Jul 2024 – Mar 2025 · 8 mos · Chennai, Tamil Nadu, India · Hybrid

Jul 2022 – Jul 2024 · 2 yrs · Chennai, Tamil Nadu, India

• VULNERABILITY MANAGEMENT AND GOVERNANCE:
• · Participated in project migration towards Qualys while working as a SME and portfolio lead for vulnerability management.
• · Worked in collaboration with administrators and business representatives to address vulnerabilities and conduct routine follow-ups.
• · Exchanging knowledge on prioritizations and methods for handling vulnerability reports.
• · Security Advisory communication to the appropriate teams urging them to take immediate action on vulnerabilities exposed to the environment.
• · Managing VM tool, performing ad-hoc and scheduled scans on environment devices. Providing a thorough report with the apt teams for remediation.
• · Facilitating client engagement discussions on the environment's security posture and progress.
• · Adding value to the client's experience by building personalised dashboards and integrating security technologies to show the environment's security posture.
• · Recording operations for audit and future use, such as through developing Runbooks, SOP, and trackers.
• · Utilized a tool for asset management and coverage, and regularly checked platforms to address areas that needed improvement.
• · Developing automatic report delivery to the proper parties for carried out scans.

Apr 2021 – Jun 2022 · 1 yr 2 mos · Chennai, Tamil Nadu, India

• · Performing Vulnerability scans for larger scope of assets and delivering support on mitigation strategies by coordinating with stakeholders.
• · Accomplish Policy compliance scan for the assets defined within the scope to reduce risk and continuously comply with internal policies and external regulations.
• · Execute Web Application Scans via Qualys to help prevent black listing and brand reputation damage.
• · Provide recommendations on improving the security posture of the client’s enterprise
• · Understand approaches for addressing vulnerabilities including system patching, deployment of specialized controls or infrastructure changes
• · Identify and resolve any false positive findings in assessment results
• · Documents all issues and assists in their resolution
• · Delivers security training and education to technical staff within findings and acts as an internal security consultant to advise technical partners
• · Work independently and manage workload with organization to meet expectations and objectives
• · Help standardize processes and procedures and provide improvement

Jul 2019 – Mar 2021 · 1 yr 8 mos · Chennai, Tamil Nadu

• · Dynamic, Static and behavioral analysis of software by means of Sandbox and multi-AV engine scanners.
• · Performing legitimacy checks on software considering its core functionality and malware analysis.
• · Vulnerability remediation follow-ups and governance towards closure.
• · Validation remediation and guiding appropriate teams for fixing the issue.
• · Deployed opensource Sandbox for various analysis with respect to software and recorded detections.
• · Proof of Concepts – TrendMicro DSM, P2P software testing, Virus Total Enterprise
• · Shared Mailbox conservation
• · Symantec CloudSOC CASB cloud application ratifying
• · Actionizing and validating the parent domain in addition to SaaS based applications at corporate proxy basis user’s session transaction via CASB.
• · Hindering domains and unsolicited applications in the direction of Org’s Information Security Policy.

May 2017 – Jun 2019 · 2 yrs 1 mo · Chennai, Tamil Nadu

• TECHNOLOGY SECURITY HARDENING BASELINES:
• · Develop secure configuration recommendations intended for OS, Web/App/DB, network devices and endpoints devices aimed at establishing compliance in accordance to information security baselines.
• · Troubleshooting and identifying the root cause of issues faced on provided recommendations.
• VULNERABILITY MANAGEMENT:
• · Evaluating security risks and deliver appropriate mitigation strategies.
• · Assessed servers, endpoints, servers and network devices from security standpoint as an act towards security receptiveness.
• · Identified vulnerabilities and recommended mitigating / compensating controls.
• · System Vulnerability assessment via Qualys.
• ADVISORY MANAGEMENT:
• · Indorse essential fixes/patches released by vendors Org-wide.
• · Notifying advisories to projects accompanying infra devices.
• SOFTWARE & WEB URL RISK ASSESSMENT:
• · Assessing software from security posture and labelling in the track of the firm’s policy.
• · Evaluating public URLs basis corporate’s internet policy.