Sandhya Tiwari

Cyber Threat Management Expert | Education: Bachelor’s in computer application (BCA)

Professional Summary:
Senior cybersecurity professional with 11 years of experience specializing in Vulnerability Management, Security Operations Center, and
Cyber Threat Intelligence. Proven track record of managing, investigating and configuring security operations systems, processes and
audits, while driving remediation efforts and collaborating with cross-functional teams to enhance security posture. Adept at automating
processes, conducting risk assessments, leading team and staying current with industry trends and committed to bringing continuous
improvement in security practices via learning and research.

Professional Certifications: Certified Information Systems Security Professional (CISSP), GIAC Strategic Planning, Policy, and
Leadership (GSTRT), GIAC Cyber Threat Intelligence (GCTI), Offensive Security Wireless Professional (OSWP), CompTIA Security+ (SY0-
401)

Skills:
● Non-Technical: Presentation and communication skills, managing client relationships and ensuring customer satisfaction via
continuous engagement, and collaborations with cross-functional teams
● Vulnerability Management: Rapid7 InsightVM, Qualys, Tripwire, BitSight, Vulnerability scanning and risk assessment
● Automation & Scripting: PowerShell, Python and SQL, API integration for vulnerability assessment and report automation
● Reporting & Dashboarding: Power BI, MS Excel, Splunk
● Cyber Threat Intelligence: Microsoft Defender, Anomali ThreatStream, MISP, Crowdstrike, O365, Splunk, MITRE ATT&CK, Kill
Chain, Threat assessments, IOCs and TTPs dissemination
● Security Operations Center: ArcSight, Qradar, Splunk (implementation and administration), Incident triage and response, Cisco
FireSight and Firepower administration, Malware analysis, Cyber Kill Chain, MITRE ATT&CK, Virustotal, Cisco Threatgrid, Cisco
IronPort

Work Experience:
Euroclear SA (Feb 2019 - Present) | Brussels, Belgium | Assistant Manager
Cyber Threat Intelligence:
● Analyzed and disseminated threat intelligence to relevant stakeholders from operational, tactical, and strategic levels
including threat hunting, SOC and incident response teams, business resilience, physical security, Security awareness and
vulnerability management.
● Maintained and worked as the primary subject matter expert on threat modeling methodology such as Kill Chain, Diamond
Model, and MITRE ATT&CK framework to identify, classify, prioritize, and report on cyber threats using a structured
approach.
● Developed a risk-based model of historical threat activity, trends and common attack vectors tied to tactics, techniques,
and procedures (TTPs) to support threat detection and pen testing teams.
● Built, maintained OSINT research environments, and tracked adversary tradecraft, principals, and techniques.
● Presented security findings to management stakeholders to support business decisions.
● Produced yearly and quarterly threat landscape reports and contributed to security partnership meetings and conferences
with the goal of identifying gaps in current processes to enhance internal security posture.
● Performed yearly stakeholder requirement review to understand pain points and amend threat intelligence requirements.
● Lead a team of threat intelligence analysts and conducted scrum meetings, managed Kanban board while following Agile
way of working.
● Actively participated and contributed to several threat intelligence communities made of industry peers.
● Researched new developments in IT security to recommend, develop and implement new security policies, standards,
procedures, and operating doctrines across major partners. Defined, established, and managed security risk metrics to track
effectiveness.
Vulnerability Management:
● Conducted vulnerability scanning, tool administration and configuration to identify known vulnerabilities and weaknesses
and assessed the effectiveness of existing controls to recommend remedial action.
● Analyzed and mitigated risks associated with vulnerabilities and weaknesses including zero days in collaboration with
technology owners.
 ● Supported compliance and risk management activities like audit reporting and closing identified gaps.
● Processed security advisories to rate and profile vulnerabilities and provided a deep understanding of the issue, impact to
the firm, and solutions needed to mitigate or remediate them.
● Functioned as an escalation point for issues, dependencies, and risks related to vulnerability scanning.
● Performed and categorized data in using root cause analysis into Protocols (S/FTP, HTTP/HTTPS, and SSL 1.0/2.0),
encryptions, authorizations, and authentications, servers, scan exceptions, sensitive data, data masking, PII data at
rest/motion, security system and proxy issues, and logging and monitoring efforts.
● Collaborated with senior stakeholders and technology owners to reduce the vulnerability backlog by identifying false
positives, prioritizing vulnerabilities, and advising them how to remediate and prevent any detected vulnerabilities.
● Performed CIS benchmark policy scanning with Rapid7 and reporting automation using PowerBI.
● Automated manual reporting and vulnerability tracking processes using PowerShell and Python to increase efficiency.
Security Operations Center:
● Collaborated with a team of Security operations engineers investigating alerts, anomalies, errors, intrusions, malware, etc.
to identify the incident, determine remediation, and recommend security improvements.
● Monitored and analyzed offenses in Qradar SIEM tool, fine-tuned use cases and responded to security incidents.
● Contributed to the creation and maintenance of playbooks used in response for investigation/incident triggers in support of
24/7 Cyber Threat Operations and Cyber Threat Management program.
● Supported purple team activities, detecting, and responding to simulated attacks in an agile security environment.
● Identified gaps in processes and procedures and suggested solutions and value additions by identifying and recommending
fine tuning of use cases.
● Lead Incident Response and collection of artifacts to support improved operations and regulatory requirements within a
IS027001 environment.
● Followed detailed operational process and procedures to appropriately analyze, escalate, and assist in remediation of
critical information security incidents.

Deloitte USI (June 2017-Jan 2019) | India | Senior Security Analyst (SOC Engineer and CIRT)
● Administered ArcSight environment developing rules, dashboards, and reports for proactive security monitoring.
● Integrated log sources to SIEM solution ArcSight for real-time incident detection and response and managed IDS/IPS and
Netskope CASB solutions.
● Defined and managed and fine-tuned SOC use cases request and delivery. Performed incident response and process
maturity activities.
● Prepared detailed reports pertaining to incidents and/or malicious damage, extent of the damage and remediated actions
taken.
● Managed email-based threats and suggested defensive controls for attacks while providing fast and efficient remediation of
all incidents.
● Conducted network vulnerability assessments using tools like Qualys to evaluate attack vectors, identify system
vulnerabilities and develop remediation plans and security procedures and conducted routine social engineering tests and
clean-desk audits.
● Investigated potential or actual security violations or incidents to identify issues and areas that require new security
measures or policy changes.

Tata Consultancy Services (March 2016-June 2017) | India | Security Analyst (SOC Engineer & SOC Tier2)
● Managed Splunk administration and enterprise security deployments, optimizing log management and alerting processes.
● Performed vulnerability assessments using Nessus and implemented patching plans to mitigate identified risks.
● Conducted account onboarding and management in CyberArk PAM solution.
● Monitored and analyzed network traffic and system logs to identify malicious activities, vulnerabilities exploited, and TTPs
used, and developed processes to enhance SOC response and efficiency.

Tech Mahindra ltd. (Aug 2013 – March 2016) | India | Security Analyst (SOC Tier1)
● Monitored and responded to security alerts from SIEM solution.
● Enhanced existing process and procedures and recommended solutions using brainstorming sessions and SWOT analysis.
● Customized resource creation in ArcSight such as reports, dashboards, active channels, filters etc.
● Requirements gathering and ArcSight administration activities like installation of smart connectors and troubleshooting.
● Use case design and management for SOC.

Languages: English and Hindi | Hobbies: Badminton, Cycling, Reading and Netflix Series Marathons