Information Security Manager
2019 - PRESENTCvent- Acted as the incident commandant reporting to the CISO. Conducted open-source and classified research on emerging and trending threats and vulnerabilities. Led complex projects cross-functionally and globally.
- Led a team of cybersecurity professionals responsible for the design, implementation, attack mitigation, and ongoing support of security systems of high complexity to fulfill the business needs.
- Rewrote the complete IR process, including the SOPs, playbooks, workbooks, and security automation, and mapped the use cases with security frameworks such as MITRE ATT&CK.
- Managed threat intelligence, threat hunting (IOC vs. TTP), forensics, data protection, EDR, email security, cloud security, malware analysis, and reverse engineering.
- Reduced the blast radius from a cloud security perspective and managed the cloud security posture assessment. Oversaw the vulnerability management program and prioritization of vulnerabilities.
- Led the company-wide deployments of multiple security products to secure all resources, infrastructure, applications, and storage. Created 30+ use cases with security automation capabilities.
- Worked completely on AWS cloud. Maintained the current infrastructure from a security perspective. Gained experience in AWS native tools, including AWS VPC, AWS IAM, EC2, subnets, networking, CloudTrail, GuardDuty, Macie, Inspector, and Security Hub.
Technologies: Cloud Security, IT Security, Threat Hunting, Threat Intelligence, Strategy, Malware Analysis, Vendor Management, MDR, Audits, ATT&CK, Security Framework, Secure Access Service Edge (SASE), Cloud Access Security Broker (CASB), Data Protection, Security Automation, Azure Security, AWS Security, NetFlow, DNS, Proxy Servers, YARA, Snort, Penetration Testing, Bro Logs, IDS/IPS, TTP, IoC, Python, Windows PowerShell, Network Hunting, ISO 27001, PCI DSS, SOC 1, SOC 2, NIST, CISSP, Azure, Sentinel, Proofpoint, TAP, TRAP, Carbon Black, CrowdStrike, Endpoint Detection and Response (EDR), DevOps, Identity & Access Management (IAM), Risk ManagementStaff Engineer
2015 - 2019STMicroelectronics- Managed the SOC and security engineering team, which included leading and mentoring over 13 security experts and meeting business goals. Acted as the incident commandant of the Indian region.
- Acted as the key member of the digital transformation group that oversaw transitioning to the cloud in a hybrid approach and securitization in Azure.
- Ran the specific programs such as threat detection, content development, EDR transformation, cloud security, SOPs for incident response, and security audit, including PCI-DSS, SOC 1/2, ISO27k, and GDPR.
- Assisted DevOps team in SSDLC, including threat modeling, penetration testing, zero-trust security model, and using the shift-left approach for CI/CD pipelines with Jenkins. Created a baseline for Windows, Mac, and Linux from a security standpoint.
Technologies: Cloud Security, Audits, Data Protection, CISSP, DevSecOps, VAPT, Microsoft, AWS, Security Framework, Cyber Forensics, Threat Intelligence, Threat Hunting, Azure, Strategy, Cloud TransformationSenior Security Specialist
2012 - 2015BT Group- Acted as the shift operations manager for specific customers, including LBG, PepsiCo, Philips, Novartis, and Nestlé.
- Deployed the SOC for multiple customers, including Dixon and Mars. Provided consultancy services to several customers from SOC and security architecture perspectives.
- Oversaw the POC for any new tool and technology. Collaborated with the presales team to onboard new customers.
- Onboarded multiple use cases in SIEM tools to enhance threat detection capabilities. Conducted multiple open-source and classified research projects on emerging and trending threats and vulnerabilities.
- Used a number of tools and technologies, including SIEM, WAF, DLP, IPS, IDS, firewall, proxy, FireEye APT, AV, REMnux, DDoS, Proofpoint, Wireshark, Burp Suite, PAM, ATT&CK framework, OWASP Top 10, Python, Nipper, and HLD/LLD.
Technologies: Data Protection, Application Security, Security Architecture, Incident Response, PKI, Cryptography, Audits, Email Security, Infrastructure Security, Network Operations Center, SecOps, SIEM, User and Entity Behavior Analytics (UEBA)Security Engineer
2010 - 2012Orange Business Services- Investigated the abnormal events, classified the potential security breaches, raised the security incident alerts, performed the technical and management escalation, and implemented the second-level mitigation action to confirm security incidents.
- Led the risk and vulnerability assessments and systems security audits of the servers and provided support in clearing the discrepancies according to PCI-DSS and ISO 27001.
- Performed host-based forensics and managed the threat intelligence program, hunting program, and DLP data protection program to secure sensitive data.
- Appointed as a shift lead and oversaw creating the SOC matrices data for the management.
Technologies: Incident Response, Malware Analysis, Threat Hunting, Audits, PCI DSS, Threat Intelligence, ISO 27001, SecOps, Threat Modeling, Threat Detection, Infrastructure Security, Email Security, Application Security, Vulnerability Management, Software Development Lifecycle (SDLC)Security Analyst
2008 - 2010HCL Technologies- Managed the cyber project outsourced by the National Informatics Center for the Indian Government, including the Ministry of External Affairs, Prime Minister, Ministry of Home Affairs, all states, and Bhawan.
- Deployed multiple tools for day-to-day operations, including the Check Point and Cisco firewalls, Blue Coat proxy, Trend Micro and MacAfee AV, netForensics (SIEM), MacAfee IDS/IPS, and Snort.
- Updated the security patches and vulnerabilities, manually hunted for IOCs using security tools, and responded to the security alerts.
- Performed audits of security tools and created security dashboards for specific platforms.
Technologies: Endpoint Security, Infrastructure Security, Incident Response, Application Security, Certified Ethical Hacker (CEH), CCNA Security, Firewalls, Proxy Servers, Software Development Lifecycle (SDLC), SecOps, Vulnerability Management