Lead Security Engineer
Flipkart Internet Private Limited
Total years of experience :10 years, 3 Months
Working as Lead Security Engineer in Security Assurance Team and Safeguarding Flipkart Group's digital realm through comprehensive security assessments, proactive threat modeling, and innovative solutions.
Key responsibilities:
- Threat Detection & Mitigation: Led penetration testing and vulnerability management for Flipkart and Group companies, uncovering and remediating security risks.
- Security Architect & Strategist: Reviewed internal cloud platform security controls, architected future-proof security solutions, and integrated third-party security tools (EDR & NDR).
- Proactive Security Champion: Acted as security SPOC for various units, ensuring security best practices were adopted from the design phase onwards.
- M&A Security Integration: Conducted security reviews of new acquisitions like Flipkart Health+ and ANSCommerce, built security enhancement plans, and guided them on security best practices.
- Risk Communication & Management: Built high-visibility security risk signals for stakeholders, developed mitigation approaches, and restricted supply chain risks.
- Continuous Security Assurance: Ran regular vulnerability assessments and penetration testing for corporate and production networks and applications.
Worked as Penetration Tester for Clients of 7Safe Uncovering security vulnerabilities and strengthening defenses through comprehensive on-site assessments and targeted penetration testing.
Key Activities:
- On-site Security Assessments: Conducted in-depth evaluations of client servers, network devices, and applications, identifying and documenting security risks.
- Security Consulting: Collaborated with clients to understand their security needs and deliver tailored security solutions through consulting engagements.
- Web Application Penetration Testing: Simulated real-world cyberattacks to identify and exploit web application vulnerabilities, prioritizing critical issues for remediation.
- Network Security Reviews: Assessed the security posture of firewalls, routers, and other network components, recommending hardening measures to improve defenses.
- Comprehensive Security Assessments: Performed holistic evaluations of client IT infrastructure, encompassing servers, networks, and applications, to provide a comprehensive understanding of their security posture
Worked as Technical Services Specialist with IBM Managed Security Services and Streamlined vulnerability management for clients, minimizing attack surfaces and enhancing security posture.
Key responsibilities:
- Vulnerability Management Analyst: Led vulnerability management efforts for client engagements, ensuring timely identification, prioritization, and remediation of security risks.
- Cross-functional Collaboration: Partnered with diverse teams to implement effective scanning and remediation strategies for network and web applications.
- Policy Optimization: Designed and refined vulnerability assessment (VA) scan policies, tailoring them to client specific needs and enterprise asset profiles.
- End-to-End Ownership: Managed the entire vulnerability management lifecycle, from design and implementation to ongoing BAU activities.
- Proactive Threat Detection: Spearheaded the rapid identification and mitigation of new vulnerabilities, minimizing exposure to potential attacks.
Worked as Technical Lead at Corporate Security Operations Center
Key Responsibilities:
Led and executed enterprise-wide vulnerability
management using Nexpose:
- Designed the architecture, resourcing, and global deployment of Nexose VAs.
- Managed the tool’s lifecycle, including policy creation, template customization, and user administration.
- Conducted penetration testing of security products, web apps, and servers using Metasploit.
Proven expertise in threat response and mitigation:
- Led malware incident response, forensics, and mitigation for internal and client systems.
- Possess over a year of experience in malware analysis and mitigation techniques.
Demonstrated experience in security research and experimentation:
- Led a Proof-of-Concept (PoC) for Microsoft EMET to enhance mitigation capabilities.
- Successfully implemented a PoC for Security Onion within the enterprise.
- Utilized Bro, tcpdump, and Wireshark for packet analysis and network monitoring.
- Developed Python scripts to automate security tasks and improve efficiency.
Strong working knowledge of intrusion detection systems
(IDS):
- Possess working knowledge of Snort IDS and Suricata for network intrusion detection.
Additional expertise:
- Analyzed and responded to numerous malware incidents, conducting comprehensive forensic investigations.
- Implemented evasive security techniques to enhance enterprise infrastructure security.
• LINUX Administration from MNNIT, Allahabad for 5 Weeks. • EHCE from Zoom Technologies, Hyderabad for 4 Week. • Chief Coordinator of Annual Departmental Festival DREAMAX • Coordinator of Gaming Event in National Technical and Cultural Event “SOMINUM” organized at MJP Rohilkhand University Campus. • Development of a Web Content Filtering System in the Central Computing Centre. • Installation and Management of Linux Servers. • Development and Installation of Private Cloud Infrastructure in the Central Computing Centre. • Management of University CISCO ASA Firewall.