Upload
gaurav-parmar
View
75
Download
2
Embed Size (px)
Citation preview
GAURAV D PARMAR India: +91-9860487677 [email protected]
INTRODUCTION
Meticulous Information Security Engineer, who undertakes Complex Assignments, meets tight deadlines and delivers Superior Performance. Possesses 6.2 years of Practical Knowledge Comprising of Security operations, Infrastructure Security, Vulnerability Assessment and Web Application Security Testing . CEH V7 Certified, PCI-DSS Implementation Certified. Applies Strong knowledge of Security Trends and best Practices to help ensure smoothness in the daily Security operations for the Company . Operates with a Strong sense of Urgency and thrives in a fast-paced setting. Fluent in English.
Core Competencies Include:
Team Handling , Web Application Security Testing, Vulnerability Assessment , PCI-DSS Certified ,SSL Certificates ,Managed PKI for SSL Administrator, Websense Web Security Gateway, Symantec Endpoint Protection 11 and 12 , Cisco ScanSafe - Cloud based Web Security, Cisco ASA Firewall and VPN, Bluecoat Proxy, RSA Authentication Manager.
PROFESSIONAL EXPERIENCE
COMPANY :: IBM INDIA PVT LTD.
CLIENT :: Idea Cellular Pvt Ltd. 2014 - Present
Security and Risk Management Consultant ::
Working as Security and Risk Management consultant responsible for Vulnerability assessment using Nessus VA Scanner and Application Security Testing for Business Critical Applications.
Leading the team of Vulnerability assessment and Web Application Security testing. Involved in working with Vendor in implementing Pentest in the Organisation Infrastructure. Coordinating with different service owners to get the vulnerabilities remediated and patched. Explaining the impact / Criticality of the Vulnerabilities to the customer along with the possible
remediation.
Managing Application Security throughout application life cycle for 150+ applications Security Incident management and Monitoring is done on daily basis for all the projects there
with us at that moment of time.This includes timely tracker creation and participation in various compliance calls with Clients and the DPEs along with the closure guidelines being followed on .
Part of Solution Review Board ,Change Management Board and Exception review board to manage security compliance
All the PCI DSS and ISO 27001 Requirements are considered while designing any project or introducting any new Hardware in the Network. Regular Audits , Risk Management Audits are done to make sure that the process is compliant . All these are documented , after approval of the Clients and places in a teamroom created specifically for the same.Coordination with Various competency members to make them understand the Vulnerabilities , their remediation and timely closure check is done on a regular basis.War Rooms are setup incase team has any concerns to be taken care of.
Manual and Automated Application Security Testing Manual and Automated for Business Critical applications.
Creating and reporting various issues and helping the teams to remediate them within prescribed timelines.
During the Design Jam , Code review meeting , Scurity Guidelines and requirements will be communicated to the developers and make sure that those are followed while develpoing the applcation.Post this , an End to End testing will also be done to find out various Vulnerabilities.
Conducting Application Security and VA Awareness training for different team members.
PREVIOUS EXPERIENCES
COMPANY :: WIPRO TECHNOLOGIES
CLIENT :: Automotive Company , 2013 – 2014
One of the Largest and well Renowed Automotive Infotainment Company , producing a whole range of next generation automotive products that are used in various top trending car manufacturers all over the globe.
Senior Security Operations Engineer
Application Security Assessment of various web applications developed by the client. Vulnerability Assessment using Nessus Vulnerability Scanner. Firewall Administration , Content Filtering and Anitvirus solution implementation.
Vulnerability management and Web Application Security using IBM Appscan and Nessus .
Creation of various user defined policies for protection of Unauthorized access to the Internet on the Firewall as well as Cisco ScanSafe.
Creating and Deploying SEP Policies on all the Clients as and when required. Created Infrastructure threat model & delivered design threat summaries to client Set/Identified security testing objectives & developed security test strategies. Recommended appropriate vulnerability mitigation approach to clients. Possess technical expertise in a broad range of application and technical architecture
components (applications/OS, database, network). Have knowledge in various open source security tools. Ability to do security testing in line with internal standards. Ability to conduct design reviews, requirement reviews, evaluates technical architecture from
security view point Responsible for providing client’s audit compliance information when requested by the Client /
Account
CLIENT :: A Very Large Toy Company , 2010 – 2013
Leading Retail chain Outlet producing Toys and having a very large Customer base all over the world with offices in each and every part of the Globe. Web based shopping formed the Major business area for the Company.
Security Project Engineer ::
Managing and Troubleshooting issues related to RSA Authentication Manager for Remote Access. Restricting Internet access using Websense Content Filtering . Generation of PKI Certificates for the Servers or various applications as required by the Website Owners . Configuring Rules in the ISA Proxy servers for Blocking or Allowing Internet access .Deploying McAfee EPO on all the location client base of approx. 17000. Also Performed Penetration Testing on various access nodes in the network.
Configured various RSA Authentication Devices having exact configuration as the Primary Instance.
Administrating and Troubleshooting token access related issues for Remote Login. Creating Policies and Categories for Content Filtering of the Websites through Websense Triton
Manager Web Console. Running Scan using Qualys Guard, Nessus Vulnerability Assessment tool to find out
Vulnerabilities in the network. Managing and troubleshooting Safend Data Protector for External Drives and USB Ports.
EDUCATION
Bachelor in Engineering (Elec. And Telecom.) Maharashtra Institute of Technology, Pune- 2009.
Meritorious in HSC and SSC.
PERSONAL DOSSIER
Address : E1 602 , Ovalnest, Near Aditya Garden City,Warje ,Pune 411052
Date of Birth : 21st October 1988 Linguistic Skills : English, Hindi, Marathi, Gujrati , Punjabi, Marwadi.
Date: Signature
Place: (Gaurav Parmar)