Ankit Mittal, Developer in Delhi, India
Ankit is available for hire
Hire Ankit

Ankit Mittal

Verified Expert  in Engineering

Cybersecurity Engineer and Developer

Location
Delhi, India
Toptal Member Since
November 10, 2021

Ankit is a cybersecurity expert with 15+ years of experience in network engineering, security engineering, cloud security, incident response, endpoint security, threat hunting and intelligence, forensics, malware analysis, SIEM, data protection, DevSecOps, networking, and vulnerability management. His expertise is backed by 15+ cybersecurity certifications from vendors such as ISC2, AWS, etc.

Portfolio

Freelance
Information Security, SIEM, Security Orchestration, Automation...
STMicroelectronics
Cloud Security, Audits, Data Protection, CISSP, DevSecOps, VAPT, Microsoft...
Tech Mahindra
Data Protection, Application Security, Security Architecture, Incident Response...

Experience

Availability

Full-time

Preferred Environment

Cybersecurity, Security Operations Centers (SOC), Data Protection, Endpoint Security, Cloud Security, Cyber Threat Hunting, Threat Intelligence, Vulnerability Management, IT Security, Endpoint Detection and Response (EDR)

The most amazing...

...work I've done included building SOCs from scratch with vulnerability management, EDR, data protection, and transforming workloads from on-prem to the cloud.

Work Experience

Security Engineer

2020 - 2024
Freelance
  • Gained experience in AWS native tools, including Amazon VPC, AWS IAM, Amazon EC2, subnets, networking, AWS CloudTrail, Amazon GuardDuty, Amazon Macie, Amazon Inspector, and AWS Security Hub, along with Okta implementation.
  • Directed programs, including threat detection, EDR transformation, cloud security, Okta security, and incident response SOPs, ensuring alignment with regulatory frameworks such as PCI DSS, SOC 1/2, ISO27k, and GDPR.
  • Assisted DevOps in implementing SDLC practices, including threat modeling, penetration testing, and Zero Trust security model adoption in CI/CD pipelines using Jenkins. Gained solid experience in SAST, DAST, SCA, etc.
  • Acted as incident commandant reporting to the CISO, overseeing incident response efforts, researching emerging threats, and leading global cross-functional projects.
  • Managed threat intelligence, threat hunting, forensics, DLP, EDR, email, and cloud security. Worked with ZScaler, Netskope, and Palo Alto for SASE, including Zero Trust, shadow IT, and CASB.
  • Contributed to cloud security and vulnerability management. Enhanced cloud security posture by reducing blast radius, conducting cloud security posture assessments, and vulnerability management. Additionally, gained expertise in AWS native tools.
  • Worked extensively on Splunk, deployed from scratch, and made upgrades.
Technologies: Information Security, SIEM, Security Orchestration, Automation, and Response (SOAR), Endpoint Detection and Response (EDR), Vulnerability Management, Zero Trust, Networking, AWS Certified Advanced Networking - Specialty, AWS Cloud Security, Amazon Virtual Private Cloud (VPC), Load Balancers, Security Groups, CISSP, Certified Ethical Hacker (CEH), DevSecOps, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Cloud Monitoring, Splunk, IBM QRadar, AI Security, Artificial Intelligence (AI), Technical Writing

Senior Staff Engineer

2015 - 2019
STMicroelectronics
  • Acted as the key digital transformation group member, overseeing the transition to the cloud using a hybrid approach and securitization in Azure and AWS.
  • Ran specific programs such as threat detection, content development, EDR transformation, cloud security, Okta security, SOPs for incident response, and security audit, including PCI DSS, SOC 1/2, ISO27k, and GDPR.
  • Assisted the DevOps team in SSDLC, including threat modeling and the zero-trust security model, and used the shift-left approach for CI/CD pipelines with Jenkins. Created a baseline for Windows, Mac, and Linux from a security standpoint.
  • Acted as the incident commandant reporting to the CISO. Conducted open-source and classified research on emerging and trending threats and vulnerabilities. Led complex projects cross-functionally and globally.
  • Led a team of cybersecurity professionals responsible for the architecture reviews, design, implementation, attack mitigation, and ongoing support of high-complexity security systems to fulfill business needs.
  • Rewrote the complete IR process, including the SOPs, playbooks, workbooks, and security automation, and mapped the use cases with security frameworks such as MITRE ATT&CK.
  • Managed threat intelligence, threat hunting (IOC vs. TTP), forensics, data protection (DLP), EDR, email security, cloud security, malware analysis, and reverse engineering.
  • Reduced the blast radius from a cloud security perspective and managed the cloud security posture assessment. Oversaw the vulnerability management program and prioritization of vulnerabilities.
  • Gained experience in AWS native tools, including Amazon VPC, AWS IAM, Amazon EC2, subnets, networking, AWS CloudTrail, Amazon GuardDuty, Amazon Macie, Amazon Inspector, and AWS Security Hub, along with Okta implementation.
  • Used Zscaler, Netskope, Palo Alto, McAfee, and Symantec. Along with DLP, I have strong experience in CASB, Zero Trust, shadow IT, etc.
Technologies: Cloud Security, Audits, Data Protection, CISSP, DevSecOps, VAPT, Microsoft, Amazon Web Services (AWS), Frameworks, Cyber Forensics, Threat Intelligence, Cyber Threat Hunting, Azure, Strategy, Cloud, Data Transformation, Security, CISO, Cloud Architecture, Cisco Routers, Azure Network Security Groups, Leadership, Cloudflare, Web Security, Datadog, Monitoring, Prisma, Single Sign-on (SSO), Auth, SharePoint, System Center Configuration Manager (SCCM), System Administration, Windows Server, VM, Hyper-V, Windows, Container Security, Container Orchestration, Amazon EKS, Secure Containers, VLANs, Tanium, File Servers, CCNA, CCNP, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco AnyConnect, FirePower, Duo 2FA, Microsoft 365, Identity & Access Management (IAM), Azure Key Vault, Web App Security, Google Workspace, DDoS, AWS ALB, AWS CLI, VMware, Business Continuity & Disaster Recovery (BCDR), Data Loss Prevention (DLP), Cisco, Palo Alto Networks, CrowdStrike, Endpoint Detection and Response (EDR), DevOps, Data Privacy, Compliance, Amazon Virtual Private Cloud (VPC), VPN, Architecture, AWS IAM, Networks, Virtual Private Servers, Network Engineering, Okta, Amazon S3 (AWS S3), Security Audits, IT Networking, IP Routing, IP Networks, AI Security, Artificial Intelligence (AI), Technical Writing

Senior Security Specialist

2011 - 2015
Tech Mahindra
  • Deployed SOCs for multiple clients, offering consultancy on SOC and security architecture and leveraging expertise to address client needs effectively.
  • Contributed to SIEM and SOAR use case development. Onboarded multiple use cases in SIEM tools to bolster threat detection capabilities, conducting extensive research on emerging threats and vulnerabilities to stay ahead of evolving risks.
  • Utilized a wide array of tools and technologies, including SIEM, WAF, DLP, IPS, IDS, FireEye APT, and more, while running specialized programs such as threat detection, EDR transformation, vulnerability management, and cloud security.
  • Led programs, including threat detection, content development, EDR transformation, cloud security, Okta security, SOPs for incident response, and security audit, ensuring compliance with regulations like PCI DSS, SOC1/2, ISO27K, and GDPR.
  • Implemented DevSecOps by incorporating SAST, dynamic application security testing (DAST), and threat modeling into development pipelines, ensuring early detection and mitigation of security vulnerabilities.
  • Designed and implemented AWS architectures, including VPCs, subnets, route tables, and security groups, ensuring isolation and secure communication between cloud resources.
  • Specialised in AWS cloud security, implementing CSPM, configuration management, access control, encryption, and monitoring, ensuring the integrity and confidentiality of cloud-hosted data and applications.
  • Assessed risk and performed auditing. Led risk and vulnerability assessments, conducted server system security audits, and effectively resolved discrepancies to support PCI DSS and ISO 27001 compliance efforts.
  • Investigated abnormal events, classified potential security breaches, and raised incident alerts, ensuring swift identification and mitigation of security threats.
  • Managed threat intelligence, hunting, and DLP data protection programs, performing host-based forensics to safeguard sensitive data and enhance security posture.
Technologies: Data Protection, Application Security, Security Architecture, Incident Response, PKI, Cryptography, Audits, Email Security, Infrastructure, IT Security, Network Operation Centers (NOC), SecOps, SIEM, User and Entity Behavior Analytics (UEBA), Security, CISO, Check Point, Cisco Routers, Monitoring, Single Sign-on (SSO), Auth, System Center Configuration Manager (SCCM), System Administration, Windows Server, Windows, VLANs, Cisco Switches, CCNA, CCNP, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco AnyConnect, RADIUS, FirePower, Duo 2FA, Microsoft 365, Identity & Access Management (IAM), Azure Key Vault, Web App Security, Google Workspace, DDoS, AWS ALB, AWS CLI, VMware, Business Continuity & Disaster Recovery (BCDR), Cybersecurity, Data Loss Prevention (DLP), Cisco, Palo Alto Networks, CrowdStrike, Endpoint Detection and Response (EDR), DevOps, Data Privacy, Compliance, Amazon Virtual Private Cloud (VPC), VPN, Architecture, AWS IAM, Networks, Virtual Private Servers, Network Engineering, Okta, Amazon S3 (AWS S3), Security Audits, IT Networking, IP Routing, IP Networks, Artificial Intelligence (AI), Technical Writing

Security Analyst

2008 - 2011
TCS Technologies
  • Deployed Check Point, Cisco, Fortigate, and Palo Alto firewalls, Blue Coat proxy, Trend Micro, and McAfee AV for day-to-day operations proficiently, ensuring comprehensive protection against cyber threats. Created over 10,000 VPN tunnels.
  • Led network engineering projects for a diverse clientele, encompassing routing (BGP), switching, firewalls, and proxies, which bolstered network security and resilience.
  • Managed security vulnerabilities and patching, conducted manual threat hunting using security tools, and responded promptly to security alerts, mitigating potential risks effectively.
  • Conducted audits of security tools, creating tailored security dashboards for specific platforms, ensuring robust monitoring and compliance with industry standards.
  • Worked on the SIEM and IDS/IPS implementation. Orchestrated the deployment of netForensics (SIEM) for centralized security.
Technologies: Endpoint Security, IT Security, Infrastructure, Incident Response, Application Security, Certified Ethical Hacker (CEH), CCNA Security, Firewalls, Proxy Servers, Software Development Lifecycle (SDLC), SecOps, Vulnerability Management, Check Point, Cisco Routers, Networking, VLANs, Cisco Switches, CCNA, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco AnyConnect, RADIUS, FirePower, Duo 2FA, Cybersecurity, Cisco, Palo Alto Networks, Data Loss Prevention (DLP), Networks, Virtual Private Servers, Network Engineering, Okta, Amazon S3 (AWS S3), Security Audits, IT Networking, IP Routing, IP Networks

Enterprise Security Architecture

My role in this project was to rearchitect the design for B2B and SOA platforms and add security layers considering defense-in-depth—firewalls, IPS/IDS, DLP, WAF, VAPT, and DMZ. I also created the security dashboards through the internal auditing of systems and servers, including vulnerabilities, configuration hardening, and penetration test findings, and I remediated all findings.

Cloud Journey—Blast Radius Project

During the migration of our workloads to the Cloud, the goal was to minimize the impact of a possible failure and have no dependencies on other products. It mainly included failures due to security incidents, human error, and environmental factors.

Vulnerability Assessment and Penetration Testing (VAPT)

Conducted VAPT testing using the OWASP methodology; this included vulnerability management for the pharmaceutical and semiconductor companies.
Technologies: Nmap, Nessus and Tenable, Qualys, Metasploit framework, Snort, IPsec, burp-suite, Kali Linux, and Wireshark.

SOC Reboot

The aim was to operationalize and institutionalize the process for SOC activities such as log ingestion, SOPs, playbooks, automation, and content development, map the use cases with security frameworks, and standardize responses across the organization.

Audits—ISO27k , ISO27701, SOC 1 & 2, PCIDSS, etc.

Single point of contact for external auditors, specific to SOC and security engineering teams, including technical controls related to endpoint security, VAPT, SIEM, SOAR, data protection, data privacy, infrastructure controls, etc.
2004 - 2008

Bachelor's Degree in Computer Systems and Networks

The NorthCap University - Gurugram, India

SEPTEMBER 2019 - PRESENT

Splunk Fundamentals

Splunk

FEBRUARY 2019 - PRESENT

AWS Certified Security—Specialty

Amazon

FEBRUARY 2019 - PRESENT

Carbon Black Associate Analyst and Threat Hunter

VMware

JUNE 2018 - PRESENT

Certified Information Systems Security Professional

ISC2

MARCH 2018 - PRESENT

Microsoft Certified: Azure Security Engineer Associate

Microsoft

FEBRUARY 2014 - PRESENT

Certified Ethical Hacker

EC-Council

NOVEMBER 2013 - PRESENT

Check Point Certified Security Administrator

Check Point

NOVEMBER 2013 - PRESENT

Check Point Certified Security Expert

Check Point

NOVEMBER 2013 - PRESENT

Check Point Certified Managed Security Expert

Check Point

MARCH 2013 - PRESENT

Blue Coat Certified Proxy Administrator

Blue Coat Systems

MARCH 2013 - PRESENT

Blue Coat Certified Proxy Expert

Blue Coat Systems

APRIL 2011 - PRESENT

Red Hat Certified System Administrator

Red Hat

APRIL 2011 - PRESENT

Red Hat Certified System Expert

Red Hat

NOVEMBER 2010 - PRESENT

Cisco Certified Security Professional

Cisco

APRIL 2009 - PRESENT

Trend Micro Certified Professional

Trend Micro

MARCH 2009 - PRESENT

CCNA Security

Cisco

FEBRUARY 2009 - PRESENT

CCNA

Cisco

Libraries/APIs

RADIUS, Auth

Tools

Amazon Virtual Private Cloud (VPC), VPN, AWS IAM, Prisma, System Center Configuration Manager (SCCM), Hyper-V, FirePower, Duo 2FA, Azure Key Vault, AWS CLI, VMware, Splunk, Sentinel, OpenVPN, Amazon Elastic Container Service (Amazon ECS), IBM QRadar, YARA, Snort, Terraform, Amazon CloudWatch, Wireshark, Tcpdump, Amazon Athena, Azure Network Security Groups, Amazon EKS

Languages

RAPID, SQL, Python

Paradigms

DevSecOps, DDoS, HIPAA Compliance, Automation, Penetration Testing, DevOps, Deep Packet Inspection (DPI), Security Orchestration, Automation, and Response (SOAR)

Platforms

Linux, Amazon Web Services (AWS), QualysGuard, SharePoint, Windows Server, Windows, AWS ALB, Azure, Google Cloud Platform (GCP), Microsoft, Web, CrowdStrike, Amazon EC2, Unix, Kubernetes

Industry Expertise

Cybersecurity, Network Security

Storage

Azure Cloud Services, Datadog, Amazon S3 (AWS S3)

Frameworks

COBIT, Windows PowerShell

Other

Security Operations Centers (SOC), Infrastructure, Incident Response, Certified Ethical Hacker (CEH), CCNA Security, Firewalls, Proxy Servers, SecOps, Malware Analysis, Audits, PCI DSS, ISO 27001, Threat Modeling, Threat Detection and Response (TDR), SIEM, User and Entity Behavior Analytics (UEBA), CISSP, IT Security, Identity & Access Management (IAM), Security Engineering, Networking, Architecture, Subnet, Cisco, Network Engineering, Virtual Private Servers, Networks, Documentation, IPv4, IP Networks, IP Routing, CCNP Security, Technical Leadership, Technical Hiring, Interviewing, Team Management, Cloud, Task Analysis, Vulnerability Assessment, PCI, FortiGate, Fortinet Firewall Configuration, Splunk Enterprise Security, Cisco Routers, DNS Configuration, System Administration, SonicWall, VM, Container Security, VLANs, Cisco Switches, Tanium, Infrastructure as Code (IaC), CI/CD Pipelines, CCNA, CCNP, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco AnyConnect, Microsoft 365, Web App Security, Data Loss Prevention (DLP), Data Protection, Endpoint Security, Cloud Security, Cyber Threat Hunting, Threat Intelligence, Vulnerability Management, Data Transformation, APIs, Palo Alto Networks, FedRAMP, Juniper, IPv6, Source Code Review, CA Network & Systems Management (NSM), Single Sign-on (SSO), Container Orchestration, Secure Containers, File Servers, Google Workspace, Business Continuity & Disaster Recovery (BCDR), AI Security, Artificial Intelligence (AI), Technical Writing, Application Security, Software Development Lifecycle (SDLC), Email Security, Security Architecture, PKI, Cryptography, Network Operation Centers (NOC), VAPT, Frameworks, Cyber Forensics, Strategy, Vendor Management, MDR, ATT&CK, Secure Access Service Edge (SASE), Cloud Access Security Broker (CASB), Security Automation, Information Security, Risk Management, Disaster Recovery Plans (DRP), OWASP Top 10, Web Security, Virtualization, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Routing, Check Point Certified Security Administrator (CCSA), CPA, Red Hat Certified System Administrator (RHCSA), Red Hat Certified Engineer (RHCE), System-on-a-Chip (SoC), NetFlow, DNS, Bro Logs, IDS/IPS, Tactics, Techniques, and Procedures (TTP), IoC, NIST, Near-field Communication (NFC), Endpoint Detection and Response (EDR), SOC 2, Security, Data Privacy, Compliance, Zero-day Vulnerabilities, ISO 27701, Okta, Amazon Route 53, Cloudflare, Security Audits, API Gateways, AWS Transit Gateway, Cloud Infrastructure, DNS Servers, IT Networking, Dynamic Host Configuration Protocol (DHCP), Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), Web Application Firewall (WAF), Load Balancers, TCP/IP, SSL, Transport Layer Security (TLS), Security Testing, Dynamic Application Security Testing (DAST), Check Point, F5 Networks, CISO, Cloud Architecture, Leadership, Monitoring, Zero Trust, AWS Certified Advanced Networking - Specialty, AWS Cloud Security, Security Groups, Static Application Security Testing (SAST), Cloud Monitoring

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring