Apr 2020 – Aug 2024 · 4 yrs 4 mos · Pune, Maharashtra · Hybrid

• Work closely with security and compliance teams to ensure that all the measures are in place before deployments
• Perform security design reviews and assessments
• Architect, deploy and maintain proactive security tools including, but not limited to: firewalls, file integrity monitoring, antivirus, static code analysis, application security, single sign-on, and custom tools
• Manage security vulnerabilities and compliance for JPMorgan Chase & Co. Web Applications and Data Stores
• Contribute to JPMorgan Chase & Co. security strategy, vision and roadmap
• Define and iterate upon best security practices
• Create and foster a security culture in cloud operations and development
• Collaborate with Engineering and Operations teams to address security vulnerabilities and risks.
• Monitor and analyze security data
• Produce and present security reports for management
• Take part in red-team and offensive security exercises where applicable
• Advocate Security best practices throughout the organisation
• Advise product and operations teams on product and infrastructure security as the Security subject matter expert (SME)
• Support and deliver upon assigned security projects
• Automation of vulnerability assessments and other security related SecOps tasks
• Resolve security issues from assessments and other sources
• Participate in Security Incident On-call rotation

Jan 2020 – Apr 2020 · 3 mos · Pune Area, India

• The role includes providing expertise for planning and execution of QiO Security Policies & Procedures. This covers consulting with Clients when appropriate to ensure that QiO security capabilities are defined, understood and accepted. Work closely with Infrastructure and Operations team to ensure internal security levels are adequately monitored and maintained.
• Key Responsibilities
• · Understanding of SDLC, project planning and DevOps
• · Research, design and support the implementation of information security solutions for the organization.
• · Articulate Security Analysis findings and provide remediation strategies as well as Security Threat Modeling.
• · Create regular reports and update Sr. Management of all the important incidents and threats.
• · Records, investigates and resolves security incidents and breaches
• · Research, implement and improve QIOs DevSecOps practice
• · Monitoring of security systems, alerts and events within SIEM
• · Providing advice and education to the QIO teams
• · Co-ordinates internal and external audits
• · Assures compliance with ISO 27001, ISO9001 etc.

Jan 2018 – Jan 2020 · 2 yrs · Gurgaon, India

• Currently working with Fiserv as a Information Security Analyst and based out of the Corporate office in Gurgaon. Around 5 years experience in Web application security, web services security, mobile application security assessments and Secure source code review for clients and internal projects.
• Experience in assessing Cloud Security and IoT security. Co-ordinating with the Penetration testing team and the end to end security projects. Also responsible for guiding developers around remediation of vulnerabilities and attacks.
• Presenting research and talks in various conference and community events.

Aug 2016 – Dec 2017 · 1 yr 4 mos · New Delhi Area, India

• Currently working with Security Compass as a Consultant - Advisory and based out of the Corporate office in Gurgaon. More than 1.5 years experience in Web application security, web services security, mobile application security assessments and Secure source code review for clients and internal projects. Experience in assessing Cloud Security and IoT security. Also responsible for managing the projects of Penetration Testing and Security consulting. Co-ordinating with the Penetration testing team and the end to end security projects. Also responsible for guiding developers around remediation of vulnerabilities and attacks.
• Presenting research and talks in various community events.
• Writing blogs, answers to queries around appsec on platforms like Quora and Peerlyst.

Jun 2016 – Aug 2016 · 2 mos · Gurgaon, India

• Currently working with PwC (Big 4 consulting firm) as a Consultant - Risk Assurance and based out of the Corporate office in Gurgaon.More than 1.5 years experience in Web application security, web services security, mobile application security assessments,advanced concepts associated with system networking and Secure source code review for clients and internal projects.
• Experience in assessing Cloud Security and IoT security.
• Also responsible for managing the projects of Penetration Testing and Security consulting. Co-ordinating with the Penetration testing team and the end to end security projects. Also responsible for guiding developers around remediation of vulnerabilities and attacks. Presenting the business criticality of vulnerabilities to the Senior management.

Apr 2016 – Present · 9 yrs 11 mos · National Capital Region, India

• Cloud Security Alliance India or simply CSA India is a non-profit organization under Cloud Security Alliance. CSA India is a Regional Coordinating Body formed alongwith IT professionals all over India, to contribute in the growing field of Cloud Computing Security.
• The mission of the group is in line with the CSA global chapter which is: "To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing."

Jan 2015 – May 2016 · 1 yr 4 mos · NOIDA

• Responsible for managing the projects of Penetration Testing and Security consulting. Co-ordinating with the Penetration testing team and end to end security projects. Also responsible for training developers and peers for new vulnerabilities and attacks. Presenting the organization at various conferences and meet-ups.

Dec 2014 – Jan 2015 · 1 mo · New Delhi Area, India

• Created the social media strategy and organized the social media campaign.

Jun 2013 – Jan 2015 · 1 yr 7 mos