Naveen Kodimala

About the Candidate

Naveen Kodimala
naveenneverchange@gmail.com +91 8143621535 linkedin Hyderabad, India
Profile
•Security Engineer with 8+ Years of industry experience in the IT Security Domain.
•Currently working as an Associate Manager at DXC Technology, supporting US Infrastructure.
•Quick learner and result-oriented individual with a strong analytical attitude and effective interpersonal &
communication skills.
Professional Experience
Associate Manager for Threat and Vulnerability Management, DXC Technology
•Perform complex network vulnerability scans in a cloud environment using common
vulnerability assessment tools.
•Review and risk assess the criticality and priority of all vulnerability findings.
Apr 2024 – present
Hyderabad, India
•Analyze, develop and deploy remediation plans for vulnerabilities by using the
ServiceNow VR module.
•Use an analytical approach to remediate Infrastructure and Applications driving risk
reduction and surfacing risk posture across the organization.
•Develop reports using data that is hosted in multiple sources/tools (e.g., spreadsheets,
dashboards) and communicate clearly to leadership and engineering/security teams.
•Engage with Application engineering leads and SRE/IT teams to coordinate vulnerability
remediation from technical and policy compliance perspectives.
•Track and monitor key milestones, after significant changes in the environment to
identify network, infrastructure, and configuration vulnerabilities.
•Perform ad-hoc data analysis, clean-ups, and reporting using large complex data sets for
high-priority security remediations.
•Curation and assessment of vulnerability data extracts to analyze and resolve false
positives and false negatives.
•Support new projects, programs or initiatives with vulnerabilities scanning of new or
existing assets as required.
•Assist and train application developers with vulnerability fixes.
•Experienced in computer security, including firewalls, DMZs, remote access, networking,
operating systems, and web applications.
•Utilize AWS Guard Duty to monitor and respond to security events and incidents in our
AWS infrastructure.
•CVSS scores are used to prepare vulnerability assessment reports, which are then shared
with the corresponding administration teams at a high level.
•Strong expertise in AWS cloud security services, including IAM, VPC, S3, CloudTrail,
CloudWatch, and AWS Config
•Assess and mitigate security risks associated with cloud services, configurations, and
deployments.
•Define and implement comprehensive cloud security strategies and architectures aligned
with industry best practices and regulatory requirements.
•Experienced in CIS security controls and incident response management.
•Providing leadership, mentorship, and technical guidance to security team members and
cross-functional teams.
•Collaborate with architecture, engineering, and operations teams to implement security
controls and solutions that meet business objectives and requirements.
Security Team Lead, ValueLabs
•Periodic vulnerability assessments and penetration testing should be conducted to
identify weaknesses and recommend solutions.
•Support teams review and approve firewall requests to add, modify, or remove rules based
on project and customer requirements.
Oct 2020 – Apr 2024
Hyderabad, India
1 / 3
•Develop and maintain comprehensive technical documentation for security incident
response, threat intelligence, and cybersecurity procedures.
•I managed security for AWS Cloud infrastructure, which included tasks like logging, IAM,
firewalls, VPN, and other related duties.
•Auditing the firewalls monthly for tracking and closing disabled, temporary, and unused
firewall rules.
•Suggest improvements for the Firewall teams by analyzing current infrastructure,
network logs, and rule usage.
•Optimizing the firewall workflows to improve the speed of deliverables and support
quicker response.
•Performing POC of new technologies that can improve the overall security posture from
the networking perspective.
•Working on the Axonius tool for finding the security gaps in the organization.
•Utilize EDR (Crowdstrike and Cylance) to detect, investigate, and mitigate advanced
threats and malware.
•I am currently focusing on ensuring compliance by installing Crowdstrike, Zscaler,
Illumio, and cloud security tools.
•Perform detailed analysis of security incidents, determine scope and impact, and provide
remediation recommendations.
Senior SOC Analyst, Deloitte US India
•Administration of Palo-Alto Firewalls & Bluecoat proxies.
•Creation of security policies & controls as per the client’s requirements.
Apr 2019 – Oct 2020
Hyderabad, India
•Verifying content updates & performing regular upgrades as per the vendor’s suggestions.
•Performing regular policy audits & decommission activities.
•We review firewall risk assessment reports and create risk mitigation or acceptance plans.
•Firewall baseline/template creation for new firewall deployments.
•Administration of 3rdParty filesharing Application (Sharefile).
•License management for security applications.
•Creating Internal certificates and troubleshooting certificate-related issues.
•We aim to enhance the efficiency of ticket management and administrative tasks.
•Coordinating with IT admins and application admins to resolve any security incidents.
•Working on Bluecoat proxy issues.
•Working on website whitelisting and Access control Management.
•Facilitate vulnerability remediation strategies.
•Working on incident and change management of security infrastructure.
•Managing the Antivirus server and working on the compliance issues.
SOC Analyst, PWC India
•Analysing logs using Splunk SIEM.
•Management of McAfee Endpoint & DLP rules, dat versions and compliance.
Oct 2017 – Oct 2018
Bangalore, India
•Conduct vulnerability scans (network, operating system, database, and application)
•Analyze vulnerability scan results and report on aggregated vulnerabilities.
•Identify false positives and risk acceptance candidates.
•Facilitate vulnerability remediation strategies.
•Managing the Antivirus server and working on the compliance issues.
•Working on incident management of security infrastructure
•Prepared detailed practices and procedures on technical processes.
•Educated teams about risky security controls.
IT Support Engineer, Cozient
•Working on removing potential risks, unwanted apps and viruses with proper workflow.
•Prepare Vendor patch register based on recent patches released by all vendors.
May 2015 – Aug 2017
Bangalore, India
•Perform the Vulnerability scans to check the status after patching.
•Developed, implemented, and documented formal security programs and policies.
•Utilized Security Information and Event Management (SIEM), Data Leakage Prevention
(DLP), forensics, sniffers, and malware analysis tools.
•Information gathering from various publicly posted security advisories.
•Installing Various Endpoint Security Applications and Firewalls.
•Providing training for customers on performing daily health checks.
2 / 3
Skills
Vulnerability Assessment
Qualys, Rapid7, ServiceNow VR & Kenna
Cloud
Azure & AWS
Palo-Alto Firewall
Configuration, Administration & Optimizing
Splunk
Log Analysis & Dashboard Creation
Axonius
Administration, Configuration & Integration
Symantec Bluecoat Proxy
Configuration & Administration
Endpoint Protection
Cylance, McAfee, Crowdstrike
Certificates
Qualys Certified VM specialist
AWS Certified Solution Architect – Associate
CCNA (Cisco Certified Network Associate)
Splunk Certified User
ITIL
CEH (Certified Ethical Hacker)
Education
B-Tech in Civil Engineering, JNTUH 2011 – 2015
Hyderabad, India
Declaration
I hereby declare that the above-mentioned information is correct up to my knowledge and I bear the responsibility for the
correctness of the above-mentioned details.
Naveen Kodimala
Hyderabad