Experience Summary:

• Over 8 years of experience in IT Telecom Industry in Information Security. Having worked with larger organizations and larger teams to lead and implement security related projects. Experience in performing Security Assessments, Access Management, Risk Assessments, IT Policy Process Creation, observation and closure of Internal External IT Audits.
• Work experience in Vulnerability Assessment and Penetration testing, Log Management, Application Security, Audits and Compliance.
• Hands-on with Asset Profiling, Risk Assessment, Web Application Vulnerability Assessment, Penetration Testing, Policy definition, Business Application Security Assessment, Log Management, Audits and Compliance.
• Expertise in Information Security Controls IS Audits, Risk Management, and managing security processes.

Areas of Expertise:

• Vulnerability Assessment Penetration Testing
• Application Security

• Network and System Security
• Risk Assessment / Impact Analysis
• Authentication Access Control
• Regulatory Compliance
• Patch Management

Technical Skills:

• Security Technologies: Nessus Vulnerability Scanner, ISS Security Scanner, IBM App scan, Retina Network Security Scanner, NMap, Wireshark, Email Security tools, IPS, IDS, Snort, HIPPA, PCI DSS
• Networking:, LANs, WANs, VPNs, Routers, Firewalls, TCP/IP, PGP , PKI
• Systems: Unix-Based Systems Linux , Windows all
• Software: MS Office Word, Excel, Outlook, Access, PowerPoint

Strength:

• Focus on client satisfaction by effective communication and clear understanding of the requirements related to information security.
• Demonstrate capability in successfully taking on new initiatives, building up teams and security processes from scratch.
• Possess excellent leadership and team building skills.

Professional Experience:

Confidential

Information Security Analyst

Support Revenue Growth through deployment of tools to help automate the execution and Technology in the area of information Security and Identity Management. Support SLA attainment targets for information security processes.

Role Responsibilities:

• Assist in the development of security architecture and security policies, principles and standards.
• Works with business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments. Components of this activity include but are not limited to: Business system analysis.
• Communication, facilitation and consensus building.
• Assists in the coordination and completion of information security operations documentation.
• Works with information security leadership to develop strategies and plans to enforce security requirements and address identified risks.
• Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle.
• Works with IT department and members of the information security team to identify, select and implement technical controls.
• Develops security processes and procedures, to ensure that security controls are managed and maintained.
• Advises administrators on normal and exception-based processing of security authorization requests.
• Researches, evaluates and recommends information-security-related hardware and software, including developing business cases for security investments.
• Specialties: Information Security Risk Management.
• Vulnerability Assessment Closure.
• Analyze Process Gaps and map it to Global Service Delivery.

Confidential

Information Security Analyst

This project is aimed at improving the capability of automation of the vulnerability scanning to overcome the shortcomings in the Nessus scanner which was deployed in customer's telecom circles prior to implementation of Internet Security Scanner ISS .

Role Responsibilities

• Detailed study has been made for the product and POC has been done for project.
• Coordinated with vendor for the installation of site protector application in enterprise server.
• Troubleshoot the Proventia Management Site Protector devices and upgraded the latest firmware.
• Documented all the user manuals of site protector, lessons learned from best practice and guidelines of troubleshooting steps.
• Compared the nessus reports with ISS reports and inputs were shared with management to make it operational.
• Defined policies in site protector console for the group settings, signatures, update settings and scan control settings.
• Maintain the purging of database server components in site protector.
• Scope to be covered in Vulnerability Assessment VA process reports are identified and shared with management.

Vulnerability Assessment and System Index

• Worked as a team lead of Vulnerability Assessment and Threat Mitigation.
• Management of IBM ISS Proventia enterprise scanner for the client.
• The vulnerability scan was completed as per the schedule and then coordinated with the various circle
• SPOCs for closure of the discovered vulnerabilities. Review the Vulnerability Assessment reports for devices on the client's IT Infrastructure. Also emphasize on early closure of the discovered vulnerabilities without any business impact.
• Meeting SLA and enhancement of Security compliance
• Ensured SLA's and SLO's on the Security Compliance parameters are met.
• Work with the project team to rollout the tools which will enable the automation of the key SLA parameters like VA, SI and BH and enable us to enhance the security compliance posture.
• Audit Observations, closure and mitigation
• Worked with client circle teams for closure of audit observations related to process compliance within committed timelines
• Reduce process related observations through enhancement in the process compliance postures through operational improvement and user trainings.

Confidential

Role: Information Security Specialist

Role Responsibilities:

• Handling Incident related to information security.
• Research and analysis of latest viruses and threats.
• Tracking of defaced websites and analyzing relevant logs.
• Vulnerability assessment and penetration testing using security tools.
• Tracking of latest vulnerabilities and creation of vulnerability notes by analyzing the published information as well using information published on various research sites.
• Provide training and presentation internal employees and ensuring satisfactory resolution of their queries.
• Hands on experience on security tools.