Nov 2023 – Feb 2024 · 3 mos · Remote

• Conducted comprehensive security assessments for AWS cloud, ensuring robust security measures.
• Facilitated the integration and optimization of native security services within the AWS environment.
• Conducted thorough reviews of Terraform configurations to identify and address security issues. Implemented TfSec in CI/CD to review terraform code.
• Deployed and configured the Cloud Security Posture Management (CSPM) tool, Wiz, to enhance security posture.
• Developed InfoSec policy, Cloud Security policy, Change Management policy, and Incident Management policy and procedures documents.

Nov 2021 – Nov 2023 · 2 yrs · Bengaluru, Karnataka, India

• Everything Cloud Security & DevSecOps
• Implementation of security baseline standards for Cloud Infrastructure at CSK
• Working on AWS’s Cloud Security Services such as IAM (Identity and Access Management), SCP, Guard duty, SecurityHub, Trusted Advisor, Macie, Key Management Service, CloudTrail, Config, SSM (Patch Management), Cloudwatch events, VPC Flowlogs, Access Analyzer, etc.
• Working across various cloud security domains such as Cloud Security Posture Management, Identity and Access Management, Data Protection and its application, Patch Management
• Ensuing securing compliance (from SEBI) for security asset classes like Indian Equities / Mutual Fund
• Effectively integrated SCA (Software Composition Analysis) and SAST (Static Application Security Testing) via Snyk, bolstering the security of our CI/CD pipeline.
• Launched security automation initiatives, incorporating Slackbot, Wiz-jira, Wiz-AWS, Snyk-confluence, and Snyk-AWS code build, to close security vulnerabilities and enhance overall security measures.
• Established automated cloud security response mechanisms through Wiz to swiftly address critical and unauthorized changes.

Sep 2020 – Nov 2021 · 1 yr 2 mos

• Implementation of security baseline standards for Cloud Infrastructure at Nykaa
• Worked on various AWS’s Cloud Security Services
• Onboarded & configuration of all AWS accounts on Dome9(CSPM). Managing governance and compliance of each of AWS services and resources using Dome9 for CIS compliance benchmark.
• Performed POC and Implementation of Security tools - EDR(CrowdStrike), Email Security(Mimecast), Cloud Security Posture Mgmt(Dome9), SAST & SCA(Github Adv Security, Checkmarx, Blackduck)
• Created IRM from the scratch, made multiple runbooks for security incidents
• Compared different security products and interacting with different stakeholders and security service/solution providers.
• Setup Proper Incident response - Cloudwatch Events, Config rule alerts, EDR protection on EC2, Monitoring of Audit account Findings (GuardDuty, Security Hub, Macie)

Sep 2020 – Feb 2021 · 5 mos · United States

• Perform and coordinate penetration testing activities, ensuring that security testing is automated during development
• Implement application security tools and integrate them with the existing DevOps toolchain
• Support the testing tools SAST, DAST, and SCA - Checkmarx, Acunetix, BlackDuck
• Deployment & Integration of Risk-Based Vulnerability Management Software - Kenna Security
• Share results with product teams and security architects
• Work to ensure findings are remediated
• Provide vulnerability analysis, proper security tool integrations, and creation of metrics in order to support data-driven decision-making
• Work with development teams to ensure that appropriate assessment of security risks is performed
• Implement application security best practices according to industry-recognized standards and frameworks such as OWASP, SANS, CIS
• Kenna Security, BlackDuck, Checkmarx, Acunetix

Sep 2018 – Sep 2020 · 2 yrs · Gurgaon, India

• + Vulnerability Assessment and Penetration Testing - Internal and External. Expertise in
• identifying, Reporting, and mitigating security vulnerabilities associated with web applications. Working with different stakeholders to fix the vulnerability.
• + Bug bounty - Reports Triaging/Validating, response, Internal Jira ticket creation with
• Proper POCs and closure of bug bounty security issues raised on Cvent Responsible Disclosure program
• + Validation of Application security issues reported on DAST tools and opening Jira tickets
• + Static/Dynamic Source Code Analysis - SAST using Checkmarx and following Secure SDLC
• guidelines for Secure Development.
• + Participated in Secure code training and Security Champion Activity
• + Created monthly reports for Application Security Vulnerability reporting trends. Created
• monthly reports for 1 year trend for InfoSec KPIs.
• + Train and Mentor new InfoSec Analysts on processes, incident handling techniques, VA,
• DAST.
• + Worked on DEMISTO (SOAR)-Security Orchestration Automation and Response tool onboarding & Security Incident Playbook creation support.
• + Acted as a key contact for Deep analysis and POC creation for incidents escalated by SOC
• regarding Web application attacks.

Dec 2016 – Sep 2018 · 1 yr 9 mos

• + Good working knowledge on different SIEM platforms, real-time security events - monitoring and management.
• + Internal Server Security Certifications
• + Vulnerability Assessment and Security Auditing - Nessus & QualysGuard.
• + Analysis and mitigation of Phishing attacks, DLP alerts, Network and Web threats.
• + Conducted “Phishme” phishing simulation exercises to achieve user profiling for security
• best practice training.
• + AMEA Network Optimization:
• ANO SOC - Handling network security of Orange Affiliates present in Africa
• Responsible for preparing weekly and monthly report for ANO Affiliate country and present
• it to Affiliate’s security team.
• + CyberSOC International:
• Worked on Proactive and Reactive security incidents corresponding to some elite Orange
• customers.
• + Preparing technical analysis reports and dashboards of the weekly security incidents and
• their possible threats.
• + Excellent analytical Logs analysis, trends reporting, and troubleshooting skills.
• + Firewall Management - rule configuration and troubleshooting for different flow access
• issues. PAN, Cisco, Checkpoint, Juniper, Unix BSD - Packet Filters.
• + IPS Signature analysis and modification for minimizing false positive count that helped
• in alert overhead reduction.Alert Logic & Cisco Sourcefire IPS.
• + Managing Legal Obligation Regulatory Requests being an ISP

Aug 2016 – Nov 2016 · 3 mos

• Good working knowledge on SIEM tool, Real-time Security events - their monitoring and management.
• URL blocking activity using NetSweeper.

Feb 2016 – Apr 2016 · 2 mos · Hyderabad Area, India

• Perform vulnerability testing, risk analysis and security assessments
• Conduct internal and external security audits
• Analyze security breaches to determine their root cause
• Establish plans and protocols to protect digital files and information systems against unauthorized access, modification and/or destruction
• Train fellow employees in security awareness and procedures

Jun 2015 – Jul 2015 · 1 mo · Gurgaon, India

• I got the opportunity to watch various Police Station procedures that are being practically followed in Cybercrime cases. The Cyber Crime Cell is specifically framed to exclusively deal with disputes related to crimes that deal with the internet or computers in some way. I had a great opportunity to explore the cases that come in the Cyber Crime Cell during the period of my Internship. I worked on a project titled ”E-commerce Fraud and Investigation.”