Manager - Axis Bank Limited - Axis Bank Pvt Ltd
(2025-01)
Process: Vulnerability Assessment and Configuration Review for bank. Environment: Production, UAT, DR server and network Devices (Adhoc and Calendar)
Internal Auditor-Senior Manager-I - Icici Prudential Life Insurance Pvt Ltd
(2023-04 - 2024-12)
Audit: Business continuity management, IT Asset Hardening, network security, cyber security preparedness, IT Resilience and third party vendor. Environment: Production, UAT, DR server and network Devices, AWS, data centers
- Design and establish BCM audit test cases, conduct gap analysis, assist in carrying out final audit process for Icici Prudential.
- Request pre-audit information from third party for conducting audits, communicate scope of audit, conduct audit based on vendor audit checklist for third party risk management audit.
- Follow backup and restoration SOP for cloud security audit, understand the process of taking backups and restoring the data, identify the gaps in process and report them.
- Facilitate audit status discussions to communicate findings and areas of improvement.
- Create final audit reports, oversee implementation of corrective action plans, while maintaining communication with all stakeholders and prepare draft reports for review by seniors.
Associate Consultant - Paladion Network Pvt Ltd
(2021-02 - 2023-04)
Client: Axis Bank Pvt Ltd. Project: Vulnerability Assessment and Configuration Review. Environment: Production, UAT, DR server and network Devices
Cyber Security Analyst - Network Intelligence India Pvt Ltd
(2017-10 - 2020-12)
Client: Multiple Clients. Project: Vulnerability Assessment and Configuration Review, Penetration Testing, Appsec Testing, Firewall rule base review, LAN testing
- Managed Qualys tool operations including VA & CR scanning, agent troubleshooting, authentication issue resolution, and deployment of Qualys Gateway Service across On-Prem, Azure, and GCP environments.
- Executed quarterly PCI DSS external VA scans and ensured timely closure tracking in compliance with regulatory requirements.
- Performed ATM CR (Configuration Review) assessments for Axis Bank branches to ensure compliance with security standards and operational integrity.
- Performed fortnightly user log reviews in Qualys to maintain audit readiness and strengthen access control monitoring.
- Oversaw VA group and subgroup mapping of new vulnerabilities in the Axis Vulnerability Management Portal (AVMP) to streamline tracking and remediation.
- Conducted quality reviews of ad-hoc configuration reports uploaded by vendor consultants in AVMP, ensuring accuracy and completeness before closure.
- Coordinated with vendor teams and application stakeholders for VAPT closure activities, including authentication issue resolution and remediation support.
- Tracked and submitted RBI and internal audit observations, ensuring closure within committed timelines to maintain compliance posture.
- Monitored daily priority activities and escalation mails, ensuring timely response and resolution of critical issues.
- Led stakeholder meetings to facilitate VAPT closure points and guide remediation actions for application teams.
- Managed System Configuration Document (SCD) reviews: maintained quarterly SCD calendar, created new SCDs for technology deployments as per CIS benchmarks and OEM guidelines, and ensured approvals through the online portal as part of VAPT SOP process.
- Managing and Performing Audits and Configuration Reviews for Axis Bank client - Preparing audit checklist and providing to the stakeholders for the configuration and audit projects of OS, network perimeter devices, Firewall, Database and AWS Managed service AWS EKS, AWS RDS, AWS S3 Bucket.
- Preparing the SOP's and providing knowledge to colleagues and client for loopholes and betterment of the network.
- Auditing client's organizations firewall and managing the team for preparing the checklist and reviewing it.
- Experience in reviewing the current security controls in the application architecture. Identify potential security flaws like application used with default login and accessible without authentication at an early stage and mitigate them before starting the development stage.
- Prior to the reports being shared with application owner/stakeholders the reports are reviewed and corrected and after sharing the reports with client providing the application owner with support and understanding of the vulnerabilities.
- Helping client and stakeholders to resolve their Vulnerability and authentication issue by providing proper recommendation and prerequisite along with proper root cause.
- Managing and Performing penetration testing and Vulnerability Assessment for various domains: Leading projects related to Web Application Penetration Testing and performing projects single handedly and providing with support and analysis and providing clients with remediations.
- Providing the guidance and support for team based on the scope.
- Reviewing and preparing the vulnerability assessment reports for network and web application penetration testing.
- Providing the report meeting to client for better understanding of analysis and vulnerabilities.
- Understanding the Network Architecture from client for network Architecture review and preparing the checklist and providing knowledge to colleagues and client for loopholes and betterment of the network.
- Experience in analyze the design and architecture of a network to identify any potential security issues.
- Experience in reviewing the current security controls in the application architecture.
- Conducted security assessments of a wide variety of business applications in the fields of E-commerce, Finance, Insurance, Software Development using NII penetration testing methodology.
- Helping clients to resolve their Vulnerability by providing proper recommendation.
