Managed enterprise vulnerability management tools (DAST/SAST) to enhance Secure SDLC processes.Implemented security controls across Azure and AWS cloud environments.Led cloud security initiatives, including automating security operations, securing Kubernetes workloads, and integrating security practices across teams.Engineered prevention policies using bot-based rules on Cloudflare's web application firewall.Conducted threat modeling with the MITRE ATT&CK framework to identify and mitigate software vulnerabilities

• Governing the deployment of data security controls for identity management, access control, data protection and to mitigate and reduce the loss and exposure of Genworth Canada’s informational assets.• Recommending strategic security solutions and security control improvements specific to access management and the enhancing the identification of data security events.• Leading technical projects and meet tight timelines while dealing with ongoing support responsibilities.• Providing Technical knowledge/support to automate processes within existing applications and/or other researched solutions to Infrastructure and Internal audit teams• Expanding on threat scenarios and enable added monitoring/blocking to mitigate potential threats.• Coordinating with application and business teams to enable protection services and provide guidance through knowledge of network architecture, domains, policy and processes• Monitor and manage the performance of key vendor partners that support the access management and data protection programs• Ensuring the currency of support documentation, operational playbooks, and data catalogues• Developing and managing configurations and rules deployed as part of Genworth Canada’s IAM and Data Loss Prevention programs.• Working with the IT Security team and key partners to enhance the detection of events involving the loss or exposure of Genworth Canada’s informational assets

• Managing Identity and Access within Windows active directory and Azure for access controls, account lifecycle management, multi-factor authentication and SSO. • Developed security policies surrounding BYOD using NIST 800-124, 1800-4 and access provisioning lifecycle concerning creation, management and deletion of accounts taking NIST 800-63A, 63B into consideration.• Assisted the Director of security in Integrating role-based access control, user provisioning, and reconciliation services with existing applications and systems• Working closely with IT teams to monitor the effectiveness of security and access controls which are implemented to provide least privilege, segregation of duties for all the privileged entities. • Actively involved in configuring MS cloud DLP with content scanning policies to look for sensitive information and determining various governance actions when matches are detected by Cloud DLP.• Worked closely with external auditors in assisting them with access review audits and user entitlement audits.

• Coordinating with Web application developers to develop applications taking STRIDE and DREAD models into consideration and how to come up with procedures and plans to remediate OWASP top 10 vulnerabilities within specific timelines.• Managing Cloud- Based assets by defining requirements to store, access and process data stored in the cloud based on DOD cloud computing security requirements and NIST SP 800-145, 800-144• Worked collaboratively with application development and operations teams in developing unit tests, misuse case tests and interface tests to remediate access elevation attacks and sensitive data exposure• Securing cloud infra such as IaaS, PaaS, SaaS and other on-prem infrastructure such as Linux and windows servers and their backend databases with CIS benchmarks and Cybersecurity best practices.• Assisted personnel with the help of DLP solutions in identifying data leakage such as but not limited to Personally Identifiable Information (PII), confidential, or restricted organization communications along with data classification according to Department of Defense guidelines. • Reviewing Qradar alerts and in regard to access management, sensitive data access, Code Injections, Malware detections and Local worm connections within the network and thus assist in remediation of critical security incidents.• Working in various domains of application & infrastructure security (Firewalls, Intrusion Detection/Prevention Systems, Network Security, Password Management, Data Encryption, and Access Control)

• Implementing various access control models such as DAC, Role Based Access Control, Rule-based access control, Attribute Based Access control and Mandatory access control wherever necessary based on the risk prioritization and Access Control Attacks.• Participated in Business continuity planning which includes BIA and disaster recovery exercises with BC analyst and setting up goals in maintaining the availability of the systems at the time events. • Preparing the network block list coordinating with the Firewall team and reviewing the firewall logs and Access control lists