Amey Dhuri

• Led enterprise Vulnerability Management and Attack Surface Management programs across cloud, infrastructure, andapplication environments.• Reduced critical and high-risk vulnerability exposure by 15-35% through risk-based remediation prioritization.• Improved attack surface visibility by over 10% through asset discovery and exposure management initiatives.• Drove remediation of 1, 000+ vulnerabilities per quarter while reducing MTTR by over 22%. • Identified anddecommissioned orphaned domains and unmanaged assets, reducing external attack surface by 32%.• Established asset attribution framework improving ownership accountability and remediation efficiency.• Managed findings from SAST, DAST, SCA, CI/CD security scans, and Secrets Detection programs.• Managed vulnerability lifecycle and remediation tracking through ServiceNow Vulnerability Response (VR) workflowsand SLA governance.• Supported Exposure Management initiatives by correlating vulnerability data, asset criticality, and external attacksurface exposure.• Performed AWS and Azure security assessments identifying cloud misconfigurations and excessive permissions.• Collaborated with development and infrastructure teams to implement Secure SDLC practices.• Supported security governance initiatives aligned with NIST CSF.• Assisted SOC teams in vulnerability-to-threat correlation and exposure prioritization.• Performed basic malware triage, IOC validation, and threat intelligence enrichment activities.

• Assisted incident investigation and security monitoring functions.
• Developed SOC communication templates and security reporting processes.
• Supported cybersecurity pre-sales and client technical discussions.

• Conducted web application, API, infrastructure, and cloud security assessments.
• Conducted 50+ vulnerability assessments and penetration testing engagements across web applications, APIs, cloud
environments, and enterprise infrastructure.

• Administered McAfee ePO security controls and endpoint security policies.
• Managed Check Point SandBlast malware prevention technologies.
• Supported Zscaler Smokescreen deployment and deception-based security initiatives.