Information Security Manager - Zen And Art Infotek Pvt Ltd - Mumbai
(2022-01)
Own the end-to-end application security review programme across the full SDLC — from design threat-modelling sessions through code-level vulnerability analysis and pre-production sign-off; delivered 250+ risk assessments across products in financial services.
- Conduct security architecture reviews for new products and third-party integrations, producing risk-rated findings and remediation roadmaps aligned to OWASP ASVS, NIST SP 800-53, and internal security standards.
- Drive GRC operations via IBM OpenPages: maintain the enterprise risk register, map controls to ISO 27001 and regulatory obligations, and present risk posture reports to senior leadership quarterly.
- Facilitate threat modelling workshops (STRIDE/PASTA) with product and engineering teams, embedding security consideration early in the design cycle and measurably reducing post-release vulnerability density.
- Lead third-party risk assessments for critical vendors and SaaS integrations, ensuring contractual security obligations and data-handling requirements are validated before onboarding approval.
- Design and deliver security-awareness programmes for both technical and non-technical audiences; track phishing simulation results and iterate content based on department-level outcomes.
- Advise on AI risk: evaluate ML pipelines for data-poisoning, adversarial-input, and privacy exposure, contributing to the organisation's emerging AI governance and acceptable-use policies.
Senior Project Engineer – Security - Wipro Technologies Ltd - Pune
(2021-08 - 2022-01)
- Delivered security consulting to enterprise clients: conducted gap assessments against ISO 27001 and NIST CSF, and produced prioritised remediation plans with business-impact context.
- Collaborated with project delivery teams to integrate security requirements into solution architectures, supporting DevSecOps adoption within client CI/CD pipelines.
- Produced client-facing risk reports and executive briefings, translating technical findings into business-risk language suitable for C-suite and board audiences.
Technical Engineer – Security - Hitachi Systems Micro Clinic India Pvt Ltd - Mumbai
(2019-07 - 2021-08)
- Administered RSA Archer GRC platform: built risk and compliance workflows, maintained control libraries, and produced regulatory reporting for clients in financial services and healthcare.
- Managed enterprise DLP (device-control and data-classification policies) and McAfee Endpoint Security suite (ePO/ENS/VSE) across large-scale deployments; reduced data-exfiltration incidents by enforcing tiered policy baselines.
- Monitored and triaged security events through SIEM; led incident response from initial detection through containment, eradication, and post-incident review, with documented lessons-learned outputs.
- Supported regulatory compliance engagements covering data privacy, access-control adequacy, and audit-evidence collection for financial services and regulated-industry clients.
Associate Security Engineer - Arctern Consulting India Pvt Ltd - Mumbai
(2018-03 - 2019-07)
- Deployed and administered Carbon Black EDR across client environments; authored detection rules and behavioural hunting queries to surface lateral-movement and persistence techniques.
- Conducted vulnerability assessments using Qualys; triaged findings by CVSS score and asset criticality, and coordinated remediation timelines with infrastructure and application owners.
- Managed McAfee ePO ecosystem (ENS, VSE, DLP, PA, EEPC) and ServiceNow ticketing integration, maintaining SLA compliance across security incident and change-request queues.
Endpoint Security Engineer - Impact Infotech Pvt Ltd - Pune
(2017-06 - 2018-02)
Served as McAfee ePO administrator for Volkswagen India, managing full-disk encryption (EEPC), DLP policies, and security incident workflows under the HPSM ITSM framework.
- Reduced unmanaged endpoint exposure by automating agent deployment and enforcing policy baselines across distributed manufacturing and office sites.
Desktop Engineer - Crystal Solutions Pvt Ltd - Mumbai
(2016-11 - 2017-06)
Provided L1/L2 desktop support across enterprise environments; initial exposure to security tooling and disciplined troubleshooting methodology that underpinned subsequent security-operations work.
