Jul 2024 – Present · 1 yr 8 mos · Hybrid

Oct 2022 – Jul 2024 · 1 yr 9 mos · Greater Bengaluru Area · Hybrid

Feb 2021 – Oct 2022 · 1 yr 8 mos

• Maintaining PCI DSS compliance, carrying out Quarterly Scanning activities such as ASV, IVA, User Access Review.
• Performing Vulnerability Assessment and Penetration Testing, Threat Assessment using automated and manual methods, API testing.
• Managing Security Operations, Monitoring and reporting using Wazuh and AWS Security Services such as Guard duty, cloud trail and Security hub.
• Day in Day out working on Qualys, Metasploit, Graylog, AWS Security Services such as Inspector, WAF Rule Tuning.
• Incident Response, forensics on the cloud, identifying anomalies, breaches, and their remediation
• Working on Security Information and Event Management (SIEM) tools like Splunk, Graylog, Wazuh, OSSEC
• Checking for hardening of Systems, Networks and Databases with frameworks like CIS Benchmarks, NIST etc, on a periodic basis and work closely with DevOps to achieve appropriate benchmarks.
• Working on JIRA, BitBuket, Confluence to document Policy, Procedures, Change management and track various internal security issues raised and drive them to closure.
• Configuring and Closely monitoring Endpoint Protection and Patch Management using Sophos, SanerNow, and DLP rules on Gmai, TrendMicro and Central Sophos.

Aug 2018 – Nov 2020 · 2 yrs 3 mos

• Leading a team of 12-15 Consultants in the conduct of in-depth vulnerability assessment, penetration testing and Red Teaming of Enterprise IT systems and to provide cybersecurity assurance against sophisticated attackers through attack simulation.
• Working Closely with respective stakeholders to facilitate the tests, provide technical consultancy, report vulnerabilities and recommend remediation/mitigation actions.
• Manage a team of specialists and oversee their VAPT technical skills and development.
• Research and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, network security, and encryption.
• Create, Verify and update Processes on a periodic basis in line with various industry requirements and various use cases based on client need.
• Day in - day out working on Qualys Guard, Nessus, Metasploit, Various appropriate pen testing tools on Kali Linux.
• Create individual KRA/KPIs for team members and Perform assessments for the same in line with individual performances.
• Create OKRs for the team and direct towards team members OKR creations and Drive the same to closure by consistent follow ups and handheld ICs to achieve the same.

Oct 2017 – Aug 2018 · 10 mos

• Develop scripts, tools, or methodologies to enhance SISA's Red teaming processes, Perform network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments.
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
• Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel.
• Recognise and safely utilise attacker tools, tactics, and procedures, Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff.

Feb 2017 – Dec 2024 · 7 yrs 10 mos

Jun 2015 – Feb 2017 · 1 yr 8 mos · Bengaluru Area, India

• Fraud/Risk Investigations in Amazon Web Services using powerful and intuitive internal software.
• Individual problem-solving and analytical skills used to authenticate customers, complex transactions and customer's accounts
• Engage in frequent written and verbal communication with :
• Department management
• Risk analysts and engineers and other company associates
• Third parties/bank’s department to review and examine suspicious activity.
• Email operations in Amazon Simple Email Service
• Regularly monitor outbound email campaigns and ensure they are complying with the Amazon SES rules of use and ensure adherence to best practices
• Work with Client Services to correct non-compliance issues, make recommendations and explain risks to clients
• Understanding the situation more precisely, Quick Decision Making and Risk Management.
• Be more customer-centric and serve responsibly. Capability to exceed goals.
• Managing workflow on a daily basis