Security Engineer with 5+ years in Vulnerability Management & Attack Surface Management
AI is analyzing your overall score…
Identifying your key strengths…
Evaluating your skill match against the job requirements…
Assessing your cultural and operational fit
Skilled Cyber Security Engineer with 5+ years of hands-on experience in the field. Specialized in Vulnerability Assessment and Vulnerability Management, Attack Surface Management, Endpoint Security, OT/IoT Security, Emerging Threats, Threat Analysis, Email Security, Security Operations Center (SOC), Security Information and Event Management (SIEM), Information Security, and Incident Queue Monitoring. Highly skilled in conducting comprehensive Vulnerability Assessments across diverse platforms including On-Premises and Cloud Servers, network devices, endpoint devices, and web applications. Proficient in Tenable.io implementation and possesses practical knowledge of web application and network penetration testing.
Maharana Pratap Engineering College, Kanpur (Dr. A. P. J. Abdul Kalam Technical University, Lucknow)
B-Tech · Computer Science and Engineering
August 1, 2016 – July 1, 2020
Accenture
Security Delivery Analyst
July 1, 2024 – Present
India
Coforge Ltd.
Senior Associate – Cyber Security Services
December 1, 2020 – July 1, 2024
India
Cencora
July 1, 2024 – Present
Conducted rigorous Vulnerability Assessments on on-premises and cloud infrastructures utilizing Qualys. Spearheaded the implementation of CIS non-compliance scans across on-premises environments and led remediation workflows for cloud infrastructure misconfigurations across Azure and AWS platforms using the Wiz Platform. Utilized native and third-party security tools to enforce rigorous security baselines across diverse infrastructure deployment models. Produced comprehensive analytical policy compliance reports mapping Windows and Linux system configurations against CIS Benchmarks and PCI DSS regulatory standards. Bridged the gap between technical system configurations and strict regulatory mandates to fortify overall corporate governance. Assessed and prioritized structural flaws using the DREAD threat modeling framework to elevate overall security posture. Leveraged Zafran Security's AI-driven CTEM platform to reduce critical organizational risk by correlating existing security controls and streamlining engineering remediation efforts. Proactively monitored and countered Emerging Threats (including Zero-Days, newly published CVEs, Microsoft Patch Tuesday updates, and vendor advisories). Managed external attack surface exposures and aggressively mitigated active perimeter threats via the IONIX platform. Expertly managed the Microsoft Defender XDR suite, executing advanced threat hunting, phishing simulations, risk score management, endpoint protection, and platform vulnerability management. Continuously monitored operational technology and IoT environments leveraging the Armis tool to achieve real-time asset visibility and proactive risk mitigation. Strengthened the data compliance posture of the Salesforce environment utilizing AppOmni to remediate configuration gaps and policy issues. Enhanced third-party vendor security structures by managing the Black Kite TPRM platform to evaluate risks across corporate subsidiaries. Conducted weekly follow-ups with cross-functional technical teams to track remediation lifecycles and delivered comprehensive Monthly Metrics to client leadership.
Channel4
December 1, 2020 – July 1, 2024
Acted as a Subject-Matter Expert (SME) for vulnerability assessment and management. Led Vulnerability Assessments and Baseline Security Evaluations across enterprise infrastructure using Tenable.io, Nessus Professional, and native cloud services. Strengthened AWS cloud architectures utilizing native tools including AWS Inspector, Security Hub (for CIS Non-Compliance Scanning), and GuardDuty to bolster the infrastructure's overall security barrier. Led the Proof of Concept (POC) and successful enterprise implementation of Tenable.io within a complex AWS cloud environment. Authored Standard Operating Procedures (SOPs) and operational handbooks for Tenable.io/Nessus deployment, and conducted Knowledge Transfer (KT) sessions for internal team alignment. Managed the IBM QRadar SIEM platform, focusing on specialized rule creation and correlation optimization to ensure swift detection, alerting, and incident response. Contributed to Threat Intelligence workflows by leveraging Recorded Future to establish watchlists, monitor alerts, and enact protective actions to safeguard brand integrity and mitigate third-party risks. Expertly administered Microsoft Defender XDR for advanced threat hunting, endpoint security, and attack surface reduction (ASR rules). Produced comprehensive analytical reports detailing identified vulnerabilities, CIS non-compliance findings, and regulatory policy adherence (PCI DSS). Managed risk mitigation lifecycles by logging critical vulnerabilities into the corporate Risk/Exception Register, facilitated weekly remediation synchronization meetings, and provided status updates to clients.
Cultural Fit Analysis
The candidate's project diversity across Cencora and Channel4, coupled with their experience in various security domains (VA/VM, Cloud Security, SIEM, Threat Intelligence, TPRM), indicates a broad skill set and adaptability. Their role as an SME and involvement in POCs and enterprise implementations suggest a proactive and leadership-oriented approach, aligning well with a dynamic security environment. The continuous learning implied by monitoring emerging threats also points to a good cultural fit for an evolving security landscape.
Soft Skills & Operational Fit
The candidate demonstrates strong operational fit through their detailed descriptions of managing remediation lifecycles, conducting knowledge transfer sessions, authoring SOPs, and facilitating stakeholder meetings. This indicates a proactive and collaborative approach to security operations. The emphasis on reporting and metrics also suggests a results-oriented mindset.