Oct 2022 – Jan 2024 · 1 yr 3 mos · Hyderabad, Telangana, India · Hybrid

• In Amazon, I was involved in drafting Standard Operating Procedures (SOPs) for Digital Forensic processes, ensuring that our investigative methodologies are precise and efficient.
• Worked closely with the SOC team, provided critical support in handling incident escalations. My role included determining the root cause and assessing the impact of security incidents. Lead forensic investigations, conducting comprehensive end-to-end analyses. This included in-depth analysis of Windows Operating system to identify initial compromise vectors, malicious tools/scripts, evidence of lateral movement, unauthorized access, and data exfiltration.
• Leveraged advanced tools such as Crowdstrike to capture memory images and retrieve files from compromised hosts, enhancing our forensic capabilities. I was also responsible for preparing detailed forensic reports, providing a comprehensive documentation of our analyses and findings.
• In response to security incidents, I was actively engaged in coordinating a cohesive response that involved multiple teams across Amazon. My focus was on providing security engineering solutions and support, with a proactive approach aimed at preventing similar incidents in the future.
• Collaborated closely with Information Security engineers, mentoring them to improve security measures and expedite risk mitigation efforts. I actively participated in a follow-the-sun on-call rotation, providing round-the-clock support for incident response.

Nov 2021 – Oct 2022 · 11 mos · Hyderabad, Telangana, India · Remote

• In this position, I got extensive experience as a Lead Analyst, specializing in Ransomware Investigation, Intrusion Vector, and Business Email Compromise (BEC) Investigation, across both international and domestic projects. Reported directly to the Forensic Lead/IR Lead, I consistently delivered results in critical investigations, exposing malicious activities and unauthorized data access in complex environments.
• My expertise extended from Ransomware to BEC cases, where I meticulously gathered evidence of malicious activities and unauthorized data access through forensic analysis. I developed my skills with various Business Email Infrastructures, such as Microsoft Office 365, Google Suite, and On-prem Exchange Server, adapting to their unique forensic demands.
• In Ransomware cases, I conducted thorough forensic triage investigation by analyzing Windows Event logs, Windows artifacts, and network firewall/anti-virus (AV) logs, swiftly identifying compromised systems within the network. For BEC investigations, I worked on Unified Audit Logs (UALs), G-Suite Audit Logs, IIS Logs, and hybrid environment-based exchange logs, unraveling the trails left by threat actors.
• My experience on forensic tools includes ELK Kibana (THOR), SKADI, EnCase, AccessData FTK, X-Ways, Magnet AXIOM, PowerGREP, EmEditor, and SentinelOne EDR. In this position, I actively trained analysts in BEC investigation techniques, contributing to the team's growth and development.

Oct 2019 – Nov 2021 · 2 yrs 1 mo · Hyderabad, Telangana, India · Remote

• In this position, I was actively involved in numerous Ransomware cases within the area of Forensic Investigation. My responsibilities included conducting both triage analysis and in-depth examinations throughout these investigations.
• Furthermore, I played a key role in preparing comprehensive Forensic Reports as part of our Forensic Engagements. In the course of my work, I leveraged a range of Forensic tools, including ELK Kibana (THOR), SKADI, EnCase, AccessData FTK, X-Ways, and Magnet AXIOM.