Sep 2024 – Present · 1 yr 9 mos

Nov 2022 – Sep 2024 · 1 yr 10 mos

• 1. Conducting vulnerability assessments and penetration testing to identify weaknesses in systems and networks
• 2. Analyzing and prioritizing vulnerabilities based on their severity and potential impact
• 3. Developing and implementing vulnerability management plans and strategies
• 4. Providing guidance and recommendations on how to mitigate identified vulnerabilities

May 2022 – Nov 2022 · 6 mos

• 1. Understanding of vulnerability management processes and tools: I have learned about the different stages of vulnerability management, including discovery, scanning, prioritization, remediation, and verification. I have also worked with tools such as vulnerability scanners, patch management systems, and ticketing systems.
• 2. Knowledge of common vulnerabilities and exploits: Through my work, I have gain quite good information that how in an organization vulnerability management team is much required as a defensive perspective.

Jan 2022 – Present · 4 yrs 5 mos

• Led Real-time Threat and Vulnerability Management, Risk Management & Assessments for a diverse clientele including multinational corporations (MNCs), banks, and non-profit organizations, overseeing vulnerability scanning, assessment, prioritization, and tracking for over 100k assets. (from Implementation till automation of the VM process) Analyzed IT infrastructure security using expertise in various security tools (Qualys, nmap, Nessus, Rapid7, CrowdStrike, Sentinel One) to identify, classify, and prioritize vulnerabilities, minimizing false positives and proposing effective remediation solutions. Work and developed the automation of vulnerability management process with the help of a dedicated developer’s team. Aggregated vulnerabilities across assets, assigning appropriate risk levels to guide mitigation strategies and resource allocation within the organization. Proactively identified and reported critical system defects, preventing potential cyber intrusions and safeguarding company & client data, filtered false positives while investigation them deeply and providing out of the box solutions for the vulnerabilities to the IT Infra, Developers, DB and etc. teams. Conducting operating system hardening & compliance reviews and scans using Qualys, including tweaking custom controls. Collaborated with cross-functional teams (e.g., IT Operations, Development) to implement industry best practices in cybersecurity, reducing the organization's overall cyber risk profile. Prepared and presented comprehensive vulnerability management reports to CISO and Tower Heads. Worked on strategic reporting to remediate stale and aged vulnerabilities, collaborating weekly with cross-functional teams to ensure timely closure. Managed user account provisioning in the Vulnerability Management (VM) platform and performed quarterly access reviews in compliance with organizational security policies.