Adarsh Suresh

• A cybersecurity professional with over 6 years of experience in incident response, network protocols, and advanced Azure security operations, demonstrating end-to-end expertise in cloud, compliance, and Zero Trust architectures.
• Proficient in Microsoft Defender for Cloud, Azure Security Center, and Sentinel (SIEM), with extensive exposure to XDR/EDR, compliance frameworks (GDPR, NIST, HIPAA, ISO 27001), and infrastructure hardening techniques, ensuring a robust posture through continuous improvement.
• Skilled in leveraging Microsoft Purview for governance, CyberArk and Thycotic for privileged identity management, Nessus for vulnerability assessment, and F5 BIG-IP GTM for load balancing and security. Proficient in scripting with KQL, PowerShell, and Python to automate incident response, alerting workflows, and configuration management.
• Adept at implementing Zero Trust strategies by enforcing Just-In-Time access, role-based access controls, MFA, and Azure AD policies, while performing in-depth log analysis (Splunk, Azure Sentinel) to proactively detect and neutralize threats.
• Demonstrated advanced proficiency in securing multi-cloud and hybrid infrastructures utilizing Azure Sentinel (SIEM), Azure Security Center, Microsoft Defender, and CSPM strategies, consistently maintaining a Secure Score above 85% and enforcing CIS Benchmarks.

Capital One, New York, NY                                                                                                                             Jul 2023 - Present 

Cybersecurity Analyst

Responsibilities: 

• Skilled in configuring and managing virtual machines, redundancy zones, VNets, network security groups, and service endpoints to optimize security and performance in Azure environments
• Leveraged SIEM(Sentinel) and IDS/IPS tools for real-time threat detection, analysis, and automated response workflows, including triaging containment, and mitigation of security incidents
• Implemented CSPM strategies to identify and remediate misconfigurations, ensuring compliance and hardening cloud resources against vulnerabilities
• Proficient in Microsoft Defender for Cloud, Azure Security Centre, and Azure Sentinel (SIEM) to monitor, detect, and respond to security threats across multi-cloud and hybrid environments
• Deployed and monitored Microsoft Defender for Endpoint, Cloud, Identity, and Microsoft 365 Defender to safeguard hybrid environments and detect advanced persistent threats.
• Conducted in-depth investigations leveraging Microsoft Defender for Cloud Security Posture Management (CSPM), consistently maintaining a Secure Score of 88% by implementing proactive security measures. Monitored and analyzed anomalous user behavior patterns through advanced alerting mechanisms, mitigating insider threats by enforcing role-based access control, conditional access policies, and Just-In-Time (JIT) access to sensitive resources.
• Created and maintained incident response workflows using Logic Apps for automating alerts and playbooks within Microsoft Sentinel.
• Utilized Azure Key Vault to manage secrets, certificates, and encryption keys, ensuring access is tightly controlled in line with Zero Trust principles.
• Implemented CIS Benchmarks across cloud and on-premises environments to enforce best practices for security configurations and compliance.
• Enabled and monitored compliance rules for various data classifications, ensuring adherence to organizational and regulatory policies such as GDPR, HIPAA, NIST 800-53, and ISO 27001.
• Deep understanding of protocols like TCP/IP, DNS, and VPNs; experienced in configuring firewalls and managing secure network architectures
• Managed Microsoft Purview for compliance and governance, ensuring adherence to regulatory standards across cloud resources
• Worked on designing, implementing, and troubleshooting a wide range of Network Performance Issues and Password reset requests.
• Worked with Cisco Citrix, VMware, and L2/L3 network troubleshooting as media assistance and Re-Imaged Enterprise laptop making it 80% efficient with workflow.
• Creating new Virtual machines through Azure for Organisational Units and student requests for Enterprise Tenants.

Deloitte, Hyderabad, India                                                                                                                    Mar 2020 – Jun 2022                                                                                                           

Incident Response Analyst 

Responsibilities:

• Configured and monitored F5 BIG-IP GTM to optimize DNS traffic routing based on geo-location and server availability, ensuring high performance and resilience during high query volumes and DDoS attacks.
• Collaborated with IT and security teams to integrate Proofpoint's Advanced Threat Protection with existing security infrastructure, improving overall defense mechanisms.
• Leveraged Azure Defender for Cloud to continuously monitor and detect abnormal behavior or potential attacks on the network, using anomaly detection to identify unauthorized activities.
• Implemented playbooks to automate responses to common incidents like suspicious user logins, credential stuffing, and external access attempts.
• Enforced disk encryption and secure boot policies using Azure Disk Encryption and BitLocker to protect sensitive data on endpoints, ensuring data protection across all trusted zones.
• Monitored network traffic patterns using Azure to detect potential threats, including lateral movement, unauthorized data exfiltration, and traffic from malicious sources, ensuring timely identification and mitigation of security risks.
• Utilized Microsoft Defender for Cloud for data loss prevention (DLP) alert analysis and hardening Zero Trust Network Access (ZTNA) policies                                                                         
• Implement secure mechanisms such as OAuth2, JWT (JSON Web Tokens), or API keys using Azure AD.
• Administered Privileged Access Management (PAM/PIM) using CyberArk and Thycotic, securing sensitive accounts by implementing strict access controls and monitoring privileged user activity.
• Implemented agents to collect logs from internal systems and integrated them with security information and event management (SIEM) platforms like Azure Sentinel, enabling real-time monitoring and detection of potential security incidents.
• Conducted comprehensive policy reviews and access reviews using Azure CIS and Azure Active Directory Identity Governance, ensuring compliance with CIS benchmark
• Led Endpoint Detection and Response (EDR) initiatives, overseeing the installation and management of endpoint sensors for enhanced threat visibility and proactive defense mechanisms.
• Executed firmware upgrades and performed in-depth system health and hardware performance analysis.
• Participated in cross-functional brainstorming sessions to generate innovative solutions for emerging IT and security challenges, contributing to the development of more efficient incident response strategies.
• Set up SSL inspection to decrypt and analyze encrypted traffic, ensuring proper certificate management and deployment of the Netskope CA certificate across end-user devices.

HCL Technologies, Hyderabad, India                                                                                                      Jul 2017 – Feb 2020                                                                                                

IT Support Engineer

Responsibilities:                

• Investigate cases where users are denied access to sensitive applications due to policy violations or suspicious activity.
• Provided Level 1 and Level 2 IT support to diagnose, troubleshoot, and resolve technical issues for end-users, ensuring minimal downtime.
• Responded to and resolve hardware, software, and network issues via remote tools, on-site support, and ticketing systems such as ServiceNow and BMC Remedy.
• Deployed and maintained software applications, ensuring compliance with licensing requirements.
• Monitored and maintained system performance using tools like Splunk, SolarWinds, and Nagios.
• Managed user accounts, group policies, and permissions in Active Directory to maintain secure and efficient user access.
• Create exceptions for certain URLs based on business needs, ensuring critical resources are accessible while still maintaining security using Forcepoint.
• Ensured alignment with ITIL processes for service management and continuous improvement in incident management practices
• Designed and created custom reporting dashboards using WFM platforms to track vulnerability trends, improving visibility into organizational security posture.
• Provisioned, configured, and managed virtual machines (VMs) in environments such as VMware, Hyper-V, and Microsoft Azure to support organizational needs.
• Led Microsoft Intune configuration for both Windows and mobile device management, streamlining Autopilot deployments to enhance the end-user experience and ensure seamless device provisioning.
• Managing Microsoft Intune admin portal for MDM management for profiles, service devices and handling device wipe or provisioning requests through admin portal.
• Conducted advanced log analysis and event correlation using Splunk Processing Language (SPL) to investigate security incidents and identify malicious activity across multiple data sources (firewall, network, endpoint).
• Utilized Rex commands and Regular Expressions to extract, parse, and analyze data from raw logs for deeper investigation and custom reporting.
• Administered Active Directory and user account management, enabling ADFS and SSO to facilitate secure single sign-on access for corporate applications, while overseeing SRP and Application Whitelisting to maintain strict security policies.
• Implemented Group Policy Objects (GPOs) to enforce security configurations and automate user and computer management, significantly improving domain-wide security compliance.
• Maintained PowerShell scripts to automate administrative tasks like user provisioning, access management, and Policy upgrades greatly enhancing operational efficiency.

Monitored platform health and implemented modifications as required, following IT change management processes to ensure service continuity. Restricted access to non-business websites through whitelisting, handling requests to manage 

Masters of Science in Cybersecurity