Mukesh is available for hire
Hire MukeshMukesh Bhakar
Verified Expert in Engineering
Cloud Security Developer
Jaipur, Rajasthan, India
Toptal member since November 12, 2021
Bio
Mukesh is a professional with over 14 years of experience in cybersecurity. He has expertise in designing and implementing security solutions across multi-cloud platforms like AWS, Azure, and GCP. His background includes DevSecOps, GRC, security operations, cloud security assessment, endpoint security, and data security. Mukesh has worked in various roles, including individual contributor and leadership positions. He was selected as an AWS Community Builder.
Portfolio
Design Barn, Inc.
IT Security, SOC 2, Vanta, Security, Audits, Microsoft Intune...
West Roots LLC (Maptive)
Cloud Security, Security Audits, Penetration Testing, ISO 27001...
Garn Enterprise (Hong Kong) Limited
Architecture, Data Governance, AWS Certified Solution Architect, DevSecOps...
Experience
- Security - 13 years
- Cybersecurity - 13 years
- IT Security - 13 years
- Security Architecture - 11 years
- Cloud Security - 7 years
- Azure - 6 years
- Microsoft Azure - 6 years
- DevSecOps - 5 years
Availability
Part-time
Preferred Environment
Network Security, Application Security, Cloud Security, DevSecOps, Amazon Web Services (AWS), Security Architecture, SOC 2, Artificial Intelligence (AI), GRC, Cloud Infrastructure, Chief Security Officer (CSO), Microsoft Entra ID, ADF, CISO, Cybersecurity Operations, SOC Compliance, Microsoft Intune, Azure DevOps, VLANs, GitHub Actions, PCI, Security Software Development, Security Information and Event Management (SIEM), Vulnerability Scanning, BitLocker, Burp Suite, Endpoint Protection, Vulnerability Identification, Security Compliance, Encryption
The most amazing...
...thing I've designed was a robust, scalable, and secure multi-cloud architecture, incorporating industry best practices to safeguard enterprise data and systems.
Work Experience
Compliance Specialist
2024 - PRESENT
Design Barn, Inc.
- Prepared SOC 2 Type 2 documentation using Vanta customized templates and documented tech stack for audit readiness. Collaborated with teams to address gaps, ensuring compliance and boosting credibility during pilot phases with potential clients.
- Streamlined SOC 2 compliance with Scrut, automating evidence collection and optimizing security processes. Documented internal controls, enhanced data security, and guided teams in achieving audit readiness, improving trust with B2B clients.
- Implemented Vanta to automate SOC 2 compliance monitoring. Developed scalable policies for data security, documented processes, ensured audit readiness, and supported future scaling with additional communication platforms.
- Developed and tested security baselines for managed devices, enhancing endpoint protection. Collaborated with cross-functional teams to support end-users and troubleshoot issues related to Intune enrollment and policy enforcement.
Technologies: IT Security, SOC 2, Vanta, Security, Audits, Microsoft Intune, Mobile Device Management (MDM), Azure DevOps, Azure Cloud Security, GitHub Actions, Python, HIPAA Compliance, PCI, Security Software Development, IT Consulting, Security Information and Event Management (SIEM), Vulnerability Scanning, BitLocker, Burp Suite, Endpoint Protection, Vulnerability Identification, Security Compliance, Encryption
Cloud Security Specialist
2022 - PRESENT
West Roots LLC (Maptive)
- Ensured that the cloud architectures were designed with recommended security practices and standards following the principles of the Cloud Adoption Framework. Worked closely with application, network, and security teams.
- Assessed and mitigated risks associated with cloud services while ensuring compliance with relevant regulations and standards, such as CIS, NIST-CSF, ISO27001, SOC2, and other compliance requirements.
- Implemented static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA) tools and methodologies.
- Designed IAM processes and procedures and translated high-level requirements into technical designs.
- Worked with the SIEM and SOAR technical teams to design new security use cases and provide functional requirements.
- Spearheaded the deployment of Wiz CSPM across multi-cloud infrastructures, enhancing security visibility and compliance through continuous monitoring and automated baseline configurations.
- Designed and implemented security baselines for diverse cloud environments, leveraging Wiz CSPM to ensure adherence to industry standards and regulatory requirements.
Technologies: Cloud Security, Security Audits, Penetration Testing, ISO 27001, Information Security Management Systems (ISMS), OWASP, Security, IT Security, Security Analysis, General Data Protection Regulation (GDPR), Risk Management, Disaster Recovery Plans (DRP), Business Continuity Planning (BCP), Web Security, Kubernetes, Docker, Chief Security Officer (CSO), Microsoft Entra ID, ADF, CISO, AWS Well-Architected Framework, HITRUST Certification, Active Directory (AD), Microsoft Identity Manager, AWS Cloud Security, Cybersecurity Operations, SOC Compliance, Microsoft Intune, Mobile Device Management (MDM), Azure DevOps, Azure Cloud Security, GitHub Actions, Python, HIPAA Compliance, PCI, Security Software Development, IT Consulting, Security Information and Event Management (SIEM), Vulnerability Scanning, BitLocker, Burp Suite, Endpoint Protection, Vulnerability Identification, Security Compliance, Encryption
Manager | Solutions Architect
2024 - 2024
Garn Enterprise (Hong Kong) Limited
- Developed and implemented comprehensive cybersecurity policies, covering access controls, data protection, and incident response. Conducted staff training to ensure compliance and enhance overall security awareness across the organization.
- Designed and implemented a scalable AWS architecture utilizing EC2, S3, RDS, and VPC. Enhanced security through IAM roles, security groups, and encryption methods, ensuring a robust and reliable infrastructure.
- Conducted a thorough security assessment of the AWS environment, identifying and mitigating vulnerabilities. Implemented best practices and onboarded an AWS Managed Service Provider for ongoing management and security enhancement.
Technologies: Architecture, Data Governance, AWS Certified Solution Architect, DevSecOps, Chief Security Officer (CSO), CISO, Docker, Kubernetes, Terraform, Enterprise Risk Management (ERM), Jira, Confluence, CISSP, CISM, Microsoft Entra ID, ADF, AWS Well-Architected Framework, HITRUST Certification, Active Directory (AD), Microsoft Identity Manager, AWS Cloud Security, Cybersecurity Operations, SOC Compliance, Microsoft Intune, Mobile Device Management (MDM), Azure DevOps, Azure Cloud Security, GitHub Actions, Python, HIPAA Compliance, PCI, Security Software Development, IT Consulting, Security Information and Event Management (SIEM), Vulnerability Scanning, BitLocker, Burp Suite, Endpoint Protection, Vulnerability Identification, Security Compliance, Encryption
DevSecOps Engineer (via Toptal)
2024 - 2024
Brandon Miles
- Designed a comprehensive security architecture for an enterprise application on Azure, ensuring robust protection and compliance and conducting a risk assessment to identify potential threats.
- Developed a robust CI/CD pipeline using GitHub Actions, integrating DevSecOps practices for secure and efficient development and deployment.
- Ensured compliance with Azure security best practices. Assessed and optimized identity management, network security, data protection, monitoring, and regulatory compliance, reducing vulnerabilities.
Technologies: DevSecOps, DevOps, Security, System Administration, Docker, Kubernetes, CI/CD Pipelines, Infrastructure as Code (IaC), Systems Monitoring, Log Management, Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), IT Security, Microsoft Entra ID, ADF, CISO, AWS Well-Architected Framework, HITRUST Certification, Active Directory (AD), Microsoft Identity Manager, AWS Cloud Security, Cybersecurity Operations, SOC Compliance, Microsoft Intune, Mobile Device Management (MDM), Azure DevOps, Azure Cloud Security, GitHub Actions, Python, HIPAA Compliance, PCI, Security Software Development, IT Consulting, Security Information and Event Management (SIEM), Vulnerability Scanning, BitLocker, Burp Suite, Endpoint Protection, Vulnerability Identification, Security Compliance, Encryption
DevSecOps Engineer (via Toptal)
2024 - 2024
Green Line Inc
- Established and secured the technical infrastructure for Kinzy, an AI assistant for adult day care centers, during a 3-week discovery phase to integrate AI functionalities into Kinzy's MVP while ensuring security and reliability.
- Designed a secure and scalable GCP architecture incorporating IAM policies, network security, and data protection measures, enhancing system robustness.
- Performed a detailed security review of AI/ML models, identifying and addressing vulnerabilities and enhancing model security. Implemented differential privacy and data anonymization techniques, ensuring compliance.
Technologies: DevSecOps, DevOps, Security, Cloud, CI/CD Pipelines, Docker, Kubernetes, Infrastructure as Code (IaC), Minimum Viable Product (MVP), Artificial Intelligence (AI), Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), Monitoring, System Administration, Microsoft Entra ID, ADF, CISO, AWS Well-Architected Framework, Active Directory (AD), AWS Cloud Security, Cybersecurity Operations, SOC Compliance, Azure DevOps, Azure Cloud Security, HIPAA Compliance, PCI, Security Software Development, Vulnerability Scanning, BitLocker, Endpoint Protection, Encryption
DevSecOps Engineer (via Toptal)
2024 - 2024
Green Line Inc
- Made integration with GCP's CI/CD pipelines using Cloud Build and Cloud Functions for seamless vulnerability scanning and patch deployment.
- Created integration with GCP's security and compliance services, such as Cloud Security Command Center and Security Health Analytics, for comprehensive threat detection and response.
- Established automated DevSecOps pipelines using Cloud Build and Cloud Functions, enforced security controls, including vulnerability scanning and pand incident response, thereby maintaining a robust security posture in healthcare.
Technologies: DevSecOps, DevOps, Security, Cloud, CI/CD Pipelines, Docker, Kubernetes, Infrastructure as Code (IaC), Minimum Viable Product (MVP), Artificial Intelligence (AI), Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), Monitoring, System Administration, Microsoft Entra ID, AWS Well-Architected Framework, Active Directory (AD), Microsoft Identity Manager, AWS Cloud Security, Azure DevOps, Azure Cloud Security, HIPAA Compliance, PCI, Security Software Development, IT Consulting, Vulnerability Scanning, Vulnerability Identification, Encryption
Platform Cloud Security Engineer
2022 - 2024
Commonwealth Financial Network
- Configured and deployed Intune MDM policies, including automated enrollment, provisioning/de-provisioning, and remote device management.
- Implemented a robust identity and access management (IAM) solution using Microsoft Entra ID to enhance security, compliance, and user authentication across enterprise applications. Designed IAM policies aligned with the Zero Trust principle.
- Led the implementation of DevSecOps practices to enhance security, compliance, and automation within CI/CD pipelines. Integrated security into the SDLC while ensuring scalability and resilience across cloud-native environments.
- Designed and implemented cloud governance, establishing policies, procedures, and controls for cloud framework using NIST 800-53, CIS, and PCI DSS.
- Monitored compliance and remediated non-compliant devices to ensure alignment with security standards.
- Designed, deployed, and managed Intune policies to secure mobile devices, desktops, and applications. Implemented mobile device management (MDM) Intune and mobile application management (MAM) configurations to protect corporate data.
- Set up Azure Virtual Network (VNet) with web, application, and database tiers subnets.
- Implemented role-based access control (RBAC) and privileged identity management (PIM) for least privileged access.
- Deployed Azure Firewall to secure the network perimeter and enabled DDoS Protection to safeguard against distributed denial-of-service attacks.
- Configured conditional access policies, multi-factor authentication (MFA), and single sign-on (SSO) for secure authentication.Implemented role-based access control (RBAC) and privileged identity management (PIM) to enforce least privilege access.
Technologies: Azure, VPN, Azure Key Vault, Azure Active Directory, Cloud Security, Azure Resource Manager (ARM), Networks, Application Security, Terraform, Identity & Access Management (IAM), Risk Assessment, Security Architecture, Infrastructure as Code (IaC), Linux Administration, Artificial Intelligence (AI), SOC 2, Amazon Web Services (AWS), Information Security, Managed Security Service Providers (MSSP), Threat Intelligence, Network Architecture, Network Engineering, Team Leadership, Network Monitoring, DevSecOps, IDS/IPS, Endpoint Detection and Response (EDR), SIEM, Audits, Leadership, GCP Security, SaaS Security, Firewalls, Amazon Cognito, Amazon EC2, Amazon Virtual Private Cloud (VPC), Datadog, Monitoring, GRC, Documentation, Cloud Infrastructure, Infrastructure, AWS Certified Solution Architect, Infrastructure Security, Secure Access Service Edge (SASE), Endpoint Security, Managed Detection and Response (MDR), Kubernetes, Docker, Chief Security Officer (CSO), Enterprise Cybersecurity, Enterprise Security, Active Directory (AD), Microsoft Identity Manager, AWS Cloud Security, Azure DevOps, Azure Cloud Security, HIPAA Compliance, PCI, Microsoft Entra ID, IT Consulting, Vulnerability Identification, Encryption
Senior Cloud Security Architect
2021 - 2022
ValueLabs
- Performed security and privacy assessments, including vulnerability and penetration testing, to determine compliance and security posture in the cloud.
- Implemented AWS Security Hub, AWS Organizations, GuardDuty, SSO, WAF, and AWS native security tools.
- Conducted vulnerability assessment using Burp Suite Enterprise, Nmap, Nessus, OWASP ZAP, sqlmap, Scout Suite, and PACU.
- Automated cloud security controls, data, and processes to provide better metrics and operational support.
- Identified security threats and risks related to cloud infrastructure services and planned remediation activities.
- Led the implementation of a comprehensive compliance program to align with the Digital Operational Resilience Act (DORA) regulations introduced by the European Union (EU).
- Implemented a comprehensive GRC framework to enhance organizational governance, manage risks, and ensure regulatory compliance. The project aimed to create a centralized system to streamline processes, and mitigate potential risks.
Technologies: Cloud Security, Penetration Testing, Azure, Security Architecture, AWS CloudFormation, Security, AWS Organizations, Security Hub, Amazon Web Services (AWS), Single Sign-on (SSO), OWASP Top 10, Sentinel, Cyber Threat Hunting, Computer Science, Network Security, Amazon Route 53, SecOps, IT Service Management (ITSM), Microsoft, IT Security, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), CI/CD Pipelines, Metasploit, Web App Security, OWASP, CISO, Web Security, Vulnerability Management, Security Audits, Cybersecurity, Amazon S3 (AWS S3), AWS IAM, AWS Elastic Beanstalk, Okta, Google Cloud Platform (GCP), Microsoft Azure, Source Code Review, Interviewing, Task Analysis, DevOps, Cloud, APIs, Team Management, ISO 27001, Compliance, Consulting, Azure Active Directory, Identity & Access Management (IAM), Architecture, Data Protection, General Data Protection Regulation (GDPR), Ethical Hacking, Hacking, Threat Modeling, Risk Management, NIST, Security Management, Microsoft 365, Identity, Security Analysis, Business Continuity Planning (BCP), Disaster Recovery Plans (DRP), Information Security Management Systems (ISMS), SOC 2, CISM, Azure Key Vault, Azure Resource Manager (ARM), VPN, Networks, Data Loss Prevention (DLP), Infrastructure as Code (IaC), Linux Administration, Application Security, Artificial Intelligence (AI), Threat Intelligence, Network Architecture, Network Engineering, Team Leadership, Network Monitoring, DevSecOps, IDS/IPS, Endpoint Detection and Response (EDR), SIEM, Audits, Leadership, GCP Security, SaaS Security, Firewalls, Amazon Cognito, Amazon EC2, Amazon Virtual Private Cloud (VPC), Datadog, Monitoring, GRC, Documentation, Cloud Infrastructure, Infrastructure, AWS Certified Solution Architect, Vulnerability Assessment, Infrastructure Security, Secure Access Service Edge (SASE), Endpoint Security, Managed Detection and Response (MDR), Kubernetes, Docker, Chief Security Officer (CSO), Active Directory (AD), Microsoft Identity Manager, AWS Cloud Security, SOC Compliance, Azure DevOps, Azure Cloud Security, HIPAA Compliance, PCI, IT Consulting, Endpoint Protection, Vulnerability Identification, Encryption
Cloud Security Architect
2018 - 2021
Mundo Startel S.A.
- Designed secure cloud architecture using best practices.
- Audited and implemented compliance as per regulatory requirements.
- Designed, implemented, and maintained cloud infrastructure security, identified technical gaps, and provided solutions.
- Gained extensive experience in cloud-based DDoS protection services such as AWS Shield Advanced.
Technologies: Cloud Security, Azure, Security Architecture, Security, AWS Organizations, Security Hub, Amazon Web Services (AWS), Single Sign-on (SSO), OWASP Top 10, Sentinel, Cyber Threat Hunting, Computer Science, Network Security, Amazon Route 53, SecOps, IT Service Management (ITSM), Application Security, Architecture, Microsoft, IT Security, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), CI/CD Pipelines, Metasploit, Web App Security, OWASP, Web Security, Vulnerability Management, Security Audits, Cybersecurity, Amazon S3 (AWS S3), AWS IAM, Okta, Google Cloud Platform (GCP), Microsoft Azure, Source Code Review, Interviewing, Task Analysis, DevOps, Cloud, APIs, Team Management, ISO 27001, Compliance, Consulting, Azure Active Directory, Identity & Access Management (IAM), Data Protection, General Data Protection Regulation (GDPR), Ethical Hacking, Hacking, Threat Modeling, Risk Management, NIST, Security Management, Microsoft 365, Identity, Security Analysis, Business Continuity Planning (BCP), Disaster Recovery Plans (DRP), Information Security Management Systems (ISMS), SOC 2, CISM, Azure Key Vault, Azure Resource Manager (ARM), VPN, Networks, Data Loss Prevention (DLP), Infrastructure as Code (IaC), Linux Administration, Artificial Intelligence (AI), Threat Intelligence, Network Architecture, Network Engineering, Team Leadership, Network Monitoring, DevSecOps, IDS/IPS, Endpoint Detection and Response (EDR), SIEM, Audits, Leadership, GCP Security, SaaS Security, Firewalls, Amazon Cognito, Amazon EC2, Amazon Virtual Private Cloud (VPC), Datadog, Monitoring, GRC, Documentation, Cloud Infrastructure, Infrastructure, AWS Certified Solution Architect, Infrastructure Security, Secure Access Service Edge (SASE), Endpoint Security, Managed Detection and Response (MDR), Kubernetes, Docker, Chief Security Officer (CSO), Microsoft Identity Manager, AWS Cloud Security, SOC Compliance, Azure Cloud Security, HIPAA Compliance, Endpoint Protection
Application Security Engineer
2014 - 2018
Ericsson
- Developed processes and implemented tools and techniques to perform ongoing security assessments of the environment.
- Analyzed security test results, drew conclusions from results, and developed targeted testing as deemed necessary.
- Collaborated with external vendors to perform penetration tests on network devices, operating systems, databases, and applications as necessary.
Technologies: Network Security, Security, OWASP Top 10, Cyber Threat Hunting, Computer Science, SecOps, IT Service Management (ITSM), Architecture, Amazon Web Services (AWS), Azure, Identity & Access Management (IAM), Security Architecture, Microsoft, IT Security, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), CI/CD Pipelines, Metasploit, Web App Security, OWASP, Web Security, Vulnerability Management, Security Audits, Cybersecurity, Amazon S3 (AWS S3), AWS IAM, AWS Elastic Beanstalk, Okta, Source Code Review, Interviewing, Task Analysis, DevOps, Cloud, APIs, ISO 27001, Compliance, Azure Active Directory, Data Protection, General Data Protection Regulation (GDPR), Ethical Hacking, Threat Modeling, Risk Management, NIST, Security Management, Microsoft 365, Identity, Security Analysis, Business Continuity Planning (BCP), Disaster Recovery Plans (DRP), Information Security Management Systems (ISMS), SOC 2, CISM, Azure Key Vault, Azure Resource Manager (ARM), VPN, Networks, Data Loss Prevention (DLP), Linux Administration, Application Security, Artificial Intelligence (AI), Threat Intelligence, Network Architecture, Team Leadership, Network Monitoring, DevSecOps, IDS/IPS, Endpoint Detection and Response (EDR), SIEM, Audits, Leadership, GCP Security, SaaS Security, Firewalls, Amazon Cognito, Amazon EC2, Amazon Virtual Private Cloud (VPC), Datadog, Monitoring, GRC, Documentation, Cloud Infrastructure, Infrastructure, AWS Certified Solution Architect, Infrastructure Security, Secure Access Service Edge (SASE), Endpoint Security, Managed Detection and Response (MDR), Kubernetes, Docker, Active Directory (AD), Microsoft Identity Manager, Azure Cloud Security, HIPAA Compliance, Endpoint Protection
Security Engineer
2013 - 2014
Vodafone Idea
- Conducted vulnerability assessments of IT infrastructure for government agencies and private companies. Identified and prioritized vulnerabilities based on risk assessment and provided recommendations for remediation.
- Audited organizations processing credit card data to ensure compliance with the Payment Card Industry Data Security Standard (PCI DSS). Identified and reported non-conformities and provided guidance on remediation measures.
- Conducted a financial institution's comprehensive IDS/IPS vulnerability assessment, identifying misconfigurations and tuning recommendations to optimize threat detection accuracy and minimize false positives.
Technologies: Vulnerability Management, Identity & Access Management (IAM), Information Security Management Systems (ISMS), IDS/IPS, Firewalls, Threat Intelligence, Linux Administration, Application Security, Artificial Intelligence (AI), Network Architecture, Network Engineering, Network Monitoring, DevSecOps, Endpoint Detection and Response (EDR), Audits, GCP Security, Amazon Cognito, Amazon Virtual Private Cloud (VPC), Cloud Infrastructure, Infrastructure, AWS Certified Solution Architect, Infrastructure Security, Secure Access Service Edge (SASE), Kubernetes, Docker, Active Directory (AD), Microsoft Identity Manager, Azure Cloud Security, Endpoint Protection
Senior Engineer
2013 - 2014
Vodafone Idea
- Performed manual, external, and internal penetration testing.
- Collaborated with external vendors to perform penetration tests on network devices, operating systems, and databases.
- Provided assistance to system users regarding information system security.
- Performed routine vulnerability scans against specified systems, analyzed the results, and worked with business units to remediate systems.
Technologies: Network Security, Security, OWASP Top 10, Cyber Threat Hunting, Computer Science, SecOps, Microsoft, IT Security, Static Application Security Testing (SAST), CI/CD Pipelines, Metasploit, Web App Security, OWASP, Web Security, Vulnerability Management, Security Audits, Cybersecurity, Amazon S3 (AWS S3), AWS IAM, AWS Elastic Beanstalk, Okta, Source Code Review, Interviewing, Task Analysis, DevOps, Cloud, APIs, ISO 27001, Azure Active Directory, Identity & Access Management (IAM), Architecture, Data Protection, Ethical Hacking, Hacking, Threat Modeling, Risk Management, NIST, Security Management, Microsoft 365, Identity, Security Analysis, Business Continuity Planning (BCP), Disaster Recovery Plans (DRP), Information Security Management Systems (ISMS), Azure Key Vault, Azure Resource Manager (ARM), VPN, Networks, Data Loss Prevention (DLP), Artificial Intelligence (AI), Threat Intelligence, Network Engineering, Network Monitoring, DevSecOps, Audits, Cloud Infrastructure, Infrastructure, AWS Certified Solution Architect, Kubernetes, Docker, Active Directory (AD), Azure Cloud Security
IT Security Engineer
2012 - 2013
Huawei Technologies Co.
- Implemented data loss prevention (DLP) policies and technologies to prevent unauthorized data exfiltration and ensure compliance with data privacy regulations.
- Designed and deployed secure network segmentation strategies to minimize the attack surface and limit the potential impact of security breaches.
- Conducted physical security assessments to identify vulnerabilities in physical access controls and recommend improvements.
Technologies: Application Security, IT Security, Artificial Intelligence (AI), Threat Intelligence, Network Engineering, Network Monitoring, Audits, Cloud Infrastructure, Infrastructure, AWS Certified Solution Architect, Kubernetes, Docker, Active Directory (AD)
Cybersecurity Analyst
2010 - 2012
Ericsson
- Assessed and optimized the existing vulnerability management program, identifying gaps and inefficiencies.
- Implemented vulnerability scanning tools on various platforms (endpoints, network devices, applications) and prioritized identified vulnerabilities based on risk assessment.
- Automated vulnerability patching processes and tracked remediation progress across different systems.
Technologies: IT Security, Security Operations Centers (SOC), Patch Management, Vulnerability Management, Artificial Intelligence (AI), Threat Intelligence, Network Engineering, Network Monitoring, Audits, Cloud Infrastructure, Infrastructure, AWS Certified Solution Architect, Kubernetes, Docker
Experience
Implementation of AWS Security Architecture
Implemented AWS security architecture for one of the USA's leading pharma companies to protect them from ongoing ransomware attacks. Performed penetration testing of AWS account to find out vulnerability and misconfiguration.
Protection Against Ransomware
Implemented an airgap backup solution for one of the top clients to secure them from ransomware using cloud-native and open-source tools. Firstly I utilized existing backup solutions with proper security, monitoring, and encryption in place. After that, I implemented secondary backup solutions to ensure that we have available backups to restore in case of attacks.
AWS Organization Multi-account Architecture Implementation
Implemented AWS Organizations to use control towers according to AWS best practices. It was implemented to separate customer environments according to development, staging, and production with separate logging, security, and shared account structures.
Digital Operational Resilience Act (DORA) Compliance Program Implementation
I implemented the EU's Digital Operational Resilience Act (DORA) framework within the HR and organization to enhance operational resilience and comply with regulations.
• Developed and implemented policies and procedures for ICT risk management, incident reporting, digital operational resilience testing, and 3rd-party risk management, aligned with DORA requirements.
• Conducted a risk assessment to identify potential ICT threats and vulnerabilities.
• Implemented appropriate controls to mitigate identified risks.
• Defined and implemented an incident response plan for managing cyber threats and disruptions.
• Developed and implemented policies and procedures for ICT risk management, incident reporting, digital operational resilience testing, and 3rd-party risk management, aligned with DORA requirements.
• Conducted a risk assessment to identify potential ICT threats and vulnerabilities.
• Implemented appropriate controls to mitigate identified risks.
• Defined and implemented an incident response plan for managing cyber threats and disruptions.
Business Continuity Planning and Implementation
Led a comprehensive initiative to develop and implement a robust business continuity plan (BCP) for Toptal. The project aimed to ensure the organization's resilience in the face of potential disruptions, including natural disasters, technological failures, and other unforeseen events. The BCP encompassed all critical business functions, IT systems, and key processes.
RISK ASSESSMENT AND BUSINESS IMPACT ANALYSIS
• Conducted a thorough risk assessment to identify potential threats and vulnerabilities.
• Performed a business impact analysis (BIA) to prioritize critical business functions and assess the financial and operational impact of disruptions.
BCP DEVELOPMENT AND DOCUMENTATION
• Collaborated with department heads and stakeholders to create a comprehensive business continuity plan.
• Documented detailed procedures for each critical business function, outlining steps for activation and recovery.
RISK ASSESSMENT AND BUSINESS IMPACT ANALYSIS
• Conducted a thorough risk assessment to identify potential threats and vulnerabilities.
• Performed a business impact analysis (BIA) to prioritize critical business functions and assess the financial and operational impact of disruptions.
BCP DEVELOPMENT AND DOCUMENTATION
• Collaborated with department heads and stakeholders to create a comprehensive business continuity plan.
• Documented detailed procedures for each critical business function, outlining steps for activation and recovery.
AI Adult Health Care
During the 3-week discovery phase, I worked closely to design, establish, and secure the project's technical infrastructure. My expertise was instrumental in integrating AI functionalities into Kinzy's MVP, focusing on creating a highly robust and secure environment that supported the application's innovative capabilities and catered to the user's needs.
SOC 2 Type 2 Compliance Certification
This project involved implementing an organization's SOC 2 Type II compliance, ensuring adherence to the Trust Services Criteria (TSC) for security, availability, and confidentiality. Leveraging Vanta and Scrut, we automated compliance workflows, monitored security controls, and achieved a successful external audit with minimal operational disruption.
Key achievements:
• Automated 80% of evidence collection, reducing manual effort.
• Successfully passed the external SOC 2 Type II audit within six months.
• Established a scalable and repeatable compliance framework for future audits.
Key achievements:
• Automated 80% of evidence collection, reducing manual effort.
• Successfully passed the external SOC 2 Type II audit within six months.
• Established a scalable and repeatable compliance framework for future audits.
Deployment of a Secure 3-Tier Application in Azure Landing Zone
This project involved designing and deploying a 3-tier application in an Azure Landing Zone, focusing on scalability, security, and compliance with industry best practices. Leveraging Azure services like App Service, Azure SQL Database, and Azure Firewall, we created a robust architecture that adhered to security and performance requirements.
KEY ACHIEVEMENTS
• Deployed a scalable 3-tier application across web, application, and database layers, ensuring high availability and resilience.
• Implemented comprehensive security measures, including WAF, NSGs, and encryption, to safeguard data and resources.
• Established a Hub-Spoke Network Topology with secure connectivity using private endpoints, achieving a scalable and modular architecture.
KEY ACHIEVEMENTS
• Deployed a scalable 3-tier application across web, application, and database layers, ensuring high availability and resilience.
• Implemented comprehensive security measures, including WAF, NSGs, and encryption, to safeguard data and resources.
• Established a Hub-Spoke Network Topology with secure connectivity using private endpoints, achieving a scalable and modular architecture.
Enterprise Mobile Device Management (MDM) Implementation using Intune
ACCOMPLISHMENTS
• Configured and deployed MDM Intune policies, including automated enrollment, provisioning/de-provisioning, and remote device management.
• Enforced stringent security measures such as data encryption, access controls, and compliance with industry regulations.
• Monitored and reported on non-compliant or high-risk devices, ensuring adherence to security policies and mitigating potential threats.
• Optimized the MDM Intune solution for scalability, enhancing performance while minimizing downtime.
• Collaborated with IT, security, and business unit leaders to align MDM deployment with strategic business goals.
• Configured and deployed MDM Intune policies, including automated enrollment, provisioning/de-provisioning, and remote device management.
• Enforced stringent security measures such as data encryption, access controls, and compliance with industry regulations.
• Monitored and reported on non-compliant or high-risk devices, ensuring adherence to security policies and mitigating potential threats.
• Optimized the MDM Intune solution for scalability, enhancing performance while minimizing downtime.
• Collaborated with IT, security, and business unit leaders to align MDM deployment with strategic business goals.
Education
2022 - 2023
Master's Degree in Cyber Security
Southern New Hampshire University - New Hampshire
2005 - 2009
Bachelor's Degree in Electronics and Communication Engineering
University of Rajasthan, Jaipur - Jaipur, India
Certifications
JANUARY 2024 - PRESENT
Certified Information Security Manager (CISM)
ISACA
NOVEMBER 2023 - PRESENT
Microsoft Certified: Cybersecurity Architect Expert
Microsoft
NOVEMBER 2021 - NOVEMBER 2023
Certified Kubernetes Security Specialist (CKS)
The Linux Foundation
SEPTEMBER 2021 - SEPTEMBER 2022
Microsoft Certified: Azure Security Engineer Associate
Microsoft
AUGUST 2021 - PRESENT
Certificate of Cloud Security Knowledge (CCSK)
CSA
FEBRUARY 2021 - FEBRUARY 2024
AWS Certified Security – Specialty
Amazon Web Services
JANUARY 2021 - JANUARY 2024
CKA: Certified Kubernetes Administrator
The Linux Foundation
JUNE 2020 - JUNE 2023
AWS Certified Solutions Architect Associate
AWS
DECEMBER 2018 - PRESENT
ITIL
Axelos
Skills
Tools
Metasploit, AWS IAM, Sentinel, Azure Key Vault, VPN, GCP Security, Amazon Cognito, Amazon Virtual Private Cloud (VPC), Microsoft Identity Manager, Microsoft Intune, BitLocker, NMap, AWS CloudFormation, Terraform, Boto 3, Jira, Confluence
Languages
Python, Python 3
Frameworks
ADF, AWS Well-Architected Framework
Paradigms
Penetration Testing, DevSecOps, DevOps, Azure DevOps, HIPAA Compliance, Security Software Development
Platforms
Azure, AWS Lambda, AWS ALB, Amazon Web Services (AWS), Microsoft, AWS Elastic Beanstalk, Amazon EC2, Docker, Burp Suite, Kubernetes, Google Cloud Platform (GCP), Vanta
Storage
Azure Active Directory, Amazon S3 (AWS S3), Datadog, Microsoft Entra ID
Industry Expertise
Cybersecurity, Enterprise Security
Other
OWASP Top 10, Application Security, Cloud Security, Networking, Computer Science, Security Architecture, AWS Certified Solution Architect, IT Service Management (ITSM), Network Security, Security, Kubernetes Security, AWS Organizations, Security Hub, GaurdDuty, Single Sign-on (SSO), Amazon Route 53, Cyber Threat Hunting, SecOps, Architecture, Identity & Access Management (IAM), IT Security, OWASP, CISO, Web Security, Vulnerability Management, Security Audits, Okta, Microsoft Azure, Technical Hiring, Source Code Review, Interviewing, Task Analysis, Cloud, APIs, Team Management, Compliance, Consulting, Data Protection, General Data Protection Regulation (GDPR), Ethical Hacking, Hacking, NIST, Security Management, Microsoft 365, Identity, Security Analysis, Business Continuity Planning (BCP), Disaster Recovery Plans (DRP), Information Security Management Systems (ISMS), SOC 2, CISM, Azure Resource Manager (ARM), Networks, Data Loss Prevention (DLP), Information Security, IDS/IPS, Firewalls, Threat Intelligence, Linux Administration, Vulnerability Assessment, Network Architecture, Network Engineering, Team Leadership, Network Design, Network Monitoring, Endpoint Detection and Response (EDR), SIEM, Audits, Leadership, SaaS Security, Web Application Firewall (WAF), Monitoring, GRC, Documentation, Cloud Infrastructure, Infrastructure, Infrastructure Security, Endpoint Security, Managed Detection and Response (MDR), Chief Security Officer (CSO), CISSP, Active Directory (AD), AWS Cloud Security, Cybersecurity Operations, SOC Compliance, Mobile Device Management (MDM), Azure Cloud Security, VLANs, Solution Architecture, GitHub Actions, PCI, IT Consulting, Security Information and Event Management (SIEM), Vulnerability Scanning, Microsoft Defender Antivirus, Endpoint Protection, Vulnerability Identification, Security Compliance, Encryption, Container Security, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), CI/CD Pipelines, Web App Security, ISO 27001, Threat Modeling, Risk Management, Infrastructure as Code (IaC), Artificial Intelligence (AI), Secure Containers, Secure Access Service Edge (SASE), HITRUST Certification, AWS Control Tower, AWS WAF, Risk Assessment, Security Operations Centers (SOC), Patch Management, Managed Security Service Providers (MSSP), Enterprise Cybersecurity, Minimum Viable Product (MVP), System Administration, Systems Monitoring, Log Management, Data Governance, Enterprise Risk Management (ERM), MDM
Collaboration That Works
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
1
Share your needs
Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2
Choose your talent
Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3
Start your risk-free talent trial
Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.
Top talent is in high demand.
Start hiring