About
Highly accomplished Cybersecurity Engineer with 5+ years of hands-on experience across incident response, threat intelligence, vulnerability management, and product security. Leverages SIEM/SOAR platforms, Python/PowerShell scripting, and MITRE ATT&CK to streamline defense, enhance forensic investigations, and secure cloud/on-prem infrastructure. Recognized for significantly improving security posture by over 60% and ensuring 100% compliance with industry standards like SOC 2 and PCI-DSS.
Work
Remote, TX, US
→
Summary
Led end-to-end security strategy development and implementation across the SDLC, ensuring full compliance and significantly reducing vulnerabilities and attack surface.
Highlights
Developed and implemented end-to-end security strategies across the SDLC, ensuring 100% compliance with GDPR, PCI-DSS, SOC 2, HiTRUST, and HIPAA standards.
Led threat modeling initiatives and integrated OWASP Top 10 best practices into development workflows, reducing the attack surface by 65%.
Conducted penetration tests on web, network, and cloud infrastructures, identifying critical vulnerabilities like SQLi, XSS, CSRF, and SSRF, boosting security resilience by 75%.
Automated SAST and DAST scanning using Checkmarx, OWASP ZAP, and Snyk, reducing remediation time by 60%.
Created SOAR playbooks in Python to automate triage workflows for phishing, malware, and insider threats, increasing operational efficiency by 40%.
Charlotte, NC, US
→
Summary
Managed third-party library upgrades and vulnerability management, enhancing proactive threat detection and compliance for university systems.
Highlights
Managed third-party library upgrades and enhanced Vulnerability Management, maintaining a software bill of materials and escalating threat risks to senior staff.
Conducted vulnerability assessments and penetration testing, addressing 80% of critical security flaws.
Monitored network traffic using Wireshark and Splunk to detect potential threats, enhancing proactive threat detection capabilities by 25%.
Ensured compliance with security standards (NIST, ISO 27001), achieving a 95% compliance rate.
Remote, India, India
→
Summary
Enhanced security policies and data protection, monitored network traffic, and streamlined incident response, significantly improving threat detection and response times.
Highlights
Enhanced security and privacy policies, boosting risk management by 65% and data protection by 67%, while overseeing data governance.
Monitored network traffic and security alerts, collaborating on cyber-attack simulations to improve threat detection using YARA, EDR, MITRE ATT&CK, and Cyber Kill Chain.
Utilized IT automation tools and SOAR platforms to streamline incident response and enhance scalability by 45%.
Conducted adversarial technique analysis using MITRE ATT&CK, improving detection mechanism accuracy by 35%.
Collaborated with cross-functional teams on incident response and remediation strategies, improving detection and response times by 57%.
Remote, India, India
→
Summary
Conducted penetration testing on critical applications, identifying and exploiting vulnerabilities using OWASP methodologies to enhance security posture.
Highlights
Conducted penetration testing on critical applications, identifying and exploiting vulnerabilities using OWASP methodologies.
Enhanced security event correlation through analysis of attack patterns, timelines, and trending data.
Collaborated on integrating detection workflows with IT orchestration systems such as Kubernetes for containerized environments.
Skills
Programming & Scripting
Bash, Python, C, Java, Rust, PowerShell.
Databases
SQL, MySQL, MongoDB.
Networking & Security Fundamentals
TCP/IP, HTTPS, DNS, OWASP Top 10, Firewall Configuration.
Security Frameworks & Standards
GDPR, PCI-DSS, SOC 2, MITRE ATT&CK, ISO 27001, NIST 800-30, HiTRUST, HIPAA, COSO framework, FISMA.
Security Platforms & Tools
Splunk (Enterprise Security, SPL Queries), MS Sentinel, Devo, Snort, Sigma, YARA, Terraform, Wireshark, AWS GuardDuty, AWS Inspector, AWS Config, SysDig, Snyk, Checkmarx, OWASP ZAP, Nessus, OpenVAS, Rapid7 Insight VM, Burp Suite, Qualys, DAST, Microsoft Defender, Cobalt Strike, Tenable Nessus, Netskope, AWS IAM, AWS Security Monitoring, Azure Security Center, CrowdStrike EDR, FTK, Autopsy, SIEM Log Source Integration, CASB.