$ whoami

Varsha D

Cybersecurity Analyst | SOC & Incident Response

New Jersey, NJ ยท varsha13sfd@gmail.com

ยท ยท

Cybersecurity analyst with experience in SOC operations, incident response, vulnerability management, and SIEM/SOAR automation in large-scale enterprise environments. Strong background in security compliance, secure SDLC, and cross-functional threat response.

// Skills โ€” Interactive Map

Hover a core skill to spotlight related tools. Tap to pin a skill on mobile.

Tools & Libraries

All tools visible. Hover/tap a core skill to highlight related tooling.
Python
automation โ€ข scripting
PowerShell
windows tooling
SQL
Postgres โ€ข Oracle
TypeScript
apps โ€ข APIs
Java
services โ€ข tooling
Node.js
services
PHP
server-side
AWS
EC2 โ€ข RDS โ€ข S3
GCP
compute โ€ข storage
Azure
cloud security
Docker
containers
Kubernetes
orchestration
Jenkins
pipelines
CI/CD
automation
NIST RMF
800-37
NIST 800-53
controls
NIST 800-171
CUI protection
FedRAMP
compliance
POA&M
risk tracking
RSA Archer
GRC platform
Splunk SIEM
correlation
Elastic Stack
search โ€ข logs
Palo Alto SOAR
playbooks
Tenable SC
vuln mgmt
CrowdStrike
EDR
Axonius
asset inventory
Nessus
scanning
Nmap
discovery
Metasploit
testing
Burp Suite
web testing
Linux
servers โ€ข ops
TCP/IP
networking
DNS
resolution
VPN
secure tunnels
Pandas
dataframes
NumPy
arrays
scikit-learn
models โ€ข metrics
TensorFlow
training โ€ข serving
PyTorch
models โ€ข research

// Professional Experience

Federal Aviation Administration
Security Analyst - Technical Writer
Oct 2024 - Present | New Jersey, NJ
  • Collaborated with cross-functional teams to identify and prioritize vulnerabilities, supporting evaluation involving CVEs, advisories, bulletins, data calls, and patching that reduced overall risk exposure by 11%.
  • Primary point of contact for POA&M findings, resolving 200+ high-impact POA&Ms and mapping findings from Nessus, IRAT, penetration testing, and Nmap scans aligned with NIST 800-53/37/CSF, CIS Controls, and ISO 27001.
  • Applied OWASP Top 10 and MITRE ATT&CK to assess risk across three mission-essential systems after identifying and prioritizing system vulnerabilities.
  • Assisted incident response using Splunk SIEM and EDR tools, supporting containment, remediation, documentation, and escalation while tuning SIEM rules to reduce false positives and secure Windows & Linux assets.
POA&M Vulnerability Mgmt SIEM/EDR
SDH Systems
Software Developer (Security)
Dec 2022 - Sep 2024 | New York, NY
  • Automated incident triage and response workflows using Palo Alto SOAR playbooks, reducing response times by 35% while processing 500+ alerts per month.
  • Administered Splunk SIEM and Elastic Stack for real-time log analysis and threat detection, meeting SLA requirements for incident investigation and resolution.
  • Integrated telemetry from Tenable Security Center and CrowdStrike Falcon into Axonius, improving asset visibility and accuracy of the centralized security inventory.
  • Enabled secure coding practices within a CI/CD environment by performing vulnerability management and analyzing scan results for over 10 critical developer toolsets, including Visual Studio and Node.js.
SOAR Splunk Elastic Tenable CrowdStrike
Telepath
IT Intern
Feb 2022 - Jul 2022 | New York, NY
  • Analyzed source code repositories and AI/ML integration points across Git, CI/CD pipelines, and Python, Java, and Node.js codebases, identifying architectural and security gaps that improved iteration efficiency and reduced feature exploration time.
  • Performed human-in-the-loop security reviews of AI-generated outputs, identifying incorrect assumptions, hallucinations, and missing domain context, and refining prompts and workflows to improve reliability and operational usability.
CI/CD Secure Review AI/ML
Ranal Solutions
Software Developer
Mar 2020 - May 2021 | Hyderabad, India
  • Developed Python and PowerShell scripts to automate asset discovery, data normalization, and reporting, improving SOC operational efficiency and scalability.
  • Performed continuous monitoring and investigation using Splunk SIEM and EDR platforms (CrowdStrike Falcon, Microsoft Defender for Endpoint) to detect and respond to suspicious activity across endpoint, network, and cloud telemetry.
  • Built CodeQL-based SAST automation integrated into CI/CD pipelines, enabling early detection of exploitable vulnerabilities before deployment to production environments.
  • Led incident response efforts for high-priority security events, coordinating with cross-functional teams to contain threats and minimize data breach and operational impact.
Splunk SIEM EDR CodeQL Incident Response

// Security Projects & Tools

siem_alert_analyzer.py
class SIEMAlertAnalyzer:
# Real-time SIEM alert correlation and threat detection
SIEM Console Ready... Click to generate alerts
0
CRITICAL
0
HIGH
0
MEDIUM
0
LOW
Splunk ELK Stack SIEM Threat Hunting
vulnerability_scanner.py
class CVEVulnerabilityScanner:
# Application security vulnerability assessment with CVE mapping
OWASP Top 10 Nessus Burp Suite CVE Database
incident_response.py
class IncidentResponsePlaybook:
# SOC incident triage and automated response workflow
Select an incident type to view response playbook...
NIST CSF SOAR Playbooks Forensics
threat_intelligence.py
class ThreatIntelligenceAggregator:
# IOC analysis with MITRE ATT&CK framework mapping
Enter an Indicator of Compromise to analyze...
MITRE ATT&CK VirusTotal OSINT Threat Intel

// Security Utilities

hash_generator.py
class HashGenerator:
# Generate MD5/SHA-1/SHA-256 hashes
CryptoJS MD5 SHA-256 Integrity
password_strength.py
class PasswordStrengthAnalyzer:
# Evaluate password strength and criteria
Enter a password to check strength...
Policy Entropy Validation Secure UX
base64_tool.py
class Base64Codec:
# Encode and decode Base64 safely
Base64 Encoding Decoding Safe I/O
port_scanner.py
class PortScannerSim:
# Simulated network port scanning visualization
Network Security Nmap Reconnaissance TCP/IP

// Featured Projects

vt_ioc_enrichment.py
class IOCEnrichmentPipeline:
# Automated IOC enrichment with integrity checks against VT console data
pipeline = ["ingest IOCs", "VT lookup", "normalize fields"]
outputs = ["malicious", "suspicious", "harmless"]
checks = ["field parity", "triage integrity", "raw console verification"]
โœ” threat enrichment โœ” VT automation โœ” integrity checks โœ” triage acceleration โœ” data validation
Automated IOC Enrichment with VirusTotal โ€” [View Code]
api_management.py
class APIAccessManager:
# Centralized authZ/AuthN and request enforcement layer
identity = ["JWT", "API keys", "OAuth2 client credentials"]
authorization = ["RBAC", "Scopes", "Tenant-bound permissions"]
defenses = ["Per-endpoint authZ", "Key rotation/revocation", "Rate limiting", "Request validation"]
governance = ["Audit trails", "Usage monitoring", "Access revocation workflow"]
โœ” security controls โœ” risk mitigation โœ” governance & logging โœ” zero trust principles โœ” protecting against real threats
API Access & Management Platform โ€” [View Code]
nyc_tlc_pipeline.py
class TaxiDemandPipeline:
"""
Trusted data processing pipeline for 3.4M+ NYC TLC records
"""
pipeline = ["ingestion", "sanitization", "validation", "batch_processing", "persistence", "predictions"]
safeguards = ["schema verification", "duplicate detection", "boundary enforcement", "idempotent writes"]
outcomes = ["clean & trusted data", "repeatable analytics", "forecasting without data corruption"]
โœ” trusted data โœ” integrity checks โœ” safe forecasting โœ” idempotent writes โœ” validation & sanitization
NYC TLC Taxi Demand Forecasting System โ€” [View Code]