June 2019 - Current

Senior Security Analyst

KPMG India

KPMG’s Global Security Operations Center (GSOC) helps defend more than 120 KPMG Member Firms from cyber-attacks, through timely detection, investigation, and remediation of potential threats.

  • Within this project, I am responsible for the continuous investigation of correlated security event feeds and the appropriate escalation in case of an identified security incident. I also take part in the creation and steady improvement (fine-tuning, white-listing, etc.) of correlation rules, security policies, processes and procedures, and other related documentation.
  • Also responsible for regular Threat Hunting and monitoring activities with several kinds of security monitoring solutions such as antivirus software, network security monitoring, data loss prevention, network intrusion detection, insider threat detection, and other security tools such as RSA Netwitness, RSA Archer, Proof Point, etc. Gather event logs from as many places as possible and make sure all required remediation actions are performed against every security threat to the organization.
  • Handling team of 8 people as Backup Shift Lead and co-ordinating with more than 40 other Analysts. Working together and making sure all the assigned tasks are completed within given SLAs.

Skills & Accomplishments:

  • I was able to open the first-ever P1 level severity incident using Threat Hunting techniques.
  • Suggested multiple use cases for Incident Alerting and Monitoring activities.
  • Awarded as Best Threat Hunter of Global Security Operations Center at KPMG India.
  • Appreciated by KPMG Management and Partners for outstanding Investigation and Monitoring skills several times.
  • Encountered with a functional bug in ProofPoint tool while working and reported it to their security team.

Jan 2019 - June 2019

Cyber Security Analyst (InfoSec Ventures)

Key Result Areas:

  • Web Application Penetration Testing and Security Assessment of various banking applications and E-Commerce Portals.
  • Involved in understanding the applications, threat profiling, penetration testing, categorizing the risks, suggesting mitigations, preparation of reports, and follow-up until vulnerabilities are closed.
  • Conducting vulnerability assessments and penetration testing for multiple Onsite projects.

Skills & Accomplishment:

  • Worked on various live projects and got Trained by highly Experienced and Professional Cyber Security Experts.
  • More focused on Manual Penetration Testing as per OWASP Standards.
  • Working with Exploits, Password Attacks, Web Application Attacks.
  • Found a very high severity bug in Banking Application which resulted in generating money out of thin air.

Nov 2017 - Jan 2019

Chief Operational Officer

Bitlevel International Data Recovery

  • Setting up and securing websites for clients with different Content Management Systems like WordPress, Joomla, Drupal.
  • Timely Vulnerability Assessments for clients as per OWASP Standards.
  • Black box and Grey box penetration testing on several Mobile Applications for clients.
  • Secured multiple E-commerce and shopping websites.
  • Managing team of 4 and achieving project goals as per plans.

July 2017 - Aug 2017

Cyber Security Intern

Gurugram Cyber Crime Police

I was able to secure a spot with 80 others out of 10,000+ applicants and got trained by Gurugram Cyber Police.

  • Covered a wide variety of topics, starting from basics and then leading up to compliance standards.
  • Case studies of various online cyber crimes like Mobile Crimes, Email Crimes, Social Media Crimes, Ecommerce Crimes, Website Hacking cases were discussed and explained with investigations.
  • Gave a presentation on “Email Phishing Attacks and Preventions”
  • Reported a live bug on Digital4n6Journal while the Presentor was giving a talk on the same and got highly appreciated.

Jan 2017 - July 2017

Cyber Security Intern

A&R Info. Security Solutions Pvt. Ltd.

Started my professional cybersecurity career with this startup by renowned Cyber Security Expert, Mr. Rakshit Tandon and worked under his guidelines.

  • Learned the professional ways of Ethical hacking practices and gained a comprehensive understanding of vulnerability and penetration testing using different types of tools.
  • Got a chance to investigate one of the biggest Online Scam i.e Social Trade.