Jun 2018 – Feb 2021 · 2 yrs 8 mos

Oct 2016 – Jun 2018 · 1 yr 8 mos

• Establish leadership and own the Security Incident management process & Response.
• Strengthen the attack detection and response processes by utilizing effective operational control of the environment, developing and integrating all resources, Threat Intelligence and other related processes.
• Expertise in cloud security domain, cloud architecture review, implementation of cloud security products in co-ordination with Cloud security Vendors, continuous monitoring of cloud deployment, incident response and root cause analysis of cloud threat vectors.
• Responsible for Vendor Management and effective use resources.
• Lead the implementation of various security products and effective utilization of products by incessant fine-tuning in line with emerging threats.
• SME for Critical Incidents investigation by analysis of various logs sources, reverse engineering, malware analysis and forensics methodologies.
• Develop and maintain processes and procedures used to manage SOC operations, Incident Response process and continuous improvement program.
• Understanding of advance attack vectors, zero day vulnerabilities and latest threats. Based on this, propose signatures and work towards deployment support with respective security vendors.
• Ensure Cyber Security Incident escalation process. Tracks, follows-up, and resolves incidents along with internal teams during investigation and mitigation.
• Expertise on Containment, Remediation, Mitigation & Post Incident Activities.
• Vulnerability management by identifying assets in organization and schedule them for scan. Follow up with asset owners for remediation.
• Provide awareness and training in relevant areas.

Sep 2013 – Sep 2016 · 3 yrs

• Perform incident response and network security monitoring using various technologies that may include IDS/IPS, Firewalls, Web Filtering, Security Monitoring tools and related products.
• SME for various Critical Security Incidents investigations.
• Expertise on performing Root cause analysis/Attack vectors of infection.
• Experienced in end to end Security products implementation.
• Skilled in Cloud security domain.
• Vulnerability assessment of digital titles and Internet facing servers.
• Web application assessment of third party applications.
• Risk assessment of pixels ,javascripts, skimlinks used for advertisement, survey, polling and other business purposes.
• Mobiles application penetration testing [Android].
• Performed security assessment of few titles in migration of outdated and unsecure content management system to more reliable and secure content management system.

Jun 2012 – Aug 2013 · 1 yr 2 mos

• Identification of potential vulnerabilities and suggestion for controls to mitigate them.
• Perform Vulnerability Assessment and Penetration Testing
• Perform forensic investigation of reported incidents by using Forensic tools like Encase Enterprise version 7.0, Encase E-discovery, open source tools sleuth kits and autopsy on MAC OS, Linux, windows environment and android mobile phones. Investigation involves servlet installation in target machine, image acquisition, and analysis and report preparation.
• Signature analysis & configuration in Intrusion Prevention System.
• Perform various audits like HR, Admin, and Network functions based on company followed Security standards and ISO27001. The audit scope also covers site certification audits and connects audits based on customer security requirement.
• Handle request approval comes for firewall inbound traffic and hosting of web applications in DMZ. The approval process involves understanding the business requirements and security aspects.
• Develop minimum security baseline documents.
• Simulated denial of service attack on the network infrastructure in order to ensure readiness of response in case of any security incident. Tools used to perform DOS attack were Hping, scapy, Hulk and automated python scripts.
• Participate in Proof of concept phase for testing product’s compatibility with the existing network infrastructure and product evaluation based on requirement. Prepared test cases to evaluate Symantec data insight and data loss prevention.
• Developed various scripts to automate the backup process for Websense Forensics module on daily basis.
• Developed a tool in ruby, python, PHP to parse firewall logs and display the output in various format in frontend.

May 2011 – Jun 2011 · 1 mo · Noida

• Web Application Security testing of MAT BI ( Business intelligence tool). Developing algorithm to secure the sensitive data transfer .

Jan 2008 – Aug 2010 · 2 yrs 7 mos

Jan 2008 – Aug 2010 · 2 yrs 7 mos

• Responsible for taking classes of MCA, PGDCA, B.Tech Courses.
• Experienced trainer for programming languages (C, C++, Visual Basic, Java, PHP), RDBMS and networking courses.