- Responsible for defining, ratifying and maintaining a formal Threat & Vulnerability Management Program; and framework that defines the vulnerability priorities aligned with business criticality.- Develop and present business cases to Management to improve security posture to effectively mitigate advanced threats.- Defined the customized control sets for the Policy compliance as per the Company standards.- Conducting the Risk Assessment with Vulnerability Assessment and Penetration Testing tools (such as Accunetix, Nessus, Metasploit, Checkmarx, etc.,) and providing detailed Risk Assessment report with Mitigation measures.- Driving the Cyber Security Standards development, during adoption of emerging IT platforms and technologies for Customer.- Provide remediation consulting service to client’s risk treatment plans on security issues identified during adoption of new technology, internal & external assessment findings and regulatory updates by collaborating with developers, business and system owners.- Delivered specialized training for the team mates on Network Security and Application security using various tools as well as the manual penetration testing. Delivered information security awareness sessions covering both the process and system component security.

- Lead a team to communicate known vulnerabilities and threats in the system and environments to business owners.- Conduct technical security assessments with penetration testing of business applications (OWASP, WASC, SANS-25), technology infrastructures, perimeters, mobility solutions, configuration review, threat modeling, source code audits and application and network Security Architecture and Design reviews (SAD) for global customers.- Manage and execute Vulnerability Management and Policy Compliance programs and Oversee Privileged Account Management and SIEM projects for a large financial organization.- New Product Security evaluation of all licensed apps and new vendor SaaS products prior to the vendor on-boarding, covers multi- tenant architectures, data segmentation/encryption, service interface, platform security, SAML/OAuth SSO integration for apps, penetration testing of web app, mobile app and web-service interface.

- Cyber Risk services delivered to business and technology stakeholders, include assessments to determine the risks pertaining to enterprise application and cyber architectures followed with remediation advisory and risk governance.- Provide Security consultancy to the IT organization on a project basis, potentially being assigned to multiple projects for a period of time, or duration of project.- Drive Security improvements activities based on conducted Security assurance reviews.- Work with IT organizations to ensure IT Security standards, policies and procedures are fit for purpose and effectively applied in IT projects, systems, products and services.- Deliver consistent set of Security advice that is aligned with the Security standards and aligned with the business risk appetite.- Undertaking technical information security incident response, investigations, gathering and analyzing data, writing up findings and making recommendations aligned with industry best practice for information security.- Perform manual penetration testing of client system & Network to discover vulnerabilities. Assessing application & security controls against black/grey/whitebox attacks using both manual & automated penetration techniques. Involved in daily operational service monitoring activities over the SOC security infrastructure.

- Analyzes and assesses vulnerabilities in the infrastructure (software, hardware, networks), investigates available tools and countermeasures to remedy the detected vulnerabilities, and recommends solutions and best practices.- Performs security monitoring, security and data/logs analysis, and forensic analysis, to detect security incidents, and mounts incident response.- Investigates and utilizes new technologies and processes to enhance security capabilities and implement the improvements.- Analyzes and assesses damage to the data/infrastructure as a result of security incidents, examines available recovery tools and processes, and recommends solutions.- Tests for compliance with security policies and procedures.- May assist in the creation, implementation, and/or management of security solutions.- Scans for, identifies and assesses vulnerabilities in IT systems including computers, networks, software systems, information systems, and applications software.

• Investigate potential or actual security violations or incidents in an effort to identify issues and areas that require new security measures or policy changes.• Log Analysis with IT regulatory compliance.• Remote management and monitoring of the customer security devices Firewalls, Intrusion Prevention Systems and Critical Servers using SIEM tool RSA envision, Security Analytics, ArcSight.• Alerting customer if any security breaches, Preparation of daily, weekly and monthly reports • correlates the events to find the critical incident, Rule binding, VA/PT