Gopal Peddi

Developed and managed enterprise-wide Data Loss Prevention (DLP) policies, leveraging Microsoft 365 DLP and cloud-native tools, ensuring robust protection of sensitive health data and compliance with GDPR, HIPAA, and PCI-DSS.

Utilized Azure E5 security tools, including Microsoft Defender for Cloud Apps and Defender for Identity, to detect misconfigurations, enforce policies, and remediate vulnerabilities across cloud environments.

Conducted comprehensive cloud infrastructure audits and compliance checks using Nessus Professional, identifying and remediating critical vulnerabilities and PII/PCI/PHI detections across cloud assets.

Automated server and network configurations using Ansible and PowerShell, applying least-privilege models and managing AD, ACLs, and firewall rules to enhance segmentation and operational resilience.

Engineered Python scripts to automate vulnerability patching processes across thousands of endpoints, significantly reducing attack surface and improving operational efficiency.

Built and maintained CI/CD pipelines with integrated automated static and dynamic security scans, ensuring secure software development lifecycle practices.

Deployed and managed Endpoint Detection and Response (EDR) solutions, reducing endpoint infections by 30% through proactive protection against malware, ransomware, and other advanced threats.

Led company-wide quarterly phishing exercises using KnowBe4, generating success/failure reports for over 800 employees and significantly improving security awareness.

Performed real-time proactive security monitoring and reporting using Splunk (SIEM), Microsoft Defender (EDR), Palo Alto NGFW (NIDPS), and MS DLP to detect and mitigate threats.

Conducted forensic acquisition and malware analysis during real-time incidents, leveraging Sysinternals, Volatility, and YARA rules to reconstruct timelines and provide root cause reports.

Configured and maintained security controls for Content Delivery Networks (CDNs) like Akamai and Cloudflare, effectively protecting against DDoS attacks, bot traffic, and content scraping.

Collaborated with cross-functional teams, including IT, engineering, and legal, to implement robust security controls and ensure compliance with organizational policies and regulations.

Implemented AWS security best practices (IAM, VPCs, Security Groups) across 200+ HIPAA-compliant applications, achieving a 40% reduction in publicly exposed S3 buckets through automated policy enforcement.

Integrated AWS CloudTrail, Azure Activity Logs, and GCP audit logs into Splunk Enterprise Security (ES), developing correlation rules that reduced false positives by 25% and improved cloud-specific attack detection.

Integrated Aqua Security into CI/CD pipelines, scanning container images for vulnerabilities and enforcing security policies, which prevented deployment of vulnerable containers to production environments.

Developed Python automation for log parsing, threat detection, and remediation tasks, reducing incident response time by 37%.

Managed comprehensive vulnerability scans using Qualys and Tenable.io, remediating critical CVEs and reducing the overall attack surface by 45%.

Triaged over 2,000 daily alerts across a hybrid SIEM infrastructure, implementing MITRE ATT&CK-mapped TTPs (T1078, T1059) to identify APTs targeting critical SWIFT interfaces and core banking systems.

Built anomaly-based rules in Splunk ES using Risk-Based Alerting (RBA) to prioritize insider threats, effectively reducing high-severity alert backlog by 40% through automated triage.

Enhanced Dridex/Emotet detection by integrating YARA rules with Splunk Fraud Analytics, reducing false positives in transaction monitoring by 30% through behavioral profiling.

Automated PCI-DSS 3.2.1 evidence collection using Splunk ESCU content, resolving 45 out of 50 audit findings ahead of the deadline and ensuring regulatory compliance.

Conducted Cyber Kill Chain-based threat hunts using MISP threat intelligence, uncovering 5 credential-stuffing campaigns via anomalous OAuth token patterns in API gateways.

Documented over 15 RBI-compliant Incident Response playbooks, covering SWIFT CSP 2019 controls and ISO 27001 Annex A.12 requirements for financial data protection.