Expert Details
Cyber Security, IT, FinTech Cloud Security & Digital Security
ID: 739563
India
Notable achievements include the successful implementation of a Next Generation SOC, incorporating advanced features such as UEBA (User Entity Behavior Analytics) and SOAR (Security Orchestration And Automation). Expert has also demonstrated prowess in cloud technologies, having implemented Google Cloud Platform (GCP) solutions, including Disaster Recovery Plans and robust monitoring mechanisms.
His expertise extends to various security tools and solutions, including McAfee EPO, and he's played a pivotal role in projects such as the NIC Security Program across 27 districts and the delivery of the NAMS project to clients like PHQ (Delivery Headquarters). A standout in cyber security sales, he has proven his ability to formulate and lead technical and functional product sales strategies, catering to customer needs and driving successful deliveries. He's led implementations of cyber security products across major platforms like IBM, Azure, and AWS, ensuring real-time data availability, transformation, and collection.
With a focus on innovation, Expert has championed the establishment of NIC's Security Standards, enhancing the state's cyber security posture through adherence to frameworks like ISO 27001 and NIST. He has deep experience in a range of security tools, including SIEM solutions like LogRhythm, Splunk, IBM QRadar, ArcSight, and RSA NetWitness.
His technical leadership extends to managing teams and projects, including security incident management. His expertise spans network and host-based intrusion detection systems, vulnerability assessment, penetration testing, and more. Furthermore, Expert has played a pivotal role in imparting security education to over 150 end-users and 800 NIC employees, demonstrating their commitment to raising awareness and best practices within the organization.
He is a specialist in Identity Access Management (IAM), and possesses deep knowledge of IAM standards, including multi-factor authentication, single sign-on (SSO), and access management. He is also adept at handling secure software development lifecycles (SDLC) and secure CI/CD processes. With a hands-on approach to various technologies, including Linux, RedHat, LXD containers, and Kubernetes, Expert is well-equipped to architect secure IT storage and network solutions.
Education
| Year | Degree | Subject | Institution |
|---|---|---|---|
| Year: 2006 | Degree: BE | Subject: Information Technology | Institution: G.G.D.U University Krindul |
Work History
| Years | Employer | Title | Department |
|---|---|---|---|
| Years: 2022 to Present | Employer: Undisclosed | Title: Vice President, Cyber & Cloud Security | Department: |
Responsibilities:Working on several projects focusing on cyber security, cloud security, and more. Full list of ongoing projects available at request. |
|||
| Years | Employer | Title | Department |
| Years: 2021 to 2022 | Employer: Deloitte | Title: Senior Principal Architect | Department: |
Responsibilities:• Managing SOC Team of 16 members - Analyze alerts from SIEM and reduce Downtime and ensure Business continuity.• Designing Public Key Infrastructure, Certification Authority and Digital signature and IT Access needs & strong security protocols, Authentication and Security role in NIC'S sales sector. • Handling Maintaining & Implemented NIC Next Gen SOC & Leading SOC team with 13 members. • Business-driven with a thorough and proven understanding of Banking activities and products. • Perform IT General Control Assessment & Information security Risk Assessment. • Developing policies, procedures, standards and guidelines as per security practices. • Able to translate information security requirements into business needs and vice versa. • Executing the projects to explain the VAPT findings to technical and non-technical teams. • Track and coordinating with different teams to close the risk identified during VAPT exercise. • Solid understanding of Information Security Standards and compliance like ISO 27001, PCI DSS, OWASP, NIST. • Undertaking structured analysis of vendor proposals for the supply of new InfoSec solutions in close collaboration with the concerned business unit. • Preparing plan for the complete project lifecycle of assigned projects and for the update of these plans during that lifecycle. • Accountable for the identification and management of project risks for each given project. • Ability to draft Information Security Awareness Newsletters and training materials. • Proficient in Installing, Configuring & Troubleshooting of an Openstack System. • Interact with Linux Shell Scripting to execute various programming administration. • Designing, Packaging & Configuration and site checks, cloud Deploying for Openstack. • Deploying Creating & Managing Configuration LXD Container and Troubleshooting all Storage based backends. • Extensible Full Machine System Functionality Storage and Networking with Performance and concurrency. • Providing Centralized nature of Cloud Computation In DevOps Automation with standard and centralized platform of Testing Deployment and Production. • Manage Cloud Architecture and Hardware setup required to run Openstack platform. • Cloud LOAD BALANCING, Enabling FAULT TOLERANCE in cloud computing in private or Hosted Environment. Ability to provide Service to Underlying applications even after the failure of one or more component. |
|||
| Years | Employer | Title | Department |
| Years: 2016 to 2021 | Employer: Wipro | Title: Information Security Analyst & Project Manager, Cyber Security | Department: |
Responsibilities:• Experienced as an analyst (Help Information Security in analyzing alerts deep analysis, determine nature of attack and systems and data affected, SOC reports, Liaison with SOC Vendor, reduce signal to noise ratio, improve MTTR).• Well Experienced in developing content in Splunk searches, alerts (including POC and tuning), dashboards, Apps. • Experience of Security Incident and Event Management (SIEM) tools (Splunk) ingesting data (Forwarders, HTTP Event Collectors, add-ons), troubleshooting Splunk Installation. • Expertise in Endpoint security (EDR) Detection and Response. Help create policies and SOP for Response workflow. Experience in Cortex XDR preferred. • Hands-on experience with vulnerability management tools and strong technical understanding and experience assessing vulnerabilities and identifying weaknesses in multiple operating system platforms, database, and application servers. • Expanding with end to end PCI audit compliance in Security evaluation of third-party tools. • Worked with E-mail Security and running phishing campaign • Handling Incident Management at NIC CENTER. • Experience in system and network security & Performing Network Penetration testing with supporting PCI compliance and GDPR programs. • Well- Expert in continuous security infrastructure monitoring tools of Security development, computer networks and Internet threat activity. • Excellent experience engaging with executive and technical audiences Previous enterprise or platform/cloud vulnerability management with Cloud Security. |
|||
| Years | Employer | Title | Department |
| Years: 2010 to 2012 | Employer: 31 Infotech | Title: Engineer, Information Security | Department: |
Responsibilities:• Establishing and implementing Security best practices within the database environment.• Configured and distributed Corporate level – directed software security upgrades using automated networks Utilities. • Perform password complexity checks to ensure compliance with security standards and Implement an in house built host data Collection tool to identify anomalous activity. • Perform cyber-threat hunting process of proactively identifying internal risk that might exist in IT infrastructure. • Monitor outside intelligence source to identify emerging threats and associated protection and determines how they apply to the enterprise environment. • Serve as security engineer in responding to information security enables and performance of initial Diagnostics. • Evaluates and recommends new and emerging security solution at best practices. • Implements an enterprise-wide definition of security establishing and maintaining data network and system security- related infrastructure and application and processing. • Developed a simulated environment model to measure the effect of different network attacks. • Implement system recovery procedure to minimize losses should anon attack occur. • Update cyber security protocol and develop effective training procedure. • Implement system recovery procedures to minimize losses should an attack occur. • Customization as server and communication with windows (Samba) & Linux machines (NFS, FTP). |
|||
| Years | Employer | Title | Department |
| Years: 2006 to 2010 | Employer: RM Infotech Pvt. Ltd. | Title: Assistant Engineer | Department: |
Responsibilities:• Startup installation, execution, commissioning & managing and maintaining projects as a Linux administrator.• Handle system programming and plant integration, designed, programmed, operated and maintained devices. • Excellent ability to code and design to specifications, to manage projects and meet milestones. • Worked with software development process using planning and a daily scrum to manage the task. • Led implementation of quality and reconciliation activities for district sites, the third-party service to provide comprehensive data validation to ensure data accuracy and integrity. • Establish implementation strategy for software, integration and data review toolkits within an existing end to end business processes. • Technical implementation for the software tools and integration to be used in data collection and processing. • Design, build, maintenance of software utilities for data acquisition and data management. • Design and document operational processes for adoption of new and updated software utilities and integrations. |
|||
Career Accomplishments
| Licenses / Certifications |
|---|
| • CCIE SECURITY CERTIFIED SECURITY EXPERT) (CISCO) • (CISSP) Certified Information System Security Professional. • (RHCSS) Red Hat Certified Security Specialist • REDHAT CERTIFIED SERVER SPECIALIST & ( RHCE) Red Hat Certified Engineer. • RHCE & RHCT |
Additional Experience
| Training / Seminars |
|---|
| • (OWASP) Open Web Application Security Project. • (CHE) Certified Ethical Hacker. • (CCSP) Certified Cloud Security Professional. • PMP(Project Management Professional) |
| Other Relevant Experience |
|---|