Harish Kumar Ayyappan

Currently onboarding for assigned security projects focusing on
endpoint protection and enterprise incident response operations
Participating in strategic security initiatives to enhance
organizational security posture
Collaborating with global security teams on endpoint detection
and response implementations

Successfully coordinated deployment and major version
upgrades of Trend Micro Deep Security agents across 500+
Windows and Linux servers with zero downtime, ensuring
complete business continuity for mission-critical applications
Performed comprehensive vulnerability scanning and
integrity monitoring using Deep Security platform, detecting
unauthorized system changes, malware activity, and
configuration drift on production server infrastructure
Implemented and administered enterprise-wide Trend
Micro Deep Security protection for physical and virtual
machine environments, configuring advanced malware
protection, IPS/IDS rules, and real-time integrity monitoring
policies across heterogeneous server environments
Optimized Deep Security intrusion prevention and anti
malware policies, reducing false positive alerts by 35% while
maintaining compliance with industry security standards for
business-critical applications
Conducted regular vulnerability assessments, coordinated
patching cycles, and executed disaster recovery testing to
maintain optimal security posture and regulatory compliance
Analyzed security logs and vulnerability data to identify
emerging threat patterns and recommended proactive
mitigation strategies to management
Collaborated with infrastructure teams to ensure seamless
integration of security controls with business operations

Led enterprise-wide implementation, administration, and
configuration of multiple endpoint security technologies
including Symantec Endpoint Protection (SEP), Carbon Black
EDR, Trend Micro Deep Security, CrowdStrike Falcon EDR, and
Microsoft Defender across 10, 000+ endpoints for global
enterprise clients
Designed and deployed comprehensive security rule sets,
endpoint protection policies, and fine-tuning configurations to
optimize threat detection across thousands of endpoints while
minimizing performance impact on business operations
Directed Security Operations Center (SOC) activities
including 24/7 security monitoring, real-time event analysis, and
coordinated incident response for virus outbreaks and P1/P2
critical security incidents, achieving 99.5% SLA compliance
Managed application whitelisting and device control using
Carbon Black Application Control, evaluating and controlling
application execution across enterprise environment, reducing
unauthorized software installations by 40%
Led incident investigation and comprehensive remediation
of malware detections from multiple security platforms,
coordinating with specialized malware defense teams for in
depth threat analysis and eradication
Conducted enterprise vulnerability assessments, identified
critical security gaps, and recommended targeted remediation
strategies to maintain compliant security posture across
multiple regulatory frameworks
Coordinated cross-functional technical teams (SCCM, Firewall,
Windows Support, Network Operations) for integrated incident
resolution and security control optimization initiatives
Prepared and delivered monthly executive security reports
to C-level stakeholders, documenting compliance status, security
incident trends, threat landscape analysis, and remediation
progress
Managed complex change management requests and security
incidents across multiple endpoint protection platforms,
ensuring minimal business disruption
Provided Level 3 technical support for endpoint security
implementations, troubleshooting complex security issues, and
resolving escalated technical challenges
Developed disaster recovery plans and documented security
best practices to enhance organizational cyber resilience

• Spearheaded the implementation and administration of Endpoint Security Technologies, including Symantec Endpoint (SEP), SEPM, SPE, Carbon Black EDR, TrendMicro Deep Security, CrowdStrike EDR, and Microsoft Defender.
• Conducted thorough security monitoring and event analysis, developing effective countermeasure proposals to mitigate risks.
• Proactively detected security issues, efficiently created customer tickets, and managed incidents through to resolution, ensuring minimal disruption.
• Transitioned from a Senior Lead Infrastructure Specialist to a Cyber Security Engineer, enhancing skills in Security Operations, Endpoint Security, and Cloud Security.
• Collaborated with cross-functional teams to fine-tune policies and rule sets, improving overall security posture and compliance.

Performed real-time security event analysis and incident
investigation, providing expert remediation recommendations to
server administrators and desktop support teams for rapid
threat containment
Implemented critical endpoint security infrastructure
projects for organizational IT environment encompassing
15, 000+ workstations, laptops, and enterprise servers across
global locations
Specialized in Microsoft security technology stack including
Microsoft Defender, Microsoft Defender for Cloud (ATP), Azure
Security Center, and integrated cloud security services
Conducted comprehensive EDR alert investigation and
resolution across multiple platforms (Symantec EDR, Microsoft
Defender ATP, Carbon Black), achieving average incident
resolution time of 2 hours for critical threats
Managed enterprise BitLocker Drive Encryption deployment
and administration for organizational data protection, ensuring
100% compliance with data protection policies
Developed and deployed PowerShell automation scripts for
endpoint security tasks, policy deployments, and vulnerability
assessments, reducing manual effort by 60%
Investigated and validated security threats using Microsoft
Sentinel SIEM, security log analysis tools, and threat intelligence
platforms
Managed incident and change requests related to endpoint
security infrastructure, antivirus software deployments, and
malware infection remediation through ServiceNow platform
Provided Level 2 and Level 3 technical support for complex
endpoint security issues, troubleshooting and resolving critical
security problems with minimal business impact
Troubleshot and resolved corrupted Microsoft Defender AV
and Windows Defender ATP installations to enhance
organizational security posture and ensure continuous
protection
Successfully managed large-scale migration of antivirus
infrastructure from on-premises Symantec Endpoint Protection
to cloud-based Microsoft Defender for Endpoint for 8, 000+
endpoints
Analyzed security logs from intrusion detection/prevention
systems, network devices, and antivirus platforms to proactively
identify emerging threats and attack patterns
Researched and documented endpoint security best
practices, creating comprehensive knowledge base articles to
continually improve security controls and compliance
Created and delivered detailed security reports to business
stakeholders on endpoint protection status, compliance metrics,
and threat landscape insights

Conducted comprehensive architecture assessment of
enterprise endpoint security infrastructure for multiple Fortune
500 customers, identifying optimization opportunities
Defined project scope, objectives, and deliverables based on
strategic business requirements and cybersecurity compliance
mandates
Analyzed existing security environments, identified critical
vulnerabilities, and recommended targeted security hardening
measures to reduce attack surface
Performed in-depth policy review and fine-tuning of security
configurations to optimize protection levels while reducing false
positive alerts by 30%
Managed enterprise endpoint security tools including
Microsoft Defender, Defender for Cloud (ATP), Defender for
Identity, and F-Secure AV solutions across client environments
Coordinated technology migration initiatives combining
business process improvement with endpoint security platform
implementations
Executed major version upgrades for Defender ATP, antivirus
clients, and security platforms across 5, 000+ endpoints while
maintaining business operations continuity
Investigated complex EDR alerts and modified detection rules
based on customer operational requirements and threat
intelligence
Managed and successfully remediated ransomware
incidents and advanced persistent threats on endpoint
environments, minimizing data loss and business impact
Led security training and knowledge transfer initiatives for
client transition teams, ensuring smooth handover and
operational continuity
Assessed and documented cyber threat risks, developed
comprehensive mitigation strategies, and executed risk
management plans aligned with business objectives
Created and maintained project documentation including
status reports, project plans, technical documentation, and
knowledge base articles
Provided Level 2 and Level 3 technical support for endpoint
security implementations and complex incident response
scenarios
Prepared monthly compliance, reconciliation, and threat
analysis reports to validate security environment status and
demonstrate regulatory compliance
Conducted regular risk assessments to maintain security
compliance and identify configuration gaps requiring immediate
remediation

• Conduct in-depth analysis of security events and incidents, delivering actionable remediation strategies to server and desktop owners to enhance overall security posture.
• Execute critical projects and tasks focused on Endpoint technologies, ensuring robust protection for workstations, laptops, mainframes, and servers.
• Proficient in both Windows and Linux operating systems, leveraging expertise to optimize security measures across diverse platforms.
• Utilize Microsoft technologies, including Microsoft Defender, SCEP, and Defender for Cloud (ATP), to implement advanced security solutions.
• Provide Level 2 and Level 3 support, efficiently resolving complex issues and contributing to seamless Business As Usual (BAU) operations.
• Employ tools such as Microsoft Defender to strengthen endpoint security and enhance threat detection capabilities.

Managed enterprise endpoint security platforms including
CrowdStrike Falcon, Symantec Endpoint Protection Manager
(SEPM), McAfee ePO, and Microsoft SCEP across 20, 000+ global
endpoints
Detected and resolved security issues through continuous
24/7 monitoring, created customer support tickets, and managed
security problems through complete resolution
Monitored and controlled performance of enterprise security
safeguards, maintaining 98% compliance with security policy
requirements across all managed endpoints
Handled change requests and incident management related
to endpoint security deployments, malware incidents, and
BitLocker encryption implementations
Provided Level 1 and Level 2 technical support to internal
teams and external customers for diverse endpoint security
issues and security tool troubleshooting
Conducted vulnerability assessments using industry-standard
tools and recommended practical solutions to management for
identified security gaps
Maintained comprehensive security documentation including
standard operating procedures, troubleshooting guides, and
process documentation following customer-defined operational
standards
Coordinated virus definition updates, security policy
deployments, and disaster recovery activities for mission-critical
security infrastructure
Managed application whitelisting and device control using
Carbon Black platform, controlling file and application execution
across enterprise environment
Conducted F-Secure antivirus upgrades to mitigate critical
Apache Log4j vulnerability exploits across managed endpoint
infrastructure
Utilized security log validation and analysis tools including
Symdiag, Event Viewer, Microsoft Defender Client Analyzer, and
Process Monitor for comprehensive threat investigation
Established regular communication cadence with customers
and account management teams to discuss security analysis
findings and incident trend reporting
Coordinated with cross-functional technical teams for
integrated threat remediation and comprehensive security
incident response
Prepared customized security reports (daily, weekly, monthly)
for customers documenting threat activity, compliance status,
and security metrics
Managed incident tracking and resolution using enterprise
ticketing systems including BMC Remedy and ServiceNow
platforms

• Operated and maintained advanced security solutions including CrowdStrike, SEPM, McAfee ePO, and SCEP to enhance endpoint security.
• Proactively detected security issues, created customer tickets, and managed incidents to resolution, ensuring minimal disruption.
• Monitored and controlled the performance and status of security safeguards, contributing to a robust security posture.
• Managed change requests for endpoint security AV requirements and effectively addressed incidents related to malware and encryption.
• Provided comprehensive technical support, including monitoring, reporting, and tool administration, to optimize security operations and enhance incident response capabilities.