Dec 2021 – Nov 2024 · 2 yrs 11 mos · Greater Toronto Area, Canada · Hybrid

• Built AWS services focused on incident response and threat intelligence, significantly strengthening overall security posture.
• https://aws.amazon.com/security-incident-response
• Developed an internal tool to support customer audits, ensuring alignment with AWS compliance and security standards.
• Actively contributed to incident response efforts during major cyberattacks in 2024, demonstrating strong problem-solving skills and deep cybersecurity expertise.
• Led threat modeling for 20+ internal services and applications, and conducted numerous code reviews to uphold security best practices.

Apr 2021 – Dec 2021 · 8 mos

Oct 2018 – Apr 2021 · 2 yrs 6 mos

• Managing Antiviral Products and working in-depth on Malware analysis and Sand boxing Technologies.
• Building on Cuckoo sandbox and High Level Designing and Low Level Designing related to Sandbox on boarding.
• Proof of Concept of new Agent Version and upgrades and test them to check for potential issues within our
• environment.
• My responsibilities are management and implementation of technologies and
• processes relating to assigned Global NIS including issue identification and resolution, integration with other tools,
• documentation, gap assessment, gap resolution and continuous improvement of the capability
• Keep up-to-date, make recommendations, and lead or participate in the implementation and continuous improvement of
• technologies and services
• Work with and provide guidance to Security Operations and other Global Data Protection team activities on security
• strategies, processes, response and technologies.
• Support Incident Response on security incidents including contributing to mock security incident exercises.
• Define, provide, and improve measurement and analysis on the assigned services including the use of appropriate
• applications and tools for reporting
• Participate in projects or initiatives where an IS Security Engineer is needed with a focus on ensuring inclusion of
• information security requirements.
• Participate in audits covering information security services and technologies
• Performing threat hunting based on the anomalies/IOCs/ or any other indicators provided by any of the teams.
• Doing assessment of network related to vulnerabilities and deploying the proper security solution/guidelines.
• Efficiently developed/ automated multiple signals/ Security controls to monitor MS Azure infrastructure.
• On boarding Linux/Mac environment to SOC monitoring based on the Mitre framework.
• Developing in-house automation projects in Python, Power Shell for SOC operations.

Jan 2017 – Oct 2018 · 1 yr 9 mos · Gurgaon, Haryana, India

• Vulnerability Management - Analyze the weekly internal & external infrastructure scan reports to identify and segregate security vulnerabilities per technology.
• Report & Liaise with appropriate platform teams to ensure that vulnerabilities are addressed in a timely manner
• Security Incident Response Handling
• Understand cyber-attack methods
• Perform analysis of security logs in an attempt to detect unauthorized access
• Use vulnerability assessment data to pinpoint potential points of attack.
• Document and contain security incidents detected on the network
• Execute incident response process when a security incident has been declared
• Proxy Maintenance through Bluecoat Director
• Managing Virus Attacks- handling virus outbreak scenarios, by analyzing the impact and following up with vendor to get rapid releases for updating it on workstations/servers
• Closely collaborate with Operations Support on the development or updates of new or existing playbooks
• Perform all administration, management, configuration, testing, and integration tasks related to the SIEM and associated platforms to include content creation, maintenance, and administration tasks
• Develop, implement, and execute standard operating procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/Log Management platforms
• Research, analyze and understand log sources utilized for the purpose of security monitoring, particularly security and networking devices (such as firewalls, routers, severs, anti-virus products, proxies, and operating systems)
• Writing content to detect any suspicious activity in respect to on-prem through log sources like firewall (Palo Alto),
• Creating Dashboards for IP Lookup and Splunk Performance Audit
• Writing Splunk Queries and correlation searches
• Creating Dashboards in SplunkES per business needs

Nov 2013 – Jan 2017 · 3 yrs 2 mos · Noida Area, India · On-site

• Identify security risks, threats and vulnerabilities of Infrastructure i.e. systems, networks, applications and database using various tools & software i.e Nexpose, Damballa, Appscan, Nessus, DB Protect etc.
• Vulnerability Assessment Process Design & Implementation and Integration with Patch Compliance & Audit.
• Advanced Cyber Threat Intelligence, DDOS Monitoring & Coordination
• Security Architecture Review to evaluate and mitigate risks.
• Analyze of IPS/IDS logs for Identifying attacks, malwares and hacking attempts and guidance to support teams
• Analysis of spam, phishing emails(including Spear Phishing) including embedded link & malware analysis
• Guidance and support to other teams in OS and Application level hardening using best practices.
• Designing and Implementation of Encase Enterprise Edition for Forensics and Investigations
• Assistance in product evaluations, recommendation and implementation to enhance security services.
• Establishment and delivery of Information Security Plan under the Global Information Security Project
• Security Self Assessment
• Application Security Testing
• Security and Risk assessment, Security Assurance (compliance/validation)
• Internal and External security audit(s)
• Vulnerability Assessments are performed to evaluate effectiveness of security controls in applications, middleware, databases, network and operating systems
• Information Security Awareness
• Incident Response
• Penetration Testing
• Computer Forensics including email investigation

Feb 2011 – Oct 2013 · 2 yrs 8 mos · Gurugram, Haryana, India

• Freelancer