Initializing security protocols...
Available for Opportunities

Sneha Laxmi

Incident Response Malware Analysis VAPT GRC Digital Forensics

Cybersecurity professional protecting government infrastructure — from dissecting malware and executing penetration tests to framing crisis management plans and training law enforcement agencies.

View Work Contact Me Download CV
3+
Yrs in Cyber
8+
Certifications
5+
Projects
sneha@cert-uk:~$
// 01. about

Who I Am

🛡️
Incident Response Malware Analysis VAPT GRC Threat Intel ISO 27001 LA DFIR SOC

I'm a Cybersecurity Professional currently serving as Incident Response Specialist & Malware Analyst at CERT-Uttarakhand, Government of Uttarakhand — where I lead threat investigations, execute government-mandated VAPT, drive ISO/IEC 27001:2022 compliance, and train government officers and law enforcement agencies.

My work spans the full threat lifecycle: detecting anomalous activity in the State Data Centre, performing static/dynamic malware analysis, mapping TTPs to MITRE ATT&CK, and translating technical findings into strategic remediation reports. I also contributed to framing the State Cyber Crisis Management Plan (CCMP).

I'm pursuing an M.Sc. in Cyber Security & Digital Forensics at Rashtriya Raksha University (MoD, Govt. of India), and actively sharpen my skills on Hack The Box and TryHackMe.

Jamshedpur, JH / Dehradun, UK
theslj.21@gmail.com
+91 80929 09384
linkedin.com/in/theslj21
github.com/theslj21
// 02. skills

Technical Arsenal

Defensive Security
Incident Response90%
Digital Forensics85%
Threat Hunting80%
SIEM / Log Analysis78%
AutopsyFTKVolatilityELK Stack
Malware Analysis
Static Analysis88%
Dynamic Analysis85%
Android RE82%
YARA Rules80%
GhidraIDA FreeFridaMobSFAny.run
Offensive / VAPT
Web App VAPT85%
Network Pentesting78%
Android Pentesting80%
Recon & OSINT75%
Burp SuiteNmapMetasploitMaltegoWireshark
GRC & Compliance
ISO 27001:202290%
Risk Assessment85%
Policy Drafting82%
Audit Preparation80%
ISO/IEC 27001ISO 42001CCMPOWASP
Programming & ML
Python85%
Bash / PowerShell75%
Machine Learning72%
PythonBashScikit-learnYARA
Networking & Infrastructure
TCP/IP & Protocols82%
DDI (DNS/DHCP/IPAM)78%
Firewall & VPN75%
WiresharkNmapFirewallsVPN
// 03. experience

Work Experience

Incident Response Specialist & Malware Analyst
Jan 2026 – Present
CERT-Uttarakhand, Government of Uttarakhand  ·  Dehradun
  • Led end-to-end incident response lifecycle — detection through post-incident reporting — and performed static/dynamic malware analysis mapped to MITRE ATT&CK.
  • Executed VAPT engagements for state government websites; documented vulnerabilities per OWASP Top 10 and monitored State Data Centre (SDC), DDI, and DSM platforms for malicious activity.
  • Drove ISO/IEC 27001:2022 implementation — gap assessments, control mapping, policy drafting, internal audit prep; contributed to framing the State Cyber Crisis Management Plan (CCMP).
  • Designed and delivered Cybersecurity & Ethical Hacking training for Government officers and LEA with hands-on lab environments.
MITRE ATT&CKVAPTISO 27001Malware AnalysisCCMPDDILEA Training
Threat Analytics Intern — Malware Analysis Division
Jun – Aug 2025
I4C (Indian Cyber Crime Coordination Centre), MHA, GoI  ·  New Delhi
  • Analysed Android malware samples in a secure environment; documented behavioural indicators, C2 patterns, and evasion techniques.
  • Produced structured reports correlating findings with threat actor TTPs for law enforcement and national security teams.
Android MalwareThreat IntelTTP MappingC2 Analysis
Cyber Forensics Intern
Oct 2023 – Apr 2024
State Cyber Crime Police Station, CID, Jharkhand  ·  Ranchi
  • Assisted in forensic investigations — disk imaging, evidence acquisition, chain-of-custody documentation compliant with legal standards.
  • Prepared forensic reports from storage media and log analysis for use in judicial proceedings.
Digital ForensicsEvidence HandlingLegal Compliance
// 04. projects

Key Projects

🤖
Active
AstraDroid
Problem: No automated pipeline for full-cycle Android APK analysis
Automated Android malware analysis framework integrating static analysis, dynamic behaviour monitoring via Frida, YARA scanning, and MITRE ATT&CK mapping. Supports bulk APK processing.
Outcome: Generates IOCs, risk scores, screenshots, and analyst-ready reports automatically
PythonFridaYARAMITRE ATT&CKAndroid
🔍
Completed
Cyber Chakshu
Problem: Manual detection of anti-India misinformation campaigns at scale
AI-powered ML pipeline detecting misinformation, propaganda, and anti-India narratives in real time. Includes severity tagging, automated anomaly flagging, and a live monitoring dashboard.
Outcome: Real-time threat scoring + dashboard; designed for multi-agency deployment
PythonMLNLPDashboard
🖥️
Completed
Cross-Platform Malware Analysis Lab
Problem: Lack of comparative OS-level malware behaviour data
Isolated Proxmox virtual environments (Windows & Linux) for comparative static/dynamic malware analysis across OS architectures. Documented evasion behaviours and execution differences.
Outcome: Reproducible threat-behaviour reference dataset across OS platforms
ProxmoxWindowsLinuxSandbox
SIH Finalist
Cyber Triage Automation Tool
Problem: Manual evidence triage is slow in active incidents
Automated digital evidence triage tool built for the NIA problem statement at Smart India Hackathon 2024. Parses storage, memory, and log artefacts; scoring logic prioritises critical evidence.
Outcome: National Finalist — NIA selected; accelerates investigator decision-making
PythonDFIRAutomationNIA
🎓
Dissertation
Phishing Identification Model
Problem: Phishing URLs bypass traditional security filters
Supervised ML model detecting phishing websites and emails via URL and HTML feature extraction. Integrated into forensic workflows to aid digital crime investigations during internship.
Outcome: Demonstrated applicability in real-world digital crime cases during CID internship
PythonScikit-learnNLPForensics
// 05. certifications

Certifications

ISO/IEC 27001:2022 & 42001:2023 Lead Auditor
Mastermind
CCSP-AWS — Certified Cloud Security Practitioner
The SecOps Group
Malware Analysis and Reverse Engineering
IBM / Coursera
Secure SDLC Practices Professional
C-DAC Hyderabad & IIT Bhilai
DFIR Basics & SOC Fundamentals
John Strand (Security Training)
Machine Learning Specialization
Stanford University / Coursera
Cryptography
Stanford University / Coursera
Cisco: Cybersecurity Essentials, CCNA, Python
Cisco Networking Academy
// 06. achievements

Achievements & Leadership

🏆
Bharat NCX 2024 & 2025 — Training Assistant
Facilitated national cybersecurity exercise tracks — malware labs, forensic simulations, Stratex strategy sessions at NCIIPC CII SecX 2025 with industry leaders.
🥇
Smart India Hackathon 2024 — National Finalist
NIA-sponsored cyber investigation problem statement. Delivered a working prototype under competitive conditions with a multidisciplinary team.
🎯
HTB & TryHackMe — Active Practitioner
Consistent engagement on HTB (A019E2A3A8) and THM (theslj.21) demonstrating real-world offensive and defensive security skills.
👑
President — Interact & Rotary Club (2015–2020)
5 years of leadership across community and academic initiatives. Received excellence awards for leadership and social contribution.
🥋
Karate — Black Belt (1st Dan)
State and national level representation as competitor and official. Demonstrates discipline and structured goal attainment under pressure.
// 07. profiles

Find Me Online

LinkedIn
theslj21
Professional network
GitHub
theslj21
Code & projects
Hack The Box
A019E2A3A8
Active practitioner
TryHackMe
theslj.21
Active practitioner
// 08. education

Education

M.Sc. in Cyber Security & Digital Forensics
Rashtriya Raksha University, Gandhinagar, Gujarat
2024 – 2026  ·  Under Ministry of Defence, Government of India
CGPA: 7.2 / 10
// 09. research & blog

Research & Writing

📱
Android Security
Dissecting Android Malware: A Full Static & Dynamic Analysis Workflow
A deep-dive into analysing Android APKs using Ghidra, Frida, and YARA — from manifest inspection to runtime behavioural monitoring.
Coming soonRead →
🔐
GRC
ISO/IEC 27001:2022 in Government: Lessons from the Field
Practical insights from implementing ISO 27001 across government entities — gap assessments, control mapping, and the CCMP framing process.
Coming soonRead →
🕵️
Incident Response
State-Level Incident Response: Challenges & Playbooks
How to structure incident response at scale for government infrastructure — from DDI monitoring to post-incident remediation reports.
Coming soonRead →
// 10. contact

Let's Connect

Open to roles in Incident Response, Malware Analysis, GRC, VAPT, and SOC. Also available for consulting, security training, and research collaborations.

theslj.21@gmail.com linkedin.com/in/theslj21 github.com/theslj21 +91 80929 09384
Send a Message

Message sent!
I'll get back to you soon.