Urvesh Thakkar

SUMMARY

With more than six years dedicated to cloud security operations, Urvesh has developed detailed expertise in securing digital environments against various threats. He specializes in crucial skills like log analysis, security monitoring, and incident response. He is skilled in using a range of critical tools including IBM QRadar for SIEM, ELK Stack for log management, Wazuh for host-based intrusion detection, Splunk for data analysis, and Google Chronicle for threat detection and response. Urvesh is adept at setting up in-house Security Operations Center (SOC) for organizations, streamlining security processes, and implementing strategies that significantly reduce the volume of security alerts. Well-versed in working with leading cloud environments like AWS, Azure, OCI, GCP, and Digital Ocean, he ensures robust security management and compliance across diverse cloud infrastructures. He is experienced in conducting Red Team exercises to simulate attacks and assess defenses, using frameworks such as the Cyber Kill Chain and MITRE DEFEND to evaluate and strengthen security measures.

TECHNICAL EXPERTISE

• Developing automations to reduce false positives, conduct Windows & Linux forensics.
• Battlefield forensics, automating XDR operations, XDR incident handling via N8N SOAR engine.
• Creation of SOAR specific API flows on N8N and Shuffle for SIEM, XDR, CSPM, automating threat intel and providing L3 support during incidents.
• FedRAMP audit process, evidence collection, validation, mapping of FedRAMP controls.
• Develop detection rules and correlation logic within tools.
• Performing weekly threat hunt, log review and purple teaming exercises.
• Ensuring the overall effectiveness & proper hygiene of the Vulnerability Management program.
• Reporting vulnerabilities, working towards SLA fulfillment, performing CIS benchmark scans at OS level such as RedHat, CentOS, Windows, Rocky Linux.
• Handling & triaging security alerts from SIEM, XDR, CSPM.
• Incident response tabletop exercises during FedRAMP audits.
• Static & dynamic malware analysis, malware sandboxing and RE.
• Qualys reporting, fast forensics, alerts, monitoring, and dashboards.
• Implementation of Open-Source SOC, Security Monitoring, and Threat Intelligence.
• Automation & Orchestration of Security Alerts – Custom SOAR (Informatica)
• Adept in platforms such as Cortex XDR for extended detection and response, Wazuh EDR for endpoint protection, XSOAR for security orchestration, Prisma Cloud for comprehensive cloud security, and Qualys for vulnerability management.
• Experienced with tools such as Yara and Yara-L for malware detection, Sentinel for security analytics, and KQL for querying data. Additionally, I conduct forensic investigations on both Linux and Windows systems to uncover and address security incidents.
• Experienced in coding with Python and Bash, and using Terraform for infrastructure as code and Docker Compose for container management, enhancing efficiency and automation in security operations.

CERTIFICATIONS