Profile image of deepak2k10
@deepak2k10
Flag of India Mumbai, India
Member since July 21, 2011
0 Recommendations

deepak2k10

Online Offline
Information Security Professional with more than five years of IT Security experience whose qualifications include a Master of Engineering degree in IT with specialization of Information Security & Ethical Hacking; CISSP, ECSA/LPT, Ec-Council CEH, CCNP Security, CCNA Security, CCNA, Microsoft MCP, MCSA, ISO 27001:2005 LA/LI; and detailed knowledge of security tools, technologies and best practices. Five plus years of experience in executing Information Security Consulting assignments for global customers in various domains of information security such as Penetration Testing of networks & web applications, Incident handling & response, Malware Analysis, Incident Analysis, Threat Analysis for protecting networks, systems and information assets for diverse companies and organizations, Vulnerability Research, Risk & Vulnerability Management, Secure Coding & Secure Code Review, Wireless Network security, ERP Systems (i.e. SAP, Oracle etc.) Security, Enterprise Security Architecture, Designing, Deploying and Implementing Enterprise level Security Systems as per business requirements using various aspects i.e. SIEM, IDS, IPS, Firewall, Data Leakage Prevention etc. Playing lead role in client engagements.
$10 USD/hr
2 reviews
1.4
  • 100%Jobs Completed
  • 100%On Budget
  • 100%On Time
  • 25%Repeat Hire Rate

Portfolio

Recent Reviews

Experience

Technical Lead - Information Security

Oct 2014

• Handling Technical Risk Management Program for whole organization • Security Testing of Web Applications based on OWASP/WASC/SANS and other vulnerabilities • Vulnerability Assessment and Penetration Testing • Initiating & Setup various Enterprise Security Programs as per business requirements in organization i.e. DLP, AV, Log Monitoring, Encryption Technology, SSL, Risk Management, Proxy, email security etc. • Risk Assessment & Threat Modeling for critical IT system and applications • Checklist based technical audit (based on ISO 27001,NIST and other standards) • Manual & Automated Source code review and False Positive Analysis of reports • Implementing Secure Coding & Programming Principles and Process • Security Architecture review & consulting • Vulnerability tracking management, remediation follow up & assistance to various teams for mitigation techniques • Handling Data Leakage Prevention Program • Handling Antivirus Management Program • Handling Information Security Education & Awareness Program

Security Analyst

Oct 2012 - Oct 2014 (2 years)

• Security Testing of Web Applications based on OWASP/WASC/SANS and other vulnerabilities • Vulnerability Assessment and Penetration Testing • Handling Automated DAST and SAST program with various commercial tools • Handling SAST (Static Application Security Testing) program with HP Fortify, Checkmarx and IBM Appscan commercial tools • Manual & Automated Source code review and False Positive Analysis of reports • Handling DAST (Dynamic Application Security Testing) program with HP Webinspect, Acunetix and Qualys WAS commercial tools • False Positive Analysis of reports generated by Acunetix, Qualys WAS and HP WebInspect • Handling Enterprise Vulnerability management program • Vulnerability remediation & assistance to various teams for mitigation

Information Security Consultant

Oct 2011 - Sep 2012 (11 months)

• Auditing/Security Testing of Web Applications based on OWASP/WASC/SANS • Vulnerability Assessment and Penetration Testing of Web Application & Networks • Auditing of IT Infrastructure/Data Centers (Banks, ERP Audit etc.) based on ISO 27001 and RBI guidelines • Configuring and maintenance of Routers, Switches, Firewalls, IDS/IPS. • SIEM tool for Threat Management (Trustwave and other open sources). • Handling SOC (Security Operation Center) • Patch and configuration management. • Log Monitoring and Preparing status reports • Support to marketing team in terms of clarity of services, joint discussions, and customer meetings.

Information Security Consultant

Apr 2010 - Sep 2011 (1 year)

• Web sites Security Testing based on OWASP Top 10 (Automated and Manual) • Vulnerability Assessment and Penetration Testing (Automated and Manual) • Develop Secure Network Infrastructure • Configuring and maintenance of Switches/Firewalls. • Malware Coding & Malware Analysis • Develop Malware Signature and Create Firewall and IDS Rules • Research on Exploit Development • Daily onsite – offshore status reporting and team management

Education

Master of Engineering in Information Security & Ethical Hacking

2008 - 2010 (2 years)

Bachelor of Engineering in Information Technology

2004 - 2008 (4 years)

Qualifications

EC–Council Certified Security Analyst (ECSA) (2015)

EC–Council

The EC–Council Certified Security Analyst (ECSA) program is a comprehensive, standards-based, methodology intensive training program which teaches information security professionals to conduct real life penetration tests by utilizing EC-Council’s published penetration testing methodology.

• Certified Ethical Hacker (EC Council-C|EH) (2012)

EC Council

The most advanced ethical hacking course in the world that covers cutting edge of hacking technology. EC-Council researchers go deep underground covertly to extract advanced attacks and exploits. They analyze how hackers operate and present detailed illustrated hacking methodologies to defense community. The certified ethical hacker training class deals with real life scenario and real threats by real life experts in the field. Learn real life ethical hacking methodology beyond automated vulnerability scans and simple information security tests.

CCNA (Cisco Certified Network Associate) (2009)

Cisco

CCNA (Cisco Certified Network Associate) is an IT certification from Cisco. CCNA certification is an associate-level Cisco Career certification. The CCNA Routing and Switching certification covers skills necessary to administer devices on small or medium-sized networks.

CCNA Security (2012)

Cisco

CCNA Security validates knowledge of security infrastructure, threats, and vulnerabilities to networks and threat mitigation. Required skills include installation, troubleshooting and monitoring of network devices to maintain the integrity, confidentiality, and availability of data and devices. The CCNA Security courseware holds compliance with the NSA and CNSS training standard of CNSS 4011. By remaining compliant, the CCNA Security program provides the required training for network security professionals who assist private sector entities and federal agencies of the United States, protects their information and aid in the defense of the United States IT infrastructure.

Microsoft Certified Professional (2009)

Microsoft

Microsoft Certifications are information technology professional certifications for Microsoft products.

Publications

CVE-2014-3246

[url removed, login to view]

Verifications

  • Facebook Connected
  • Preferred Freelancer
  • Payment Verified
  • Phone Verified
  • Identity Verified
  • Email Verified

My Top Skills

Browse Similar Freelancers