cyber security - Engineer |
[email protected] |
Location: Raleigh, North Carolina, USA |
Relocation: Remote |
Visa: H4EAD |
AKANKSHA DWIVEDI
[email protected] skype: akanksha_dwivedi2 ([email protected]/609-508-8255) PROFILE I have 10+ years of work experience in Security domain which includes Governance, Risk, Compliance, Design and Implementation of the IT Policies, Procedure and Standards on the various system across the organization along with the application testing. The brief highlight of my relevant experience is mentioned below: Plan and coordinate the operational activities within the organization or outside to ensure compliance with government regulations are met. Implemented security controls, risk assessment framework, align to regulatory requirements, ensuring documented and sustainable compliance aligning to business objective. Updated security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data. To assess, identify, measure, and mitigate the IT Risk across all the systems in the organization. Lead consultant for Application Security assessment of banking related applications at a leading private bank in India. Preparation and review of Checklist as per the industry specific security standards, Methodology, and reports documents. Performed security assessments of 3rd Party IT Testing for multiple clients across the globe. Was involved and responsible for an application development framework, cyber security enterprise architecture, business continuity and disaster recovery. IT Risks Training and awareness sessions for the resources in the organization. Performed Web application security assessments of multiple payment gateway integrated applications for leading bank and government applications. Rich knowledge of Ethical Hacking and their Countermeasures. Performed security assessment of over 150+ web applications for clients across the globe. Experienced in report writing/presentation & client debriefing. CERTIFICATIONS ISO 27001 LA (Exemplar Global), June 2017 Certified Ethical Hacker (CEH), April 2017 Working towards attaining Certified Information Security Auditor (CISA) EDUCATION Master of Science in Cybersecurity (Feb 2020 June 2021) 3.92 CGPA Grand Canyon University, Arizona Client: BCBS RI Apr 2022 Present Location: Remote Role: Security Engineer Responsibilities: Interaction with client to understand the requirement for engagement, analyze the information gathered and capture the requirement in the scope of the delivery. Conducted onsite penetration tests from an insider threat perspective. Analysis of threats detected by vulnerability management tools. Developed Cyber Security Standards on NIST Frameworks and insured their proper implementation to reduce the risk of vulnerability to IT assets. Perform the IT Risk assessment on IT Projects and controls along with the analysis of existing policy in place. Develop risk assessment reports that identify, reports and vulnerabilities and evaluate the likelihood of the vulnerabilities that can be exploited. Develop detailed remediation reports and recommendations for compliance and security improvements across industries based on changing threats. Performed application security and penetration testing using IBM Appscan. Manage enterprise security systems, identifying key security risks, reporting risks to management with recommendations for corrective action utilizing NIST frameworks. Preparing and sharing the application status on daily and weekly basis with client. Educate, advertise, and communicate using all available channels to establish an environment that fosters a risk-conscious and security aware culture at all levels of the organization. Client: Aspect Software Jan 2019 Mar 2022 Location: Remote Role: Cyber Security Engineer Responsibilities: Interaction with client to understand the requirement for engagement, analyze the information gathered and capture the requirement in the scope of the delivery. Perform IT risk assessment with an emphasis on IT security. Provided compliance with ISO 27001 and conformance to other audit requirements. Developed Disaster Recovery Plans. Provided assistance and consulting on projects and other initiatives to ensure risks are considered and addressed properly. Identify and evaluate risks with business areas based on an assessment of control environment. Conduct vulnerability assessment both static and dynamic using open-source tools. Manual validation of all the security related vulnerabilities based on security standards like OWASP. Reviewing the requirement of standardization Security configuration documents Preparing and sharing the application status on daily and weekly basis with client. Raising the defect on bug tracking tool and rating the risk. Documenting detailed executive summary and technical and reports and follow-up till vulnerabilities are closed. Educate, advertise, and communicate using all available channels to establish an environment that fosters a risk-conscious and security aware culture at all levels of the organization. Organization: Infosys Oct 2017 July 2018 Location: Bangalore, India Role: Sr. Security Consultant Project: Technology Based Client The objective of this project is to ensure the security of various web applications, conduct third party risk assessment, Black box application penetration testing external threats as per the OWASP guidelines. Responsibilities: Interaction with client to understand the requirement for engagement, analyze the information gathered and capture the requirement in the scope of the delivery. Prepare a detailed schedule for a work by analyzing the effort and dependencies, Participate in client interaction for project tracking and monitoring. Perform the IT Risk assessment on IT Projects and control along with the analysis of existing policy in place. To track the structured statement of the risk , ownership and progress of work that is being done to ensure the critical and major items are closed out correctly within the agreed timelines. Conduct vulnerability assessment both static and dynamic using HPE Fortify tool and open-source tools. Manual validation of all the security related vulnerabilities based on security standards like OWASP. Reviewing the requirement of standardization Security configuration documents Preparing and sharing the application status on daily and weekly basis with client. Raising the defect on bug tracking tool and rating the risk. Documenting detailed executive summary and technical and reports and follow-up till vulnerabilities are closed. Consult with Enterprise Risk Management leaders on strategic and risk related issues and problems as needed. Assisting the client in developing the method for their personal information inventory and validating the inputs received from the teams developing content for privacy training and awareness campaigns. Interacting with the client and 3rd party to ascertain current state of compliance with the respective regulations and suggesting corresponding areas of improvement. Educate, advertise, and communicate using all available channels to establish an environment that fosters a risk-conscious and security aware culture at all levels of the organization. Organization: SecurEyes Technoservices Pvt Ltd July 2013 Sep 2017 Location: Bangalore, India Role: Security Consultant Project 1: Multiple Government of India Projects (Apr 2015 - Sep 2017) The objective of this project was to ensure the security of various web applications, web services, Blackbox application penetration testing external threats as per the OWASP guidelines. Responsibilities: To perform threat analysis to identify the advanced threat vectors. Understand the security workflow of the applications. Threat Profiling of the application. Identification of vulnerabilities and corresponding risks associated with it . Implemented security controls , IT Risk assessment framework, align to regulatory requirements, ensuring documented and sustainable compliance aligning to business objective. Develop and execute test plan for integration of security components in the application. Reporting daily status. Documenting detailed executive summary and technical and reports and follow-up till vulnerabilities are closed. Project 2: Security Assessment of a Leading Private Bank in India (May 2014 Apr 2015) The objective of this project was to ensure the security of various web applications including internet facing and internal modules of application, mobile applications (Dynamic Testing), Functionality testing & WAF of Retail Internet Banking external threats as per the OWASP guidelines. Responsibilities: Understanding Scope of auditing and application understanding. Setting up the test environment. Threat Profiling of the application. Identification of vulnerabilities and corresponding risks associated. Forming security risk mitigation plan and acceptance criteria Suggesting recommendations for mitigation. Reporting daily status. Documenting detailed executive summary and technical and reports and follow-up till vulnerabilities are closed. Project 3: Security Assessment of a Leading Bank in Saudi Arabia, Embassy and State Organizations (July 2013 Apr 2014) The objective of this project was to ensure the security of various web applications and penetration testing of applications including internet facing modules of application external threats as per the OWASP guidelines. Responsibilities: Setting up the test environment. Threat Profiling of the application. Identification of vulnerabilities and corresponding risks associated. Rating and categorizing risks. Suggesting recommendations for mitigation. Reporting daily status. Documenting detailed executive summary and technical and reports and follow-up till vulnerabilities are closed. Organization: IBM India Pvt Ltd Feb 2011 July 2011 Location: Bangalore, India Role: Remote Support Specialist The objective of this role was to provide technical support of IBM Lotus notes application and to provide the 24*7 support to the end users of the application. Responsibilities: To run the anti-virus on users machine Drafting the issues through ticketing tool. TECHNICAL SKILLS Application Tools: Burp Proxy, Accunetix, Dirbuster, SOAP, Xenu, SQL Map, IBM AppScan, HPE Fortify, OpenVAS, Nmap, Nessus. Open Web Application Security project OWASP Top 10 Knowledge. Bug Tracking Tool: Phabricator Technology Experience (Security Assessment): .Net, ASP, PHP, Java. MS-Word, Ms-Powerpoint, Ms-Excel. Keywords: information technology microsoft Louisiana Rhode Island |