Jan 2025 – Apr 2025 · 3 mos · Kolkata, West Bengal, India · On-site

• Responsibilities :
• Conducting Vulnerability Assessment and Penetration Testing (VAPT) to secure inhouse critical Web Applications within the organization, identifying potential threats & remediating security weaknesses to enhance application security posture.
• Participated in the ISO/IEC 27001:2022 transition audit for clients, contributing to compliance efforts for major infrastructure units including Hydro Power Plants, Thermal Power Plants, Gas-Based Power Plants, and the State Data Center. Assisted in updating policies, risk assessments, and controls in alignment with the revised standard.
• Involved in ISO/IEC 20000-1 IT Service Management (ITSM) internal audits, Assisted in updating policies & risk assessments.
• Collaborated with cross-functional teams, including IT, operations, and audit, to ensure timely mitigation of identified non-conformities and alignment with best practices in information security and service management.
• Supported documentation and evidence collection for external audits and compliance verification, contributing to improved audit readiness and reduced risk exposure.

Nov 2023 – Jan 2025 · 1 yr 2 mos · Chennai, Tamil Nadu, India · Hybrid

• Responsibilities :
• Conduct comprehensive penetration tests on various systems, networks, and applications to identify vulnerabilities and potential security risks.
• Utilize various tools and techniques to simulate real-world cyber attacks and assess the effectiveness of existing security measures.
• Collaborate with cross-functional teams to develop and implement remediation plans to address identified vulnerabilities and strengthen overall security posture.
• Prepare detailed reports documenting findings, including vulnerabilities discovered, potential impact, and recommended mitigation strategies.
• Stay current with emerging threats, vulnerabilities, and industry best practices to continually enhance penetration testing methodologies and approaches.
• Provide guidance and support to stakeholders on security best practices, including secure coding principles, configuration management, and access control.
• Conduct security awareness training sessions to educate employees on common security risks and preventive measures.
• Participate in incident response activities, including investigating security incidents, analyzing root causes, and implementing corrective actions to prevent recurrence.
• Collaborate with external security vendors and partners to leverage expertise and resources in addressing complex security challenges.
• Contribute to the development and improvement of internal security policies, procedures, and standards to align with industry regulations and compliance requirements.

May 2023 – Oct 2023 · 5 mos · Kolkata, West Bengal, India

• Responsibilities :
• My primary task is to swiftly detect and evaluate security incidents, including malware outbreaks, unauthorized access attempts, and potential data breaches.
• Utilize the MITRE ATT&CK framework to conduct in-depth threat assessments. Assess the severity and impact of observed or potential threats to comprehensively understand our threat landscape.
• Delve into security incidents and assessments to uncover adversary tactics and techniques. This insight enhances our ability to proactively counter threats.
• Leverage the MITRE ATT&CK framework to map adversary tactics, techniques, and procedures (TTPs).
• Specialize in SCADA systems, including HMIs, PLCs, RTUs, and communication protocols. Detect security vulnerabilities, misconfigurations, and potential weaknesses exploitable by malicious actors.
• Test our client's security controls by simulating cyberattacks, including penetration tests, ethical hacking, and red teaming. In SCADA and network infrastructure, perform controlled penetration tests and ethical hacking to mimic cyber threats and evaluate system security.
• Assess client's network infrastructure, web applications, and mobile applications to uncover security flaws, bolstering our overall defense against potential breaches.
• Evaluate client's organisation vulnerability to human-centric tactics like phishing and pretexting through social engineering tests. This reveals potential weaknesses in our human security defences.
• Create meticulous penetration test reports detailing findings, risks, and recommended remediation strategies.

Nov 2022 – Present · 3 yrs 4 mos · Kolkata, West Bengal, India

• I have remained dedicated to equipping law enforcement professionals with the skills and knowledge necessary to combat cybercrime effectively. My achievements reflect my commitment to the institute's mission and its role in safeguarding India's digital landscape.

Jan 2020 – Apr 2023 · 3 yrs 3 mos · Kolkata, West Bengal, India

• Responsibilities :
• Employ specialized tools and techniques to conduct thorough forensic analysis of digital evidence, revealing the extent and implications of security incidents.
• Collecting information from diverse open sources, including social media, online forums, news articles, websites, and public databases.
• Analyze the gathered data to extract actionable intelligence, pinpointing trends, patterns, and potential threats relevant to our organization's security.
• Keeping a vigilant eye on online threats, cyberattacks, and emerging vulnerabilities. Track underground forums, hacker communities, and dark web activities for early threat detection.
• Utilizing geospatial data, satellite imagery, and mapping tools to scrutinize geographical information, furnishing location-based intelligence.
• Collecting information on foreign governments, non-state actors, and adversaries to assess their capabilities, intentions, and strategies. This aids various Government Intelligence Agencies in strategic decision-making.
• Continuously monitor social media platforms and online communities to track discussions, sentiments, and trends with potential national security implications.
• Investigating hidden corners of the internet, including the deep and dark web, to unearth potential threats, illicit activities, and critical intelligence. Share findings with relevant Government Entities.
• Producing comprehensive and classified OSINT reports, briefings, and assessments. These documents provide actionable intelligence to high-level decision-makers and government officials, empowering them to make informed choices regarding national security.

Nov 2017 – Dec 2019 · 2 yrs 1 mo · Kolkata, West Bengal, India

• Responsibilities :
• Skillfully gather digital evidence from diverse sources, including computers, mobile devices, servers, cloud platforms, and network logs. Uphold the integrity and chain of custody throughout the process.
• Safeguard the integrity of digital evidence through meticulous measures. This includes creating forensic images, maintaining detailed evidence logs, and implementing safeguards against tampering or data loss.
• Employ specialized forensic tools and techniques to scrutinize digital evidence. My aim over here is to unearth patterns, traces of malicious activities, or any unauthorized access, shedding light on complex investigations.
• Rise to the challenge of recovering data from damaged or deleted files. My expertise can salvage critical information essential to investigative endeavors.
• Delve into network traffic and logs, acting as a vigilant guardian against intrusion attempts, unauthorized access, or any suspicious activities that could compromise digital security.
• Chronicle digital events and actions to construct chronological timelines. These timelines serve as blueprints, aiding in the meticulous reconstruction of incident sequences.