Anurag Yadav
Verified Expert in Engineering
Security Architect and Developer
Hyderabad, Telangana, India
Toptal member since December 28, 2022
Anurag is an experienced security professional with a strong background in incident handling and threat hunting based on different attack frameworks. He has expertise in Active Directory and cloud security (Azure), utilizing offensive security tools such as Bloodhound to identify and mitigate threats. He's played a key role in the development and deployment of SOC infrastructure. He's delivered training to different tiers of the SOC team on security best practices and the cyber threat landscape.
Portfolio
Experience
- IT Security - 9 years
- Ransomware Attack Response - 8 years
- Detection Engineering - 7 years
- Compliance Training - 7 years
- Web Security - 6 years
- Application Security - 5 years
- Cloud Security - 5 years
- DevOps - 5 years
Availability
Preferred Environment
DevOps, Cloud Security, Application Security, SIEM, Threat Intelligence, APIs, Advanced Persistent Threat (APT), IT Security, Network Exploitation, Azure Active Directory, Cloud, Security Architecture, Azure DevOps Services, Azure DevOps, Architecture, Information Security, Identity & Access Management (IAM), NIST, Technical Documentation, Documentation, Splunk, Splunk Enterprise Security, Infrastructure Security, Certified Ethical Hacker (CEH)
The most amazing...
...project I've led is Azure DevOps Monitoring, the first initiative toward its visibility and monitoring.
Work Experience
Senior Security Engineer
Microsoft
- Involved in investigating software security incident response processes (SSIRPs) and performed incident response, including scoping, containment, remediation, and memory disk forensics.
- Performed a crucial role in driving SSIRPs during incident hours, including cross-geo location handovers.
- Led the Azure DevOps (ADO) project, improving the visibility and monitoring of thousands of Microsoft repositories. The project prevented past ADO exploitation and detected potential attacks that could leak vital intellectual property information.
- Managed Microsoft Defender for an identity product, improving detection logic and building new attack scenarios. Created the core of the NNR feature in MDI, which accurately connects IP addresses to machine names, resulting in improved tool fidelity.
- Worked on the Microsoft Defender for Endpoint product for the past four years, developing enhanced use cases, alert logic, algorithms, and automation playbooks since the beginning stages.
- Collaborated with various groups to integrate multiple product alerts and convert them into actionable incidents for the Microsoft 365 Defender product, improving the knowledge of the attack surface over several years of work.
- Became skilled in high-profile breaches and investigation, data mining using KQL, and building automation using Jupyter notebooks and Python.
Security Analyst
Salesforce
- Analyzed potential threats and triaged security events and incident responses as a part of a global security incident response team.
- Created automation scripts for blocking malicious URLs and IPs on firewalls using APIs, enhancing the organization's proactive defense capabilities.
- Administered and configured Splunk for log management, overseeing the aggregation, correlation, and analysis of security event data.
- Developed and maintained custom Splunk queries, alerts, and dashboards to effectively monitor and identify security incidents.
- Involved in building an acquisition tool for remote data collection and forensic analysis, integrating Splunk for centralized log analysis.
- Conducted network and host forensics for internal employee investigations and incident response efforts, leveraging Splunk for log analysis.
- Collaborated with the IT team to ensure seamless integration of Splunk into existing systems and workflows.
- Played a key role in creating incident response playbooks, alert handling guidelines, and other process documents for the team.
- Mentored and supported the team with complex cases as a shift lead, emphasizing using Splunk for efficient incident resolution.
SOC Analyst
Wipro
- Led the incident response function, driving IR work streams and auditing/updating IR plans, ensuring a proactive and effective response to security incidents.
- Orchestrated establishing an integrated set of correlation rules, custom alerts, and IT automation within Splunk, enhancing the organization's security posture.
- Operated on audit requirements, providing evidence and demos post-client consultation, and supported follow-up with relevant stakeholders to improve SLAs.
- Integrated Splunk into audit processes, utilizing its capabilities to streamline evidence gathering and reporting for compliance purposes.
- Released security advisories and threat information for infrastructure and web administrators, leveraging Splunk for threat intelligence and analysis.
- Conducted training sessions on the latest threats, vulnerabilities, and attacks for various infrastructure and web admin teams, emphasizing using Splunk in threat detection and response.
- Defined standard operating procedures (SOPs) for daily operations and actively participated in preparing, reviewing, and modifying existing and new processes for the global security team.
- Engaged in content development, specifically correlation rule creation, for the SIEM tool (Splunk), ensuring it aligns with the evolving threat landscape and organizational needs.
- Contributed to the ongoing improvement of security operations by integrating Splunk in incident response and daily security tasks.
Active Directory Security Analyst
Dell
- Analyzed threats and attacks in a modern, multi-forest Active Directory environment, including enumeration, privilege escalation, and Kerberos-based attacks.
- Experienced in Active Directory security and security testing, identifying vulnerabilities and implementing good security practices for the network.
- Involved in monitoring and investigating logs, identifying and resolving security issues, providing information assurance, coordinating with constituent groups on security procedures, and ensuring compliance with Service Level Agreements.
Experience
Azure DevOps Monitoring
LOB Application Monitoring
Defender for Identity
I gained expertise in utilizing advanced threat-hunting tools such as BloodHound, PowerShell Empire, and PowerSploit. My experience with BloodHound, in particular, was extensive, as I used it to review and build detection logic and to create new attack scenarios to enhance the capabilities of the MDI product. BloodHound's ability to reveal the hidden and often unintended relationships within an Active Directory environment was particularly valuable in the candidate's work with MDI, allowing him to identify and mitigate threats that would have otherwise gone unnoticed.
Additionally, I worked on creating the core of NNR (Network Name Resolution) in the MDI tool. This feature helps to connect an IP address to a machine name with very high accuracy, resulting in higher fidelity of the tool.
Certifications
Adversary Tactics: Detection
SpecterOps
GIAC Critical Controls Certification
SANS Institute
GIAC Continuous Monitoring Certification
SANS Institute
Skills
Libraries/APIs
NTLM, Azure Active Directory Graph API
Tools
Splunk, Sentinel, Azure DevOps Services, Splunk SOAR, Jupyter, Visual Studio, Wireshark, Tcpdump, Suricata, Azure Active Directory B2C (ADB2C)
Paradigms
DevSecOps, DevOps, Anomaly Detection, Azure DevOps, Role-based Access Control (RBAC), Defensive Programming, Management
Platforms
Windows, Azure, Linux, Amazon Web Services (AWS), Windows Server, MacOS, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), Kali Linux
Languages
Kusto Query Language (KQL), Python, SQL, SAML
Frameworks
Windows PowerShell
Storage
Cloud Deployment, Azure Active Directory
Industry Expertise
Cybersecurity, Insurance, Network Security
Other
Security Operations Centers (SOC), Security, IT Security, Security Management, Technical Writing, SecOps, Security Architecture, Information Security, Identity & Access Management (IAM), Security Analysis, Certified Ethical Hacker (CEH), Compliance Training, Cybersecurity Operations, Cloud Security, Web Security, Application Security, IoT Security, SIEM, Endpoint Security, Threat Intelligence, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Advanced Persistent Threat (APT), Detection Engineering, Critical Security Controls (CIS Controls), Account Management, Authentication, Vulnerability Identification, User Authentication, Vulnerability Management, Threat Modeling, SOP Development, IT Automation, Vulnerability Assessment, Security Policies & Procedures, Cloud, OAuth, Architecture, Asset Management, Compliance, ISO 27001, ISO 27002, CISO, NIST, IT Deployments, Risk Assessment, Configuration Management, Stakeholder Management, System Administration, Ethical Hacking, Technical Documentation, Documentation, Cloud Architecture, DNS, DHCP, Splunk Enterprise Security, Infrastructure Security, Endpoint Detection and Response (EDR), Ransomware Attack Response, Azure Cloud Security, Microsoft Entra, Malware Analysis, Web Application Firewall (WAF), API Integration, ServiceNow, Data Protection, Data Recovery, Auditing, Incident Response, Malware Removal, Identity, APIs, Single Sign-on (SSO), CRM APIs, Threat Analytics, Unified Threat Management (UTM), IDS/IPS, Digital Forensics, IT Audits, Training & Training Content Development, Advisory, Network Exploitation, Man-in-the-middle Attacks, Servers, Remote Support, Data Center Management, Data Migration, Virtual Desktop Infrastructure (VDI), VMware ESXi, VMware vCloud, Kerberos, Infrastructure, AI Security, Artificial Intelligence (AI), Tanium
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring