Invite Freelancer to Project
You don't seem to have an active project at the moment. Why not post a project now? It's free!Post a Project
- 100%Jobs Completed
- 100%On Budget
- 100%On Time
- 25%Repeat Hire Rate
Technical Lead - Information SecurityOct 2014
• Handling Technical Risk Management Program for whole organization • Security Testing of Web Applications based on OWASP/WASC/SANS and other vulnerabilities • Vulnerability Assessment and Penetration Testing • Initiating & Setup various Enterprise Security Programs as per business requirements in organization i.e. DLP, AV, Log Monitoring, Encryption Technology, SSL, Risk Management, Proxy, email security etc. • Risk Assessment & Threat Modeling for critical IT system and applications • Checklist based technical audit (based on ISO 27001,NIST and other standards) • Manual & Automated Source code review and False Positive Analysis of reports • Implementing Secure Coding & Programming Principles and Process • Security Architecture review & consulting • Vulnerability tracking management, remediation follow up & assistance to various teams for mitigation techniques • Handling Data Leakage Prevention Program • Handling Antivirus Management Program • Handling Information Security Education & Awareness Program
Security AnalystOct 2012 - Oct 2014 (2 years)
• Security Testing of Web Applications based on OWASP/WASC/SANS and other vulnerabilities • Vulnerability Assessment and Penetration Testing • Handling Automated DAST and SAST program with various commercial tools • Handling SAST (Static Application Security Testing) program with HP Fortify, Checkmarx and IBM Appscan commercial tools • Manual & Automated Source code review and False Positive Analysis of reports • Handling DAST (Dynamic Application Security Testing) program with HP Webinspect, Acunetix and Qualys WAS commercial tools • False Positive Analysis of reports generated by Acunetix, Qualys WAS and HP WebInspect • Handling Enterprise Vulnerability management program • Vulnerability remediation & assistance to various teams for mitigation
Information Security ConsultantOct 2011 - Sep 2012 (11 months)
• Auditing/Security Testing of Web Applications based on OWASP/WASC/SANS • Vulnerability Assessment and Penetration Testing of Web Application & Networks • Auditing of IT Infrastructure/Data Centers (Banks, ERP Audit etc.) based on ISO 27001 and RBI guidelines • Configuring and maintenance of Routers, Switches, Firewalls, IDS/IPS. • SIEM tool for Threat Management (Trustwave and other open sources). • Handling SOC (Security Operation Center) • Patch and configuration management. • Log Monitoring and Preparing status reports • Support to marketing team in terms of clarity of services, joint discussions, and customer meetings.
Information Security ConsultantApr 2010 - Sep 2011 (1 year)
• Web sites Security Testing based on OWASP Top 10 (Automated and Manual) • Vulnerability Assessment and Penetration Testing (Automated and Manual) • Develop Secure Network Infrastructure • Configuring and maintenance of Switches/Firewalls. • Malware Coding & Malware Analysis • Develop Malware Signature and Create Firewall and IDS Rules • Research on Exploit Development • Daily onsite – offshore status reporting and team management
Master of Engineering in Information Security & Ethical Hacking2008 - 2010 (2 years)
Bachelor of Engineering in Information Technology2004 - 2008 (4 years)
EC–Council Certified Security Analyst (ECSA) (2015)EC–Council
The EC–Council Certified Security Analyst (ECSA) program is a comprehensive, standards-based, methodology intensive training program which teaches information security professionals to conduct real life penetration tests by utilizing EC-Council’s published penetration testing methodology.
• Certified Ethical Hacker (EC Council-C|EH) (2012)EC Council
The most advanced ethical hacking course in the world that covers cutting edge of hacking technology. EC-Council researchers go deep underground covertly to extract advanced attacks and exploits. They analyze how hackers operate and present detailed illustrated hacking methodologies to defense community. The certified ethical hacker training class deals with real life scenario and real threats by real life experts in the field. Learn real life ethical hacking methodology beyond automated vulnerability scans and simple information security tests.
CCNA (Cisco Certified Network Associate) (2009)Cisco
CCNA (Cisco Certified Network Associate) is an IT certification from Cisco. CCNA certification is an associate-level Cisco Career certification. The CCNA Routing and Switching certification covers skills necessary to administer devices on small or medium-sized networks.
CCNA Security (2012)Cisco
CCNA Security validates knowledge of security infrastructure, threats, and vulnerabilities to networks and threat mitigation. Required skills include installation, troubleshooting and monitoring of network devices to maintain the integrity, confidentiality, and availability of data and devices. The CCNA Security courseware holds compliance with the NSA and CNSS training standard of CNSS 4011. By remaining compliant, the CCNA Security program provides the required training for network security professionals who assist private sector entities and federal agencies of the United States, protects their information and aid in the defense of the United States IT infrastructure.
Microsoft Certified Professional (2009)Microsoft
Microsoft Certifications are information technology professional certifications for Microsoft products.
[login to view URL]
- Phone Verified
- Email Verified