Mar 2020 – May 2021 · 1 yr 2 mos · Gurugram, Haryana, India

• Devised and executed a comprehensive cyber security roadmap, aligning security initiatives with overarching business objectives.
• Supervised security operations, incident response, and vulnerability management to ensure prompt detection and mitigation of threats.
• Introduced a robust security awareness training program, resulting in a 25% reduction in security incidents attributed to human error.
• Spearheaded the successful rollout of multi-factor authentication (MFA) organization-wide, bolstering access controls and mitigating the risk of unauthorized access.
• Partnered with external stakeholders and vendors to enforce security best practices and uphold compliance with industry standards.
• Conducted thorough security risk assessments and audits to pinpoint vulnerabilities and deficiencies in security posture, leading to the implementation of effective risk mitigation measures.
• Orchestrated the successful deployment and configuration of Web Application Firewall (WAF) solutions across critical web applications, resulting in a 40% reduction in web-based attack risk.
• Devised and enforced custom WAF rules to fortify defenses against emerging threats and zero-day vulnerabilities, bolstering overall security resilience.
• Collaborated closely with development teams to seamlessly integrate WAF into the software development lifecycle, conducting code reviews and advocating for secure coding practices.
• Communicated complex data security concepts to non-technical stakeholders, facilitating a clear understanding of data risks and mitigation strategies.
• Established and implemented an application security program encompassing policies, standards, and guidelines to promote secure coding practices organization-wide.
• Conducted comprehensive application security assessments and penetration testing to identify vulnerabilities and offer remediation recommendations.
• .

May 2018 – Mar 2020 · 1 yr 10 mos · Gurugram, Haryana, India

• Led a team of analysts in monitoring and responding to security incidents, reducing mean time to detect (MTTD) and mean time to respond (MTTR) by 40%.
• Developed and implemented standard operating procedures (SOPs) for incident handling and coordinated with cross-functional teams for incident resolution.
• Conducted regular security awareness training for employees, significantly reducing the number of successful phishing attacks.
• Oversaw the implementation and management of security information and event management (SIEM) tools to enhance threat detection capabilities.
• Successfully led the response to a major cyber incident, containing the threat, conducting forensics, and implementing corrective actions to prevent recurrence.
• Collaborated with vendors to evaluate and procure security technologies, ensuring the SOC has access to the latest tools for threat monitoring and incident response.
• Communicate complex DLP concepts to technical and non-technical stakeholders, ensuring a clear understanding of data security risks and DLP strategies.
• Foster open communication and collaboration within the DLP team and with other departments to achieve organizational data protection goals.
• Deliver concise and informative reports to senior management and executives, providing insights into data security incidents, trends, and mitigation efforts.

Mar 2015 – May 2018 · 3 yrs 2 mos · Gurgaon, India

• Headed a team of email security analysts, resulting in a 40% reduction in successful phishing attacks by implementing improved email filtering and conducting user awareness programs.
• Implemented and maintained advanced email security solutions, including SPF, DKIM, DMARC, and email encryption, to safeguard sensitive data and enhance email deliverability.
• Conducted comprehensive email security training and awareness sessions for employees, equipping them to recognize and report suspicious emails, thereby minimizing the risk of email-based threats.
• Directed incident response initiatives for email security incidents, collaborating with IT and compliance teams to investigate and address email-related breaches effectively.
• Collaborated with external vendors to assess and acquire cutting-edge email security technologies, ensuring robust defense against evolving email threats.
• Led a team of Vulnerability Assessment and Penetration Testing (VAPT) specialists in conducting security assessments, leading to the identification and remediation of critical vulnerabilities across the organization's infrastructure.
• Developed and refined the VAPT methodology, incorporating the latest tools and techniques to ensure comprehensive and effective security testing.
• Conducted penetration tests on web applications, networks, and mobile applications, offering actionable recommendations for risk mitigation.
• Worked closely with development teams to conduct secure code reviews and provide guidance on adopting secure coding practices.
• Effectively managed and coordinated third-party security assessments and penetration tests, ensuring adherence to industry standards and regulations.
• Orchestrated incident response efforts concerning VAPT findings, collaborating with IT and security teams to address identified vulnerabilities promptly.

Nov 2013 – Mar 2015 · 1 yr 4 mos · Noida, Uttar Pradesh, India

• Key responsibilities included:
• Conducting Static and Dynamic code analysis to identify and address security vulnerabilities.
• Implementing Symantec Email Security Gateway to enhance email security and prevent threats.
• Performing Vulnerability Assessment and Penetration Testing (VAPT) using tools such as Nessus and Qualys.
• Establishing a Security Operations Center (SOC) Team for monitoring security events in alignment with the Stride Framework.
• Serving as the Single Point of Contact (SPOC) for Internal Audit, overseeing both internal and external compliance audits for ISO 27001:2013.
• Defining policies, procedures, and guidelines to meet compliance requirements.
• Ensuring the closure of security findings in accordance with compliance requirements.
• Deploying real-time asset discovery and asset inventory management tools to maintain an up-to-date inventory of IT assets.

Oct 2012 – Oct 2013 · 1 yr · Greater Hyderabad Area

• Key responsibilities included:
• Ensuring the Cyber Security posture for 16 esteemed clients of Mahindra Satyam.
• Performing Vulnerability Assessment and Penetration Testing (VAPT) and following up until the closure of identified vulnerabilities.
• Conducting Application Code reviews, encompassing both static and dynamic analyses.
• Investigating Cybersecurity incidents through Security Information and Event Management (SIEM) and Intrusion Detection and Prevention Systems (IDPS), and executing remediation actions.
• Implementing device hardening measures to enhance the security of systems and devices.

Jun 2010 – Oct 2012 · 2 yrs 4 mos · Greater Hyderabad Area · On-site

• Key responsibilities included:
• Monitoring Cyber Security Incidents using Security Information and Event Management (SIEM) and Intrusion Prevention Systems (IPS).
• Contributing to the compliance team and conducting internal spot audits to ensure adherence to regulatory and organizational compliance requirements.
• Managing Anti-virus solutions and ensuring their effective operation to safeguard against malware threats.
• Implementing device hardening measures for all on-premises devices to enhance their security posture.