Hello! I am Ronak Bhatt.
Experienced cybersecurity professional with 3+ years of expertise in incident response, threat detection, and vulnerability management. Proficient in analyzing complex security challenges and implementing the security frameworks, best practices, and innovative cybersecurity strategies to ensure effective defense against emerging threats while driving continuous improvement and ensuring compliance with industry standards
Please have a look at my GitHub Repository and LinkedIn Profile to know more.
April 2022 - Present
- To provide cloud security, monitor multiple cloud platforms like AWS, Azure and GCP within organization to identify Security Incidents, Policy Violations and Critical Vulnerabilities. Followed stander SANS investigation procedure like (Preparation, Identification, Containment, Recovery, Lessons) to handle incident.
- Conducting investigation on cloud platforms to identify impacted resources and services. Performing forensics on cloud resources to identify root cause of the incident. Perform Memory forensics by collecting memory dumps from infected machine. perform Image Forensics and Live Host analysis to identify root cause.
- Working on automation to mature SOC and reduce regular task which takes analyst time. Created Dashboards which helps in investigation and reduce efforts to find information. Created tools based integration and automation to generate alerts.
- Developed JIRA and Confluence automation to track tickets information, Shift Handover information, and other internal information which helps management to identify workflow of team.
- Developed simple in-depth Standard Operating Procedure (SOP) for AWS and Azure cloud security.
- Developed Use Cases by creating Create Correlation rules in Splunk based on environment risk posture and mapped them with MITRE ATT\&CK Framework.
- Playbooks creation for various incident scenarios to follow a structured and process oriented approach to incident response..
- Monitor critical and Zero Day Vulnerabilities, identify its impact based on security architecture of environment and create patching and remediation plan accordingly.
- Perform hunt for cyber threats using a targeted approach based on indicators of compromise (IOC) and attack patterns to find existing threats in the environment.
- Worked on multiple teams from different platforms to understand logs and integrate it into SIEM.
- Educated users about security policies and security best practices to prevent security incident and improve security within organization.
February 2021 - March 2022
- Monitor and detect compromised systems, servers, and accounts within the organization, using incident handling frameworks. Developed analytical skills to differentiate true positives from huge number of false positives.
- Developed multiple dashboards in Splunk to monitor logs flow, user accounts, network traffic, and more.
- Developed own bash script to find multiple Cross Site Scripting (XSS) and Open Redirect vulnerabilities on multiple place by single click. Working on other Process automation scripts.
- Handled SIEM alerts, phishing tickets, and security incidents (SOC, and None-SOC both) and took my best decisions.
- Identify new threats and prepared a proper advisory for those threats and alert leads to overcome those threats. Perform hunt to identify true positive incidents missed by automated tools (false negatives) through manual analysis.
- Investigated compromised system and servers through Crowdstrike RTR access, Identify suspicious and malicious processes, find and export required logs and performed analysis on those logs.
- Performed trials on new tool to integrated in process and make standard operating procedure(SOP).
- Worked in AWS Environment to respond to incidents from AWS GuardDuty, AWS abuse reports
December 2019 - June 2020
- Worked on static and dynamic malware analysis, Analyzed various types of file in PE (PDF, DOC, DOCX, PY, etc.) and NON-PE (EXE, DLL, etc.) file format, Used lots of different types of tools and techniques to identify malware functionality and behavior.
- Worked for Microsoft Defender and wrote static and generic signature for different types of malware.
- Performed various kinds of deobfuscation techniques on NON-PE file, detected Packer of PE file and unpack it. Used IDA-Pro, OllyDBG and Immunity Debugger for Reverse Engineering. Used various tools for performing Reverse Engineering on NON-PE files.
- Handled malware outbreaks and Campaign, detect whether it is malware or clean file and determine that file based on analysis result. Use various silent detection techniques for the follow Malware Campaign. Waked on False Positive and False Negative Detection. Worked with client, customer support to resolve their resolve escalations.
- Deep working knowledge of networking concepts and protocols: TCP/IP, HTTP, HTTPS, DNS, etc.
- Proposed process enhancements and improvements of tool functionality for False Positive, False Negative and Signature Failure.
2018 - 2020
National Forensic Science University - Gandhinagar, Gujarat (NFSU)
Gained practical knowledge and skills in Digital Forensics, Malware analysis, Vulnerability Assessment, Penetration Testing, Log analysis and Threat Hunting by working on projects. Trained by highly educated Phd professors to follow best practices in Digital forensics and cyber security field. Learned about Digital Forensics, Malware Analysis, vulnerability assessment & penetration testing, Log Analysisa and Threat Hunting, SIEM, tools such as Splunk, IBM Q-radar, Swamil, Nessus, Acunetix, BurpSuite, Wireshark, Nmap, Zenmap, Netcat, Setoolkit, Fluxtion, SQLmap, Aircrack-ng, Volatility-Framework, FTK, Encase, Autopsy, Gidhra, Dc3dd, Guymager, Formost, Bulk-extractor, Capturebat, IDA-Pro, OllyDbg, SysInternals, Regshort, Prefetch-file-viewer, Yara, ProcDot, etc. Worked on multiple projects of Cyber Security.
2015 - 2018
Uka Tarsadia University - Bardoli, Gujarat (UTU)
Learned about diffrent technology including IOT device. Presented a Projects in each semister on multipule technology like C/C++, C#, PHP, Arduino, Shell Script, Pyhton, etc..
Microsoft Azure
Learned about basic concept of Computer System, Process, Services, Databases and Query, etc. Gained knowledge about Ethical Hacking & Cyber Law and Secure Coding.
Splunk (E-Learning)
Learned about machine data and basics of splunk. Understand Splunk UI, Applications, Indexes, Searches, SPL, Timeline, Etc. I learned about forwarders, Configrations, working, and Events, Event Filtration, Realtime Monitoring, Alerts, Etc.
Splunk (E-Learning)
Learned about User Behavior Analysis in Splunk. How Splunk UBA detects anomalous behavior, actionable threats, devices, etc. Understand how splunk UBA can be useful in investigation.
Cybrary
Learned about Static / Dynamic malware analysis, Assembly Language, Reverse Engineering and Hands on Prectice with Multipule Malware analysis tools.
TechDefence
Learned about basic concept of Computer System, Process, Services, Databases and Query, etc. Gained knowledge about Ethical Hacking & Cyber Law and Secure Coding.
Basis Technology
Learned about image file proccesing, evidence identification, data carving, analysis of image file and how to make various report of aanalyse image file.