May 2021 – Sep 2024 · 3 yrs 4 mos · Gurugram, Haryana, India · Hybrid

• Led enterprise cybersecurity initiatives across multiple branch locations, securing critical insurance infrastructure serving thousands of clients in several countries
• Managed internal penetration testing operations and vulnerability assessments, reducing security misconfigurations through implementation of automated scanning and threat detection systems
• Pioneered threat modeling methodologies for insurance applications and cloud infrastructure, enabling secure digital transformation initiatives
• Established strategic security partnerships with leading vendors for cloud security and cyber risk analytics, enhancing organizational cyber risk quantification capabilities
• Led cross-functional security teams in implementing DevSecOps practices, reducing incident response time and security alert noise
• Developed executive-level security reporting frameworks that enabled data-driven IT security strategy decisions, translating complex threat landscapes into actionable business insights for C-suite leadership
• Coordinated security operations for sensitive customer data protection across composite insurance broking services, ensuring zero data breaches during tenure while supporting business expansion into new markets
• Mentored security engineering teams on emerging threat vectors and implemented comprehensive training programs on secure architecture principles, building organizational security capability and resilience

Apr 2018 – May 2021 · 3 yrs 1 mo · Noida, Uttar Pradesh, India

• Managed internal penetration testing teams across 50+ client engagements, delivering comprehensive security assessments for diverse industry verticals including healthcare, finance, and Government.
• Enabled executive decision-making by providing offensive security perspectives that directly informed IT security strategy implementation, resulting in improvement in client security postures
• Conducted application and network threat modeling with comprehensive architecture reviews, identifying critical vulnerabilities before deployment and preventing potential security incidents
• Pioneered innovative exploitation techniques for complex enterprise environments, discovering previously unknown attack vectors and maintaining success in vulnerability identification
• Authored detailed security reports for both technical teams and executive audiences, translating complex technical findings into actionable remediation strategies that reduced client risk exposure
• Performed advanced network penetration testing utilizing cutting-edge methodologies to identify and exploit vulnerabilities across diverse network infrastructures
• Delivered executive-level security advisements on vulnerability remediation strategies, ensuring clear communication of risk priorities and technical implementation roadmaps
• Specialized in emerging threat vectors and advanced exploitation techniques, contributing to departmental knowledge base and improving assessment methodologies for high-value client engagements
• Maintained strict project discipline and timeline adherence across multiple concurrent security assessments, ensuring quality deliverables and client satisfaction

Sep 2014 – Apr 2018 · 3 yrs 7 mos · Mumbai Metropolitan Region

• Conduct Vulnerability Assessments, Penetration Testing, Device Hardening, Application Security Assessments, Log Review, Review of Documents, Network Monitoring and Reporting
• Conduct and compile findings on new vulnerabilities, new tools for departmental use
• Create project deliverable /reports and assist the immediate supervisor during submissions and client discussions
• Abide by the project time lines and maintain project discipline

Jul 2013 – Aug 2014 · 1 yr 1 mo · Noida, Uttar Pradesh, India

• Web App/Mobile App VAPT, Network VAPT, Firewall and Switch Configuration Review.