Anurag is available for hire

Anurag Yadav

Verified Expert in Engineering

Security Architect and Developer

Location

Hyderabad, Telangana, India

Toptal Member Since

December 28, 2022

Anurag is an experienced security professional with a strong background in incident handling and threat hunting based on different attack frameworks. He has expertise in Active Directory and cloud security (Azure), utilizing offensive security tools such as Bloodhound to identify and mitigate threats. He's played a key role in the development and deployment of SOC infrastructure. He's delivered training to different tiers of the SOC team on security best practices and the cyber threat landscape.

Portfolio

Microsoft

Python, Kusto Query Language (KQL), Security Operations Centers (SOC)...

Salesforce

CRM APIs, Wireshark, Tcpdump, Threat Analytics, Incident Response...

Wipro

IT Audits, SIEM, SOP Development, Training & Training Content Development...

Experience

IT Security - 9 years Ransomware Attack Response - 8 years Detection Engineering - 7 years Compliance Training - 7 years Web Security - 6 years Application Security - 5 years Cloud Security - 5 years DevOps - 5 years

Availability

Full-time

Preferred Environment

DevOps, Cloud Security, Application Security, SIEM, Threat Intelligence, APIs, Advanced Persistent Threat (APT), IT Security, Network Exploitation, Azure Active Directory, Cloud, Security Architecture, Azure DevOps Services, Azure DevOps, Architecture, Information Security, Identity & Access Management (IAM), NIST, Technical Documentation, Documentation, Splunk, Splunk Enterprise Security, Infrastructure Security, Certified Ethical Hacker (CEH)

The most amazing...

...project I've led is Azure DevOps Monitoring, the first initiative toward its visibility and monitoring.

Work Experience

Senior Security Engineer

2018 - 2024

Microsoft

Involved in investigating software security incident response processes (SSIRPs) and performed incident response, including scoping, containment, remediation, and memory disk forensics.
Performed a crucial role in driving SSIRPs during incident hours, including cross-geo location handovers.
Led the Azure DevOps (ADO) project, improving the visibility and monitoring of thousands of Microsoft repositories. The project prevented past ADO exploitation and detected potential attacks that could leak vital intellectual property information.
Managed Microsoft Defender for an identity product, improving detection logic and building new attack scenarios. Created the core of the NNR feature in MDI, which accurately connects IP addresses to machine names, resulting in improved tool fidelity.
Worked on the Microsoft Defender for Endpoint product for the past four years, developing enhanced use cases, alert logic, algorithms, and automation playbooks since the beginning stages.
Collaborated with various groups to integrate multiple product alerts and convert them into actionable incidents for the Microsoft 365 Defender product, improving the knowledge of the attack surface over several years of work.
Became skilled in high-profile breaches and investigation, data mining using KQL, and building automation using Jupyter notebooks and Python.

Technologies: Python, Kusto Query Language (KQL), Security Operations Centers (SOC), Cloud Security, SIEM, Cybersecurity, Azure, SAML, Single Sign-on (SSO), Detection Engineering, Windows, MacOS, DevOps, Web Security, IoT Security, Kali Linux, Endpoint Security, Threat Intelligence, Jupyter, Visual Studio, Malware Analysis, SQL, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Web Application Firewall (WAF), Sentinel, Anomaly Detection, Cloud Deployment, Advanced Persistent Threat (APT), API Integration, ServiceNow, Critical Security Controls (CIS Controls), Account Management, Role-based Access Control (RBAC), Authentication, Vulnerability Identification, Identity, User Authentication, IT Automation, SOP Development, Vulnerability Management, Azure Active Directory, Security Management, Technical Writing, Security Policies & Procedures, Security, SecOps, Cloud, Security Architecture, Azure DevOps Services, Azure DevOps, OAuth, Architecture, Compliance, Information Security, ISO 27001, ISO 27002, CISO, Identity & Access Management (IAM), Security Analysis, NIST, IT Security, IT Deployments, Risk Assessment, Configuration Management, System Administration, Ethical Hacking, Technical Documentation, Documentation, Cloud Architecture, DNS, DHCP, Windows PowerShell, Splunk SOAR, Infrastructure Security, Certified Ethical Hacker (CEH), DevSecOps, Endpoint Detection and Response (EDR), Compliance Training, Ransomware Attack Response

Security Analyst

2017 - 2018

Salesforce

Analyzed potential threats and triaged security events and incident responses as a part of a global security incident response team.
Created automation scripts for blocking malicious URLs and IPs on firewalls using APIs, enhancing the organization's proactive defense capabilities.
Administered and configured Splunk for log management, overseeing the aggregation, correlation, and analysis of security event data.
Developed and maintained custom Splunk queries, alerts, and dashboards to effectively monitor and identify security incidents.
Involved in building an acquisition tool for remote data collection and forensic analysis, integrating Splunk for centralized log analysis.
Conducted network and host forensics for internal employee investigations and incident response efforts, leveraging Splunk for log analysis.
Collaborated with the IT team to ensure seamless integration of Splunk into existing systems and workflows.
Played a key role in creating incident response playbooks, alert handling guidelines, and other process documents for the team.
Mentored and supported the team with complex cases as a shift lead, emphasizing using Splunk for efficient incident resolution.

Technologies: CRM APIs, Wireshark, Tcpdump, Threat Analytics, Incident Response, Unified Threat Management (UTM), Threat Modeling, IDS/IPS, Suricata, Digital Forensics, Linux, MacOS, Amazon Web Services (AWS), Google Cloud Platform (GCP), Cloud Security, Web Security, SIEM, Endpoint Security, Security Operations Centers (SOC), Threat Intelligence, Python, Visual Studio, Malware Analysis, SQL, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Web Application Firewall (WAF), Splunk, Anomaly Detection, Cloud Deployment, API Integration, Critical Security Controls (CIS Controls), Security, Account Management, Role-based Access Control (RBAC), Authentication, Identity, User Authentication, IT Automation, SOP Development, Technical Writing, Cybersecurity, SecOps, Cloud, Security Architecture, Architecture, Asset Management, Compliance, Information Security, ISO 27001, ISO 27002, Security Analysis, NIST, IT Security, Risk Assessment, Configuration Management, Ethical Hacking, Technical Documentation, Documentation, Cloud Architecture, Splunk Enterprise Security, Splunk SOAR, Infrastructure Security, Certified Ethical Hacker (CEH), DevSecOps, Endpoint Detection and Response (EDR), Compliance Training, Ransomware Attack Response

SOC Analyst

2016 - 2017

Wipro

Led the incident response function, driving IR work streams and auditing/updating IR plans, ensuring a proactive and effective response to security incidents.
Orchestrated establishing an integrated set of correlation rules, custom alerts, and IT automation within Splunk, enhancing the organization's security posture.
Operated on audit requirements, providing evidence and demos post-client consultation, and supported follow-up with relevant stakeholders to improve SLAs.
Integrated Splunk into audit processes, utilizing its capabilities to streamline evidence gathering and reporting for compliance purposes.
Released security advisories and threat information for infrastructure and web administrators, leveraging Splunk for threat intelligence and analysis.
Conducted training sessions on the latest threats, vulnerabilities, and attacks for various infrastructure and web admin teams, emphasizing using Splunk in threat detection and response.
Defined standard operating procedures (SOPs) for daily operations and actively participated in preparing, reviewing, and modifying existing and new processes for the global security team.
Engaged in content development, specifically correlation rule creation, for the SIEM tool (Splunk), ensuring it aligns with the evolving threat landscape and organizational needs.
Contributed to the ongoing improvement of security operations by integrating Splunk in incident response and daily security tasks.

Technologies: IT Audits, SIEM, SOP Development, Training & Training Content Development, IT Automation, Advisory, Incident Response, Windows, Web Security, Endpoint Security, Security Operations Centers (SOC), Visual Studio, SQL, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Web Application Firewall (WAF), Anomaly Detection, Account Management, Role-based Access Control (RBAC), Authentication, Vulnerability Assessment, Azure Active Directory, Security Management, Technical Writing, Security Policies & Procedures, Cloud Security, Cybersecurity, Security, SecOps, Security Architecture, Architecture, Asset Management, Information Security, ISO 27001, ISO 27002, Insurance, Identity & Access Management (IAM), Security Analysis, NIST, IT Security, IT Deployments, Risk Assessment, Configuration Management, Stakeholder Management, System Administration, Ethical Hacking, Technical Documentation, Documentation, DNS, DHCP, Windows PowerShell, Splunk Enterprise Security, Infrastructure Security, Certified Ethical Hacker (CEH), Endpoint Detection and Response (EDR), Compliance Training, Ransomware Attack Response

Active Directory Security Analyst

2014 - 2016

Dell

Analyzed threats and attacks in a modern, multi-forest Active Directory environment, including enumeration, privilege escalation, and Kerberos-based attacks.
Experienced in Active Directory security and security testing, identifying vulnerabilities and implementing good security practices for the network.
Involved in monitoring and investigating logs, identifying and resolving security issues, providing information assurance, coordinating with constituent groups on security procedures, and ensuring compliance with Service Level Agreements.

Technologies: Azure Active Directory, Servers, Remote Support, Data Center Management, Data Migration, Virtual Desktop Infrastructure (VDI), VMware ESXi, VMware vCloud, Vulnerability Management, Vulnerability Identification, Windows Server, Kerberos, Advanced Persistent Threat (APT), Advisory, Cloud Security, Cybersecurity, Security, Compliance, Information Security, ISO 27001, ISO 27002, Insurance, Identity & Access Management (IAM), Security Analysis, NIST, IT Security, IT Deployments, Configuration Management, Stakeholder Management, System Administration, Ethical Hacking, NTLM, DNS, DHCP, Windows PowerShell, Infrastructure Security

Experience

Azure DevOps Monitoring

Led the project to monitor Azure DevOps, the first effort to increase visibility and monitoring for thousands of Microsoft repositories. This project was essential in preventing past incidents where ADO was exploited. It will continue to detect and investigate potential attacks on ADO and protect critical intellectual property information.

LOB Application Monitoring

Led the line of business (LOB) app monitoring project, the first effort to enable applications to detect and log real-time security events. This project was critical in passing the enterprise audit, which included the LOB application monitoring as an essential requirement. The successful completion of this project will allow us to onboard other business-critical applications and improve their security.

Defender for Identity

I worked on the Microsoft Defender for Identity (MDI) product for the past four years, from the early stages of Advanced Threat Analytics (ATA) to Azure Advanced Threat Protection (AATP). I took responsibility for reviewing and building detection logic and building new attack scenarios.

I gained expertise in utilizing advanced threat-hunting tools such as BloodHound, PowerShell Empire, and PowerSploit. My experience with BloodHound, in particular, was extensive, as I used it to review and build detection logic and to create new attack scenarios to enhance the capabilities of the MDI product. BloodHound's ability to reveal the hidden and often unintended relationships within an Active Directory environment was particularly valuable in the candidate's work with MDI, allowing him to identify and mitigate threats that would have otherwise gone unnoticed.

Additionally, I worked on creating the core of NNR (Network Name Resolution) in the MDI tool. This feature helps to connect an IP address to a machine name with very high accuracy, resulting in higher fidelity of the tool.

Certifications

NOVEMBER 2022 - PRESENT

Adversary Tactics: Detection

SpecterOps

MAY 2021 - PRESENT

GIAC Critical Controls Certification

SANS Institute

NOVEMBER 2019 - PRESENT

GIAC Continuous Monitoring Certification

SANS Institute

Skills

Paradigms

DevSecOps, DevOps, Anomaly Detection, Azure DevOps, Role-based Access Control (RBAC), Defensive Programming, Management

Platforms

Windows, Azure, Amazon Web Services (AWS), Windows Server, Linux, MacOS, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), Kali Linux

Other

Security Operations Centers (SOC), Security, IT Security, Security Management, Technical Writing, SecOps, Security Architecture, Information Security, Identity & Access Management (IAM), Security Analysis, Certified Ethical Hacker (CEH), Compliance Training, Cloud Security, Web Security, Application Security, IoT Security, SIEM, Endpoint Security, Threat Intelligence, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Advanced Persistent Threat (APT), Kusto Query Language (KQL), Detection Engineering, Critical Security Controls (CIS Controls), Account Management, Authentication, Vulnerability Identification, User Authentication, Vulnerability Management, SOP Development, IT Automation, Vulnerability Assessment, Security Policies & Procedures, Cloud, OAuth, Architecture, Asset Management, Compliance, ISO 27001, ISO 27002, CISO, NIST, IT Deployments, Risk Assessment, Configuration Management, Stakeholder Management, System Administration, Ethical Hacking, Technical Documentation, Documentation, Cloud Architecture, DNS, DHCP, Splunk Enterprise Security, Splunk SOAR, Infrastructure Security, Endpoint Detection and Response (EDR), Ransomware Attack Response, Malware Analysis, Web Application Firewall (WAF), API Integration, ServiceNow, Data Protection, Data Recovery, Auditing, Incident Response, Malware Removal, Identity, APIs, Single Sign-on (SSO), CRM APIs, Threat Analytics, Unified Threat Management (UTM), Threat Modeling, IDS/IPS, Digital Forensics, IT Audits, Training & Training Content Development, Advisory, Network Exploitation, Man-in-the-middle Attacks, Servers, Remote Support, Data Center Management, Data Migration, Virtual Desktop Infrastructure (VDI), VMware ESXi, VMware vCloud, Kerberos, Infrastructure

Frameworks

Windows PowerShell

Libraries/APIs

NTLM, Azure Active Directory Graph API

Tools

Splunk, Sentinel, Azure DevOps Services, Jupyter, Visual Studio, Wireshark, Tcpdump, Suricata, Azure Active Directory B2C (ADB2C)

Storage

Cloud Deployment, Azure Active Directory

Industry Expertise

Cybersecurity, Insurance, Network Security

Languages

Python, SQL, SAML

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring