SUMMARY

• To utilize my expertise in SecOps, DevSecOps principles and practices to provide strategic guidance and practical solutions to organizations seeking to integrate security into their software development lifecycle.
• My goal is to help clients achieve a high level of security and compliance while maintaining agility and efficiency in their software development processes.
• I aim to be a trusted advisor and partner, leveraging my technical knowledge and experience to drive innovation and enable successful digital transformations.

TECHNICAL SKILLS

• DevSecOps
• Web Application Security
• Security Research
• Source Code Review
• OWASP Top 10
• Vulnerability Assessment & Management
• SAST
• DAST
• SCA
• Penetration Testing

PROFESSIONAL EXPERIENCE

DevSecOps Consultant

Confidential

Responsibilities:

• My role as a DevSecOps consultant involves the implementation of a Secure - SDLC and DevSecOps pipeline
• Engaged in continuous research on industry standard security tools and have implemented several of them in my work, including Burp Suite Pro for both manual and automated penetration testing, Veracode for Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), and Dependency Track for Software Composition Analysis (SCA)
• Facilitated the integration of security tools in the DevOps pipeline for agile teams.
• Provided necessary training on the usage of the security tools and defining governing policies as the Security Definition of Done
• Reviewed the findings from SAST, DAST, SCA, Manual Pen Tests to perform False Positive analysis and Vulnerability Management to ensure that any identified vulnerabilities are appropriately risk-assessed and effectively mitigated
• Collaborating with the development teams to educate them on security vulnerabilities and their corresponding mitigations.
• This ensures that the teams are equipped to handle security issues in an agile development environment
• Monitoring system logs, SIEM tools and network tra c for unusual or suspicious activity. Interpret such activity and make recommendations for resolution.
• Lead and respond to security incidents and investigations and targets reviews of suspect areas.
• Consult on teams to resolve issues that are uncovered by various internal and third-party monitoring tools. Identify and resolve root causes of security-related problems
• Create Policies, Procedures, Reports, Metrics, and provide network and host-based security to each host within the organization.
• Monitored and identi ed any suspicious events using the Con dential ESM console and raise a ticket.
• Integrated di erent devices data to Splunk Environment and created dashboards and reports in Splunk.

SOC Analyst

Confidential

Responsibilities:

• Conducted research on the known vulnerabilities in open-source packages (CVEs).
• This involved manually analyzing the source code, with a focus on the attack scenario, attack vectors, potential mitigations and impact on the CIA triad
• Conducted internal penetration testing for all the web applications, identifying and reporting any security vulnerabilities discovered.
• Collaborated with external vendors to conduct annual third-party penetration testing.
• This comprehensive approach helps ensure that all potential security issues are identified and addressed.
• Reported vulnerabilities like Missing Security Headers, Broken Access Control, Use of Weak or Risky Cryptographic Algorithms, XSS, HTML Injection etc.
• Performed Risk Assessment using DREAD model for all the reported security vulnerabilities to prioritize the remediation efforts
• Speaker at numerous Security Brownbag sessions, sharing my knowledge and viewpoints on a range of security-related topics.
• Furthermore, I am deeply involved in developing programs designed to enhance the security culture in the organization.
• These programs comprise training programs, awareness campaigns, and ongoing educational activities that promote best practices and guarantee that security remains a top priority for all the employees.

System Analyst

Confidential

Responsibilities:

• Provides quick problem-solving by correcting user errors, and system inconsistencies
• Service Now and BMC ITSM tools used to create and track the requests queue.
• Ensure service levels (SLA) are maintained for ticket updates, customer, and communication per IR priority.
• Responsible to provide technical support for Installation, Configuration, and administration-related issues
• Have good knowledge of working with Lotus notes, installation and solving issues related to the application.
• Determined training needs for onboarding employees and prepared a suitable training program to enhance their operational efficiency leading to increased productivity
• Solve the technical problems with Windows 7, Outlook, McAfee Bit locker, Connected Backup Client, LANDesk, MobileIron, Live meeting etc.
• Troubleshoot MDM related issues (server specific as well as end user device issues) by assisting end users (via telephone and/or e-mail, when needed).
• Managing User accounts and troubleshooting customer complaints on corporate devices.
• Creation of client-related tool accounts and setting of Lync/voicemail for the new user and assigning assets to the users.
• SME for O365 for the Chatham location and responsible for providing solutions to new issues.
• Worked on a project of transitioning local servers to a cloud platform.