SUMMARY

• Certified Information security manager (CISM), B - tech graduate, 12+years of experience with knowledge & experience in financial services, Investments - banking and Information Technology industry.
• Senior Cyber security engineer & Information Security professional with a versatile experience of over 12+ years in multiple domains and industries. My ability to quickly “adopt and adapt” Business acumen demonstrates a successful track record of providing leadership and proficiency in conducting Web Application Security Testing, Penetration Testing, Vulnerability Assessments &Security business process development as an Information Security Specialist, Auditor (Risk Assessor). Experience with PAM administration using Cyber ark, Snowflake security administration & KMAAS (Key management as service) administration.
• Experience performing information security risk assessment, policy reviews and gap assessments; Analysis and interpretation of various vulnerability reports and identify issues.
• Knowledge of various open source GRC application,experience of Service Now& GRC.
• Experience conducting and managing social engineering - Phishing test and conducting awareness training campaigns by developing educational videos, flyers, infographics to create security awareness
• Understand and translate technical issues into business implications for technical and business stakeholders.
• Awareness of current and emerging information regarding security threats, techniques, and landscape.
• Experience different Microsoft solutions like - Access, Excel, Word,Powerpoint, Outlook.
• Knowledge and hands-on experience on creating SharePoint workflows and forms.
• Team player and can communicate with colleagues at all levels of understanding and responsibility.
• Good communication and interpersonal skills, Analytical, time-management, and problem-solving skills
• Experienced in researching, retrieving, and organizing business data and preparing reports
• Knowledge of LAN/WAN networking concepts - TCP/IP, routing and switching, OSI Layer, Packet Analysis, Logs, Endpoint and network protection, port and internet protocols and scripting languages.
• Business Analysis, Report writing, Presenting and documentation skills using tools like Visio.
• Work on cross-functional teams with various stakeholders on assignments under tight deadlines.; Organized, Self-motivated, quick learner & Team player

TECHNICAL SKILLS

DAST Tools: Burp Suit, Qualys, Nmap, OWASP ZAP Proxy, IBM AppScan, SQLMAP

Network Security Tools: Nessus, Nmap, NSE Scripts, net cat, Metasploit

Databases: Oracle, MS-SQL Server, MS Access

Operating Systems: Kali Linux, Parrot OS, Windows 95/98/NT/2000/2003/NT/XP, Vista, Windows 7, DOS Solaris (UNIX)

Reporting tools: Power BI & Tableau

Methodology: Agile/Scrum

PROFESSIONAL EXPERIENCE

Senior Cyber Security Engineer

Confidential

Responsibilities:

• Security administration on Snowflake which is cloud-based data warehouse.
• Monitoring usage of Snowflake to meet organization’s audit and compliance requirements.
• To query who has access to what objects and to query roles view to find when they were created or deleted on snowflake.
• To implement object level access control & column level access control
• Analytics & Intelligence - To leverage analytics and intelligence gathering to identify and detect & prevent attacks as quickly as possible using tools like Power BI.
• Encryption & key management - Managing the full lifecycle of cryptographic keys using centralized key management service called key secure which includes generating, using, storing, archiving, and deleting of keys Also responsible for managing high availability & business continuity of key management as a service.
• Jsonar/Splunk support for snowflake platform to generate reports on all the activities done in the snowflake and to analyze snowflake grantee privileges.
• Active Directory- Understands security principles&best practices regarding Access Management/Windows/Active Directory.
• File System Management experience on Windows serversFile Shares. Understands Share and NTFS permissions. Is familiar with Windows Server Administration Tools: experience in running PowerShell scripts.
• Subject matter expert in Information security management, architecture, administration

Senior Cyber security Analyst

Confidential, California

Responsibilities:

• Performing Dynamic Scan (DAST) by using automated tools, manual tools analyzing false positives &
• Experience with Injection, Broken authentication, sensitive data exposure, cross site scripting, security misconfigurations, XML
• High availability, scalability, and security of applications & to Perform Web Application Penetration Testing as per OWASP Top 10.
• Sound knowledge of open-source Security Testing Tools such as Burp suit (Prof), CSRF Tester and Mozilla Firefox plug-ins & Sound knowledge of Network Security Testing Tools such as Nmap, Nessus, Metasploit
• Assist application team in the understanding of risk and impact of identified issues and follow up with them to the closure of the vulnerabilities
• Strong knowledge on networking concepts.
• CyberArk (PAM administration)
• IAM Administration
• Excellent knowledge of Identity and AccessManagementpractices
• Integrate applications with Okta for SSO using SAML 2.0
• Configure multifactor authentication solutions
• Experience with LDAP / Active Directory
• Strong understanding of Kerberos & Understanding of user lifecycle management
• Third Party information security Auditor
• Responsible for conducting online & Self Assessments of vendors across India, EMEA, US, APAC regions covering ISO 27001, PCI-DSS, and ISO 22301, SOX etc. standards.
• Experience with SOC1,SOC2,SOC3
• Experience with Business continuity planning.
• Execute common, standardized third-party risk management processes, managed centrally by the TPU, including gathering documentation and third-party artifacts, researching third party information, and inputting data into relevant repositories.
• Understand the business processes in operation to identify information security risks and implement effective mitigating control measures to manage such risks.
• Conduct interviews, document client processes and procedures, review documents, and prepare work papers.
• Review Third Party or Vendor infrastructure against various standards as mentioned above and provide remediation plans.
• Working knowledge of RSA Archer Vendor Management software.
• Conducted security assessments on low and moderate systems using NIST framework.
• Promoted awareness of security issues among management and ensure sound security.
• Ensured that system security measures are taken to protect personal identifiable information enhanced and optimized existing log potential security incidents, unauthorized configuration changes and policy violations.
• Responsible for assessing the management, technical & operational controls and developed, modified security policies in accordance with NIST, FISMA.
• Documented & reviewed System security plans (SSP), Contingency plans (CP), Contingency plan tests (CPT), Privacy impact assessment (PIA), Plan of action & milestone (POA&M) & risk assessment (RA) documents as per NIST 800 guidelines.
• Drafted security assessment reports and security requirements traceability matrix to identify security controls that were tested and examined following assessment efforts.
• Assisted with investigation of security events like unauthorized access to determine breaches & remediation steps.
• To create security categorization document to provide security categorization level using NIST 800 standards.
• Understanding on cloud-based services (SAAS, PAAS, IAAS)
• Familiarity and understanding of the NIST CSF, SOC1, SOC 2, ISO27001 and other security frameworks.
• Experience defining key metrics data elements to track compliance with, and effectiveness of, identified controls.
• Experience analyzing, rationalizing, and advising backlog prioritization based on where cyber control gaps to drive remediation efforts.

IT security engineer

Confidential

Responsibilities:

• User administration for multiple platforms like mainframe, AS400& UNIX. iSeries Operations: Restarting jobs, adding new jobs to job schedulers, responding to messages in Batch jobs, Object locks. Object authority and security.
• FTP scripts: To write FTP scripts for moving commands, programs, and any object from oneAs400 system to other system.
• Ensuring the services and all components are monitored and running according to agreed SLA’s.
• To manage overnight production batches by providing online production support.
• Audit and compliance: Representing iSeries infrastructure as primary liaison to audit teams during internal audits and 3rd party audits and as a security liaison for compliance analysis (SOX)
• Continuous auditing: Configured native iSeries tools such as Controlsa