Security Consultant - Cyber Strategic & Risk
Deloitte USI
Total years of experience :5 years, 5 Months
Key Deliverables:
• Developed and implemented strategic security plans to protect organizational assets and sensitive information.
• Aligned security strategies with business objectives, ensuring a balance between risk mitigation and operational efficiency.
• Worked for Threat and Vulnerability management team in managed Security services to perform vulnerability assessments and identify OS/ application security weakness
• Executed CIS level-1 configuration scans for golden images.
• Scrutinised and performed vulnerability scans on out-of-band vulnerabilities.
• Reinforced the remediation team for installing troubleshooting Qualys Cloud agent in AWS & Azure VMs
• Chased and monitored the open reported vulnerabilities using Power BI Dashboards both weekly and monthly
• Developed and updated security policies, procedures, and guidelines based on industry standards and best practices.
• Ensured compliance with regulatory requirements and communicated changes to relevant stakeholders.
• Designed and delivered security awareness training programs for employees, promoting a culture of cybersecurity vigilance.
• Provided guidance during security incidents, coordinating response efforts to minimize impact.
• Conducted comprehensive cyber risk assessments for clients, identifying potential vulnerabilities and threats.
• Collaborated with stakeholders to prioritize risks and develop strategies for mitigation.
Key Deliverables:
• Conducted a vulnerability assessment using Qualys on the organizations managed network devices, covering switches, routers, endpoint devices, servers, and other network devices. Nmap was used to perform sporadic penetration testing on network devices.
• Implemented updates and patches to ensure the security of systems and networks.
• Ensured that security measures were integrated into the architecture of new systems and projects.
• Evaluated and selected security tools and technologies to enhance the organizations security capabilities.
• Steered and participated in the execution of large-scale initiatives such as the Skybox security suite, which minimized the need for human labour in carrying out security compliance evaluations utilizing security standards (a blend of NIST and ISO 27001 standards).
• Conducted security audits to assess compliance with internal policies and supported for external security audits.
• Knowledgeable about risk acceptance, remediation, and mitigation for the closure of audits using the GRC Archer tool for NCs documentation, support network, and delivery teams.
URL removed due to policy violation. Please contact support for further information.