Assistant Manager
Deloitte Touché Tohmatsu India LLP
Total des années d'expérience :9 years, 8 Mois
Technical Consultant for Tamil Nadu state Data Centre and carried out more than 7 half-
yearly audits which includes SLA Monitoring audit, Infrastructure audit, Operations &
Management audit and Security & Compliance audit.
Responsible for accessing the security posture of Infrastructure, platforms and processes,
applications to protect and continually improve CIA of Information systems in accordance
with State Data Centre objectives, regulatory requirements, and strategic goals.
Performed vulnerability assessment and penetration testing for entire Government data
centre across India.
Carried out VAPT testing for more than 200 applications such as e-Governance applications
for State Data Centres in Tamil Nadu, BoltOn & NICI applications, etc.,
Created and published comprehensive assessment reports, which includes detailed POCs of
vulnerabilities identified during the assessment, severity rating based on the impact and
ease of exploitation, and detailed recommendations for all the identified risks for multiple
clients.
Carried out Quarterly and Half Yearly Security compliance audit at TNSDC as per ISO/IEC
27001 standards.
Tested new applications hosted in TNSDC and providing safe to host certificates and
reviewed the third-party security compliance certificates from CERT-in empanelled agency.
Prepared and maintained the template for VAPT activity which includes determining the
requirements, performing actual test, and carrying out follow up activities and the same
template is being utilized across the team in other centres.
As a key Security Lead responsible for conducting and completing Enterprise Risk
Assessment and Technical Risk Assessment and suggested reasonable control measures to
bring the risk down to the acceptable level based on risk impact rating.
Carried out the risk assessments based on the risk Impact rating and suggested reasonable
control measures to bring the risk down to the acceptable level.
Reviewed the Enterprise management systems (CA), analysed the configurations and
reviewed the complete CA suite.
Reviewed the process of Change Management, Internal Audit, Configuration Management,
Capacity and Availability Management.
Technical consultation with the clients and keep them updated with the current
technological advancements to improve the system efficiency.
Maintained a CAPA (Corrective and prevention Action) tracker for the VAPT activities that
were completed for the different data centre across the States (Tools used- Acunetix,
Nessus).
Reviewed server patches and OS hardening on Windows and Linux platforms.
Maintained a separate patch database for windows and Linux that were released (Including
the zero-day attacks). Ensured the required patches were applied to the system. A separate
Tracker for patch management had been maintained for the complete data centre across the
States.
Performed Vulnerability Assessment/Penetration Testing for Web and Infrastructure.
Discovered various findings such as Application security vulnerabilities, business logic flaws,
broken authentication, etc.
Performed Risk Assessment and risk evaluation. Develop, improve and help implement best
practices for risk reduction across a broad range of enterprise applications, systems,
networks, and interfaces.
Performed network traffic analysis using raw packet data captured by Wireshark, T-shark,
TCP Dump and PCAP Libraries.
Liaised with clients to implement system security measures, facilitate for the preparation of
computer security plans and documentation, and provides technical guidance and training.
Developed gateway (reverse-proxy) software for mitigation of DDoS attacks in OSI Layer 3
and Layer 4.
Developed flooding attack script for DDoS attack testing using python and Run the
automated testing tools over a public network by using packETH tool, Hping3, LOIC tools to
analyse the output.
Performed Digital Forensic analysis to retrieve the information from storage devices using
Autopsy, Forensic Tool Kit and Volatility.
Developed and Deployed linear complexity algorithm to check key strength and tested LFSR
value from remote machine and Analysed the complexity with Berlekamp-Massey algorithm.
Implemented an algorithm based on Chinese reminder theorem (CRT). It shows better
performance than the naive based modular exponentiation computation.
* Responsible for installation, troubleshoot & repair of inverter system for domestic, educational institution and industrial customers.
* Managed daily Customer complaint activities with respect to branch service
Project: Designed and Developed Moving Target Defence (MTD) mechanism that secures Cloud hosted services for authenticated client against flooding DDoS attacks.