Saurabh Arora

CEO

Gurugram, Haryana, India15 yrs 6 mos experience

Highly Stable

Key Highlights

15+ years of experience in security engineering.
Expertise in cloud security across major platforms.
Proven track record in incident response and threat management.

Stackforce AI infers this person is a Cloud Security and Infrastructure Specialist with extensive experience in B2C and B2B environments.

Contact

Skills

Core Skills

Cloud SecurityIdentity ManagementContent SecurityThreat ManagementSecurity EngineeringSoc OperationsThreat DetectionNetwork SecurityInformation SecurityData Security

Other Skills

API log analysisAPPsec engineeringAWS securityAnti-VirusAntivirusAzure securityCCNACheckpointCisco TechnologiesCloud security controlsCloud security engineeringCybersecurityData Loss PreventionDevsecopsDisaster Recovery

About

Security Professional having around 15+ Years of experience in security with in depth experience of different kind of Infrastructures: -Security for Infrastructure at scale (Beauty, fashion, trending , OTT and Gaming) -Security for Infrastructure with HVA ( Banking and Pharmaceutical) -Security for Infrastructure with custom requirements for R&D Area of specialisation ---------------------------------------------------------- -> Enterprise Infrastructure Security and Layered Defense -> Cloud security (AWS, Azure and GCP) -> Identity for employees and customers at scale (Open source and Enterprise solutions (Okta Savyint) ) -> Data security and governance -> Content security -> Data driven security -> Incident response and threat management (SIEM, SOAR, BAS) -> Threat and vulnerability management -> Protocol analysis and Attack research -> Business continuity and Disaster recovery planning -> Web application and API security -> Product APP security (Android and iOS) -> Engineering secure solutions and solutions for security -> Securing Micro service architecture (Containers and Kubernetes) -> Security using ML models -> Devsecops

Experience

Zee - technology & innovation

3 roles

Vice President Security engineering

Promoted

Apr 2023 – Jan 2024 · 9 mos

Heading security engineering effort for the overall Zee entertainment:
Cloud security engineering (AWS/GCP/Azure)
Identity engineering (Cloud / Azure/ On-Prem)
Log engineering and SIEM content engineering
APPsec engineering (Devsecops and Threat modelling)
Product security (APP security, API security and Pentest)
Security for GenAI workloads and data workflows.
Content security (AVOD, SVOD and TVOD channels)

Cloud security engineeringIdentity engineeringLog engineeringSIEM content engineeringAPPsec engineeringProduct security+3

Director Security engineering

Promoted

Oct 2021 – Jun 2023 · 1 yr 8 mos

Responsible for engineering Cloud security controls encompassing all three major Public clouds (AWS, Azure and GCP). Engineering and strategizing solutions which are cloud agnostic and support organization multi cloud strategy
Responsible for ensuring Content security for SVOD, AVOD and Live content involving niche technologies like DRM, Watermarking and Takedown technologies. Engineering new innovative solutions and thoughts across the organization to deal with Content piracy.
With Zee dealing with million of user's data everyday. Data security become interesting problem, while solving security issues for data security and privacy at scale.
Dealing with billion API logs to identify the malicious patterns using in-house correlation built on customized ELK. And security log engineering for usual data sources.

Cloud security controlsContent securityData securityAPI log analysisSecurity log engineeringCloud security

Technical Lead Security (Zee5)

Dec 2020 – Oct 2021 · 10 mos

Leading security initiatives at the fastest growing OTT player (Zee5):
Leading cloud security (AWS and Azure)
Building SOC framework and associated components
Building Threat and vulnerability management program
Secure architecture design and review
Web application security
Product security
Devsecops
IAM

Cloud securitySOC frameworkThreat and vulnerability managementSecure architecture designWeb application securityDevsecops+1

Gartner

Senior Security Engineer

Jul 2016 – Dec 2020 · 4 yrs 5 mos

IC role responsible for Cloud security:
Leading Azure security
Migration of On-Prem INFRA to Azure
Creating secure base infra for asset migration
Creating secure pattern for using Azure services
Creating SOC pipeline and processes for SIEM
Ensure security for IAAS, PAAS and SAAS workloads
Contribution to AWS security
Migration of security related workloads into AWS using AWS services
New Solution creation:
Built tamper monkey plugin to add additional capability for mitigation on EDR portal.
Created solution for Software installation approval workflow enhancing capability of Privilege management solution.
Security using new ML models in UEBA solution

Cloud securityAzure securitySOC pipelineSIEMAWS securityML models+1

Microsoft

2 roles

Security Analyst II (S Level: 62)

Jun 2015 – Jul 2016 · 1 yr 1 mo

IC role in building the SOC operation for Windows device Product group (WDG). WDG includes OS build environment, XBOX, XLIve, Universal Marketplace, Nokia:
Building foundational structure around the SOC (Playbooks, Investigation KB)
Building co-relation ruleset content for attack related scenarios
Building practice for raw log threat hunting based on TTP's
Perform triage on the alerts triggered
Integration of OS forensic tools for attack forensic
Using ML and Big data for threat detection and creation of visualisations
New solution creation:
Created solution in C# and Powershell for simulating the attack vector with 100 attack modules
Created solution in C# and python used for crawling internet for abuse of any internal information.
Performed integration of Nokia infrastructure security including systems and processes into Microsoft ecosystem

SOC operationsThreat huntingForensic toolsML and Big dataThreat detection

Security Analyst II (S Level: 61)

Jan 2014 – Jun 2015 · 1 yr 5 mos

Wipro infotech

2 roles

Technical specialist Security

Jun 2013 – Jan 2014 · 7 mos

Leading the Network and Security team for leading Public sector bank.
Building and leading technical team of 20 people with focus on Network and Information security:
Implementation of network and security controls
Setting up SOC operations for bank
Ensuring bank compliance to ISO 27001:2013, PCI DSS auditing standards
Security awareness within teams and customer
Innovating custom solutions and automation scripts to ensure continuous security
Cultivating skillset in team to perform Attack analysis, Signature analysis, Protocol analysis

Network and Information securitySOC operationsISO 27001 complianceNetwork securityInformation security

Senior Security Engineer

Jan 2011 – Jun 2013 · 2 yrs 5 mos

Religare technologies limited

Senior Information Technology Specialist

May 2010 – Jan 2011 · 8 mos

Handling Information Security operations for leading Pharmaceutical company (Ranbaxy):
KRA: Responsible for handling Anti-Virus, Data Loss Prevention, HIPS (Host Intrusion Prevent system), NIPS (Network Intrusion Prevention system) suite along with monitoring for assets using SIEM

Anti-VirusData Loss PreventionHIPSNIPSSIEMInformation security+1

Hcl technologies (infrastructure services division)

Network security analyst

Jul 2008 – May 2010 · 1 yr 10 mos

Handling Information Security operations for leading chip manufacturing company (Micron technologies):
First job straight out from the college. Excited to enter a new world with hands-on to the technology.
KRA: SME for Anti-Virus, Data Loss Prevention, HIPS (Host Intrusion Prevent system), NIPS (Network Intrusion Prevention system)

Anti-VirusData Loss PreventionHIPSNIPSNetwork securityInformation security