Prisma Cloud, Kubernetes, Docker Security Best Practices Client: Citi Bank, Dallas Jan 2022 Oct 2022 Role: Cybersecurity Analyst Responsibilities: Monitored and analyzed security events using SIEM tools like Splunk, QRadar, and Microsoft Sentinel to detect and respond to anomalous activities across the enterprise network. Worked with IT teams to configure and maintain key security systems, including SIEM, IDS/IPS, and DLP solutions, for proactive network traffic monitoring and threat detection. Utilized Splunk SPL searches to generate reports, tune alerts, and create new alerts, dashboards, and data models to monitor and troubleshoot Firewall, Web Proxy, IPS, and endpoint security events. Provided operational support for Check Point Firewalls, F5 APM VPN, F5 LTM reverse proxies, SSL certificate renewals, vulnerability remediation, McAfee MWG, and Bluecoat proxy change requests. Contributed to a reverse proxy migration project from BlueCoat to F5 LTM, including VIP creation, SSL installation and renewals, and testing with application teams to ensure successful migration and cutover. Supported post-implementation tasks for Symantec Proxy ASG deployment, including integration with DLP via ICAP, PAC file modifications, SSL interception, content filtering, blacklisting, restricted whitelisting, policy setup, and CPL editing for advanced policy requirements. Conducted packet capture and analysis using tcpdump, PCAP, Wireshark, HTTP Watch, and Fiddler to troubleshoot issues and identify root causes, escalating to vendor support when necessary. Contributed to developing and updating security plans in alignment with NIST 800.53 standards, collaborating closely with team members to ensure compliance and best practices. Led the design and delivery of comprehensive security training programs for employees, and initiated quarterly phishing simulation exercises to strengthen organizational resilience against cyber threats. Correlated logs from firewalls, web proxies, IDS/IPS, and endpoint devices to identify and investigate potential threats. Conducted malware analysis using sandboxing tools like FireEye AX, Joe Sandbox, and VMRay to assess malicious behavior and develop countermeasures. Configured and managed security systems, including IDS/IPS, DLP, and endpoint protection platforms, to enforce security policies and prevent unauthorized activities. Led proxy migration projects, including transitioning from McAfee MWG to Symantec Proxy ASG and BlueCoat to F5 LTM, ensuring seamless functionality and policy alignment. Developed and updated security plans to meet NIST 800.53 and other regulatory standards. Used tools like Wireshark, tcpdump, and Fiddler for packet capture and analysis to troubleshoot network and application issues. Shared expertise within the SOC team by mentoring new analysts and contributing to a centralized knowledge base. Monitored and secured email traffic using FireEye Email Threat Prevention, managing quarantine, whitelisting, and blacklisting to protect against email-based attacks. Enforced web security policies through tools like Zscaler and Symantec BlueCoat, performing URL filtering, SSL interception, and content analysis. Conducted vulnerability assessments using Nessus and Qualys, providing actionable recommendations for remediation to reduce risk exposure. Environment: SIEM, Splunk, QRadar, MS Sentinel, IDS/IPS, DLP, Web Proxy, Endpoint, Check Point, Splunk SPL, F5 APM VPN, F5 LTM, VIP, SSL, McAfee, Bluecoat proxy, Symantec Proxy ASG, HTTP Watch, tcpdump, NIST, VMRay, FireEye, Wireshark, Joe Sandbox, Zscaler, Nessus, Qualys, URL filtering. Client: Array Networks, India. Jan 2020 Sep 2021 Role: Security Analyst Responsibilities: Monitored and analyzed real-time security alerts using SIEM tools like Splunk and QRadar, identifying and mitigating potential threats. Responded to and managed cybersecurity incidents, including phishing attacks, malware infections, and unauthorized access attempts, minimizing impact through containment and eradication measures. Resolved LAN/WAN connectivity issues, ensuring minimal network downtime and uninterrupted access for end users. Performed regular vulnerability scans using Nessus and Qualys, identifying and prioritizing vulnerabilities based on severity and business impact. Conducted security risk assessments and implemented controls to address gaps in compliance with NIST, ISO 27001, and PCI-DSS standards. Performed OS hardening procedures on Windows, Linux, and Solaris systems to reduce attack surfaces. Monitored network traffic using packet analysis tools like Wireshark to identify anomalies, troubleshoot issues, and detect potential breaches. Investigated and resolved network-based security incidents, including port scans, DoS attacks, and unauthorized network access. Reviewed and implemented firewall, VPN, and endpoint protection policies to enhance network security posture. Configured and maintained application security tools, including web application firewalls (WAFs) and vulnerability scanning platforms. Utilized SIEM tools to analyze logs from firewalls, IDS/IPS, endpoints, and other security devices to detect and respond to anomalies. Created custom rules and dashboards in Splunk to monitor specific threats and optimize alerting mechanisms. Investigated incidents involving cloud workloads and collaborated with DevOps teams to secure containerized applications in Kubernetes environments. Utilized SOAR platforms such as Splunk SOAR and Cortex XSOAR for automation and development of incident response workflows. Automated data collection and reporting processes for vulnerability assessments using Python and APIs from Nessus and Qualys. Environment: SIEM, Splunk, QRadar, LAN, WAN, Nessus, Qualys, NIST, ISO27001, PCI-DSS, Windows, Linux, Wireshark, VPN, endpoint protection policies, WAFs, IDS/IPS, DevOps, Kubernetes, SOAR, Splunk SOAR, Cortex XSOAR, Python, APIs. Client: British Telecom, India. Mar 2017 Dec 2019 Role: SOC Analyst Responsibilities: Monitored servers, network equipment, and applications in a 24/7 operations center environment, ensuring consistent system uptime and functionality. Utilized Wireshark to troubleshoot network issues, inspect packet flows, and analyze anomalies for root cause identification. Actively participated in high-impact cyber breaches, managing Incident Response workflows to support investigation, response, and remediation efforts. Identified and assessed security risks related to detected security events, ensuring timely escalation and proper incident management processes were followed. Leveraged Security Information and Event Management (SIEM) platforms like Splunk to detect and investigate security incidents effectively. Analyzed phishing emails, including malicious links and attachments, assessed user impact using Splunk, and performed remediation by deleting malicious emails from Exchange servers and blocking unwanted senders. Ensured compliance by pushing monthly Windows Security patches across the organization's network, maintaining system security and integrity. Reviewed and analyzed network and host-based security appliance logs (e.g., Firewalls, NIDS, HIDS, Sys Logs) to determine appropriate remediation actions and escalation paths for incidents. Performed incident response management during major outages and cyberattacks, coordinating recovery efforts and ensuring communication with stakeholders. Conducted security control and risk assessments on organizational information systems based on company security policies, best practices, and industry standards. Analyzed network traffic and server logs for abnormal activity, escalating potential breaches to the security team for immediate action. Collaborated with cross-functional teams to enforce cybersecurity protocols and ensure adherence to regulatory compliance requirements. Environment: SIEM, Wireshark, Incident Response, Splunk, Windows Security patches, Firewalls, NIDs, HIDS, Sys Logs, Network traffic, Server Logs. Education: Bachelor of Engineering in computer science from Osmania University, Hyderabad, India. Master of science in computer science from Campbell University, Kentucky, Usa. Keywords: access management information technology ffive microsoft Wisconsin