Dec 2023 – Mar 2025 · 1 yr 3 mos · New York, United States

• Led enterprise-wide vulnerability management initiatives across AWS's global infrastructure, driving critical response to major security incidents affecting multiple service teams.
• Designed and implemented fleet-wide OS vulnerability assessment methodology, analyzing over 13 million hosts and achieving 99% reduction in critical vulnerabilities through data-driven risk assessment and targeted remediation.
• Architected Fargate dataplane patching automation solution, reducing patch deployment time from 18 days to 15 hours (96% reduction).
• Identified and drove resolution in systemic issues in SSM Agent's Windows update reporting system, fixing long-standing WMI data collection defects that impacted all tools levering patching data generated by the SSM agent.
• Identified and drove resolution of critical blind spots in vulnerability detection pipeline, identifying 450+ unmonitored security advisories across 73 packages, including critical severity vulnerabilities affecting production systems.
• Identified and drove resolution of a systemic flaw in vulnerability severity algorithm that was incorrectly downgrading 59% of critical security findings, significantly improving enterprise risk visibility and reporting accuracy.
• Developed tracking mechanisms for security assessments, enabling improved fleet security posture monitoring.
• Built and implemented custom SQL queries and data analysis tools for large-scale vulnerability tracking across multiple data sources.
• Led security assessments for multiple compliance audits, ensuring continued operations in multiple regions.
• Driving organizational initiative to remediate long-lived hosts exceeding SLA, achieving 80.1% overall remediation and 99.91% for AWS-managed hosts.
• Serve as mentor for Vulnerability Management in the Aspiring Security Engineers Program (ASE), contributing to curriculum development.

Jun 2021 – Dec 2023 · 2 yrs 6 mos · New York, United States

Nov 2015 – Jun 2021 · 5 yrs 7 mos

• Manage the Infrastructure Vulnerability Scanning program at Bloomberg (scanning over 280 thousand assets across Bloomberg and it’s affiliates) leveraging Rapid7 Nexpose and Qualys scanners. Automated integration with Bloomberg’s proprietary network inventory sources with Rapid7 Nexpose scanner and quality control checks on the scanning infrastructure.
• Designed and Developed an innovative custom workflow management, prioritization and vulnerability state tracking web application tool (VEM-Vulnerability Event Manager) that is leveraged by Threat and Vulnerability management team to assess and initiate remediation on all vulnerabilities identified across multiple sources. The tool was developed in house leveraging Django web framework, NGINX, React JS and MySQL database. The tool integrates with Rapid7 Nexpose scanners, multiple third party intel providers, SSL Labs, multiple SCCM instances, network & asset inventory sources, Bloomberg’s proprietary ticketing systems and Jira.
• Currently setting up the Cloud Vulnerability assessment program to assess and initiate remediation on vulnerabilities in AWS and Azure leveraging AWS Inspector, Dome9, Rapid7 scanners and GuardDuty.
• Develop, manage and enhance a central CRCO dashboard summarizing the risk identified for senior management leveraging QlikSense.
• Management of vulnerability lifecycle: ensuring timelines, recording evidence as needed, and coordinating with key stakeholders to ensure compliance. Lead committee(s) to analyze vulnerabilities and their impact to assess risk ratings.
• Created a Blooomberg-specific Vulnerability Risk Rating methodology to prioritize vulnerabilities.
• Manage reports for regulated entities and quarterly external Pen Test assessments.

Aug 2013 – Nov 2015 · 2 yrs 3 mos · 30 Rockefeller Center NY

• Pen Testing - Evaluate the security of an IT infrastructure by safely attempting to exploit system vulnerabilities, including OS, service and application flaws & improper configurations.
• Vulnerability Assessment - Conduct security tests on client’s internal and external network
• simulating a real world hacker. The work involved application and network security scans,
• creating data capture sheet, false positive testing, false negative testing, manual testing and
• creating the final report.
• Wireless Vulnerability Assessment
• Static Source Code Review using HP Fortify and IBM App Scan
• IRS SCSEM Testing – Performed configuration testing for Oracle 11g database, Linux, Windows,
• VPN & Firewall.
• Social Engineering
• Physical Walkthrough and USB testing.
• Received Deloitte Applause Award in recognition of exemplary performance.

Feb 2013 – Aug 2013 · 6 mos · 485 Madison Avenue NY

• Manage communications with pilot participants to assist in design and execution of mobile device pilots. Conduct QA and UX testing on newly developed mobile apps and CRM tools. Worked on Google Static Maps API for the iOS Know Directory.

Jun 2012 – Jul 2012 · 1 mo · Pune Area, India

• Worked on a Web App that allowed the administrators to create a hierarchy of users and groups, granting users variable access to files and folders while restricting transfer protocols for users depending on their project/group needs.Wrote, tested and debugged Linux shell scripts.Created custom exceptions in Java and also handled rollback mechanism.