RAJ GHATTAORAYA

MOD/NATO Corsham

Cybersecurity & SIEM Consultant | July 2017 – Present

• Working within a team of 4 SIEM Consultants, specializing in the Design and Architecture of Cyber SIEM Solution integrating Splunk Enterprise/Security, to co-habit and link into the TIP (TANIUM), producing High Level Design Documentation documenting each step in detail according to the requirements of NATO/MOD. More detailed information is listed under the project highlights. 
• Design/Implementation of the Complete Microsoft Defender Suite of Tools – Defender XDR, Defender for EDR, Defender for O365, Defender for IDAM, and Sentinel. Ongoing detailed checks, update, develop and implement new security policies for the O365 On Prem and Cloud Portals, Prior to this task, communications are sent out to let the users know of the changes that will be implemented, any issues get fixed in a timely manner and all changes are documented. Regular Audits are checked working to the RISK Assessment guidelines. Keeping a vigilant eye on the APT Groups in the real world, any issues that get foreseen, the relevant Advanced Threat Policies are immediately implemented to detect and mitigate the threats before they occur in the vast attack surface. Internally we have configured the M365 Defender EDR /XDR /Sentinel to work with the AI Agents that the TIP (Tanium Threat Intelligence Platform) has the capability to detect and eradicate the threats if any are found. Policies and Agents are put in place in new Endpoints and existing endpoints. Zero Trust and CIA Frameworks are applied to the Attack Surface which is monitored 24/7 with the tools in place like TANIUM, ELASTICSEARCH which has the built in AI Engine, SPLUNK, SOLARWINDS and TRIPWIR360. The reason for this much monitoring is because MOD is in its own a very large surface that can be attacked which can cause a detrimental security breach
• Lead Threat Intelligence & Incident Response for NATO & MOD networks, analyzing Indicators of Compromise (IOCs) using tools like Splunk, Tanium, ELK, and Wireshark.
• Threat Detection & Analysis – Log Monitoring using tools Syslog, Auditlog, and Splunk to analyze system logs for anomalies.
• Threat Hunting & Exploitation – Consistently checking for any Threats, Vulnerabilities, or Exploits from Threat Actors like the APT Groups using built in tools in KALI LINUX/KALI PURPLE like
  • Metasploit – The Penetration Testing Framework used at MOD/NATO to identify vulnerabilities.
  • Maltego – As mentioned the APT Groups in the real world are causing havoc, so this is a valuable tool that I use daily to map relationships between the Threat Actors present out there and any Compromised Systems that get attacked, so that I can better understand how this can be prevented from reoccurring again,
  • Yara – Another valuable tool that helps me to Identify the Malware Families based on patterns.
• System Hardening & Defense
  • Lynis - Since most of the backbone is comprised of Linux Systems, this tool is invaluable as it allows me to Audit the Linux Systems for any Weaknesses.
  • Fail2ban - useful tool again that allows me to block malicious IP’s based on Failed Logins, hence controls any DDOS Attacks, a threat actor trying hack into a compromised system where he has managed to gain the username but is trying to figure out the password.
  • Snort – Monitoring real time threats on the MOD/NATO Attack Surface using this Intrusion Detection System. Very helpful tool.
• Network Traffic Analysis – Inspect network activity using Wireshark, Procmon, Inetsim, Zeek, Nmap, TCPDump to detect suspicious connections. Checking for Host and Network Based Indicators.
• Malware Scanning – Deploy and configure rulesets in the Tanium Linux Paltform, Deploy RKHunter to identify Malware Infections, Checking the Process Tree Tool built into the TANIUM LINUX TIP Platform, verifying any abnormalities when a threat is Detected. Use tools like Autospy, SleuthKit, Floss, Virustotal,  PeStudio, PEView, CAPA, 
• Process Inspection (PID) on Linux and Windows - Use PS, Top, and Isof to check for unauthorized processes running on the system.
• Incident Response & Eradication
  • Kill Malicious Processes – Identify and Terminate rogue processes using PKILL or KILL commands.
  • Quarantine Suspicious Files – Move infected files to a secure location for further analysis.
  • Patch & Update – Ensure the system is updated with the latest security patches using apt-update or yum-update.
  • Firewall & Access Control – Configure IPTABLES, NFTABLES, OR FIREWALLD, to block malicious traffic.
  • Configure WEBPROXY Servers – Install, Setup and Configure the Webproxy Servers to make sure that the comms between the Internet and the users is protect malicious DDOS Attacks or any type of Cyber Threats.
• Advanced Threat Hunting – Working at MOD/NATO protecting the large global Attack Surface is crucial.
  • Memory Forensics – Use the Volatility Tool in Linux, to analyze system memory on EDR/XDR Devices for hidden threats. Insider Threats are the biggest concern where someone most likely will plug a device into the Network.
  • Rootkit Detection – Scan for rootkits using CHKROOTKIT OR RKHUNTER.
  • Behavioral Analysis – Monitor System Behavior using AUDITD AND OSSEC. 
• Implementation of the TANIUM TIP Infrastructure in the NATO Estate with SOLARWINDS as the SOAR Platform, and ELASTIC (ELK) as the Security Event management Tool.
• Conduct penetration testing (Red vs. Blue Team) to assess security risks, identify vulnerabilities, and implement remediation strategies.
• Manage SIEM & SOAR Platforms (Splunk Phantom, Tanium Threat Response) to automate and orchestrate security workflows.
• Perform risk assessments & audits aligned with Malware Behavioral Catalog, NIST & MITRE ATT&CK frameworks, ensuring compliance with NATO/MOD security policies.
• Deploy Zero Trust Architecture, securing networks through IAM, endpoint security, and threat detection measures.
• Lead weekly security briefings and train junior analysts on cyber threat detection & mitigation strategies.
• Oversee security for 30,000+ endpoints across MOD/NATO sites, ensuring patching, hardening, and compliance.

TECHNICAL PROFICIENCIES

🛠 SOC CENTER DESIGN & IMPLEMETATION, SIEM & Security Tools: Microsoft Defender XDR Splunk, Tanium TIP Platform, ELK Stack, SolarWinds, Wireshark, Nessus
☁ Cloud & DevOps: AWS, Azure, Kubernetes, Docker, Ansible, Terraform
🖥 OS & Infrastructure: Windows Server (2012-2022), Linux (RHEL, CentOS, Ubuntu)
🔍 Threat Intelligence & Analysis: Cyber Kill Chain, CVE, OSINT, MISP

🎓 BSc in Computer Science | Brunel University, UK