Jan 2021 – Jan 2023 · 2 yrs · Gurugram, Haryana, India

• 1. Review Software applications for potential security vulnerabilities through Application Security Practices.
• 2. Manage distribution of tasks and track to its closure
• 3. Liaise with delivery groups to understand the implementation and review the output from security
• point of view.
• 4. Understand business requirements, evaluate potential products / solutions and provide technical
• recommendations.
• 5. Be “hands on” with technology and to contribute to design, development and support projects with
• security lens.
• 6. Contribute to evolution of security reviews in accordance with FIL Information Security Standards
• and market best practices.
• 7. Provide diligent and competent service to customers by delivering an impartial and accurate service.
• 8. Foster security awareness and understanding, across the stakeholders
• 9. Imparting the training to the junior team members.

Jun 2019 – Jan 2021 · 1 yr 7 mos · Mumbai, Maharashtra, India

• 1. Executed the role of Cyber Security SME, by helping the customers to understand their IT security requirements and providing them solutions catered to their requirements.
• 2. Helping customer design their IT security policies as per industry standards
• 3. Creating plans for technical reviews of IT systems(Web Applications, Mobile Applications, Databases, Network Devices , Cloud etc) of the customers. The plans involved creation of process to perform the tests along with selection of tools to aid the IT Security Reviews.
• 4. Ensuring appropriate resource and time management for timely delivery of the projects
• 5. Creating reports and presentations for the IT Security reviews performed with help of team members to highlight the security vulnerabilities/defects in the IT Systems
• 6. Helping the customers identify the right fix for the vulnerabilities/defects in their IT Systems.
• 7. Examined the current architecture of the client and recommended a cyber security plan for their organisation including software and hardware changes required.
• 8. Acted as outsourced manager for internal cybersecurity projects of a client catering to OT/ ICS setup creation , Firewall deployment etc

Sep 2017 – May 2019 · 1 yr 8 mos

• As the head of the Advanced Services Group it was my responsibility to ensure that the company vision is executed as planned. Advanced Services Group at Security Brigade deals with services which services like Red Team Exercises, Phishing Simulations, Data Security Audits, Embedded Systems, Policy Reviews (RBI, IRDA , AUA/KUA etc) and any other challenging audits or reviews. My job is to understand the clients requirement and translate that into a service. I like to work with the team to ensure that the teams are executing work efficiently and I have better understanding of the process and work being carried out.
• Below are the key aspects of the current job:
• Handling teams to ensure delivery across services
• handling any escalations and providing firm solutions
• Helping teams with any complex problems that they may be facing
• Automating workflows to make work more efficient
• Reviewing progress of work with team and other departments to ensure KPI's are being met
• Defining services, creating plan to execute them, ensuring proper controls are in place for efficient execution and completion.
• Team handling and motivation
• Handling onsite deployments of teams
• Meeting and presenting work to customer stakeholders to ensure that the work done is in line with expectations and requirements
• Following are the key projects that I’ve taken care of in this capacity:
• Red Team Exercises for Bank and Financial Organisations
• Phishing Simulations for large organisations
• Incident Responses for government and private organisations
• Development of Modules for our internal product
• Managing team of consultants working at a bank on following security aspects - Web and Mobile application audits, VA and PT of internal and external networks, Configuration Reviews of servers and network devices and Policy review as per organisation and RBI guidelines
• Protocol Review, Cryptography review etc
• Policy Reviews such as AUA / KUA

Sep 2015 – Sep 2017 · 2 yrs

• Managing team of consultant’s to ensure that adequate quality is maintained, while ensuring that they learn and grow into the role. Keeping the team motivated to reach their goals.
• Identifying problems and implementing solutions to enhance productivity.
• Implementation of new modules in the system to ensure that the new auditors follow the appropriate steps to provide better audits and sustain quality standards.
• Interacting with clients and managing multiple projects, understanding customer expectations and delivering accordingly , Working with them to help them identify and resolve security issues.
• Performing thorough web, network and mobile application penetration testing audits for various clients using both manual methods and automated tools.
• Understanding the application to better identify the security issues
• Identifying new techniques and methods to perform better security audit
• Writing Scripts to automate the Audit process
• Providing Corporate training to Auditors of other organisations.
• Interacting with sales team and handling pre sales calls to understand customer requirements and suggest solutions to them. Also, helping the sales team in estimating the man days required for a project so that the end cost to the client can be calculated
• Creating Burp extensions to enhance the workflow, increase efficiency and speed.
• Worked on a lot of security audits involving web application penetration testing, mobile application penetration testing (Android,IOS,Windows,Blackberry,Java etc) , network penetration testing, server/network configuration reviews, Incidence Response etc

Sep 2013 – Sep 2015 · 2 yrs

• Worked on more than 200 projects, Performing security audits of following domains:
• Various E- Commerce Applications
• E –Tendering Application
• E - Banking Applications for major banks
• Government Website’s
• Android / IOS/Windows Phone Application’s DRM implementation for a leading media app
• Vulnerability assessment of Networks (Maximum 6000 IP’s at once for a leading email provider)
• Server Configuration Audit for multiple clients
• WAP Applications
• WAP Payment gateways
• Payment Gateways
• Various CMS based web applications ( Drupal, Wordpress, Django etc)
• Various Media Web Applications
• Network Gap analysis activity of corporate networks
• Created Network map for a corporate network
• Firewall , router , database and server configuration reviews to find security issues and recommend best practices
• Security Auditing training to auditors of a leading bank.

Jan 2013 – Aug 2013 · 7 mos · New Delhi Area, India

• Conducting corporate trainings on Information security , Ethical Hacking , Web Application Security.
• Conducting webinars for other trainers across India
• Conducting advanced web application security training (development in php and OWASP)
• Conducted a workshop on network security at CERT-IN , New Delhi.
• Drafting and writing course content for company that can be used while training's

Jun 2012 – Jan 2013 · 7 mos · New Delhi Area, India

• Performing security audits of the servers and workstations in the company and Patch Management
• Performing web audit of the clients website
• Maintaining Network security.
• Managing the UTM to ensure security of the organisation