Application Security Assessments
Ayush Katiyar
Senior Cyber Security Consultant
Bangalore
Summary
Experienced Senior Consultant with 5+ years of progressive experience in cyber security. Demonstrated skill identifying business risks and compliance issues and designing proactive solutions. Clear understanding of application security reviews, risk assessments, threat modelling and vulnerability management. Versed in robust network defense strategies.
Overview
5
5
years of professional experience
Work History
Senior Security Consultant
Ernst & Young (GDS)
2016-09 - Current
- Performed application security risk assessment for a leading oil and gas industry and financial corporation.
- The role involved conducting assessment to identify threats to the application and to identify and recommend security controls required to mitigate those threats.
- The assessment covers information security, asset management, incident management, software development, managing credentials and other domains.
- Primary work goals were to create risk assessment reports to be issued to the client, followed by remediation or risk acceptance process.
- Worked on Segregations of duties project for a financial organization across different line of business units.
- The role was to identify the access of developers who have access to both production environment and code promotion/code management and also provided the resolution in case of any conflicts identified.
- Conducted GDPR privacy impact assessments for a multinational information technology company.
- For a multinational investment bank and financial services revamped the Identity & Access Management (IAM) – Manual user access review process, solving the issue of recurring orphan accounts and user re-certification in business applications.
Trainee
Atos
2015-08 - 2016-08
- Monitoring the IDS/IPS device and the events triggering based on snort rules.
- Preventing malicious traffic based on Rule documentation, Packet Text, Affected System, Attacker IP and system vulnerabilities.
- Investigating the malicious traffic and taking the required actions. Presenting reports directly to clients in meetings.
- Hardware: CISCO - Sourcefire DC3500 Defense Center.
- Also investigating the traffic on Forcepoint – Triton Proxy Server for the same client.
- Monitoring Symantec Endpoint Protection, McAfee ePO, Trend Micro AntiVirus servers for Infected/ Non-Updated Servers & Workstations comes under it. Also, taking remediation steps.
- Creating Daily/Weekly/Monthly reports and maintaining AV compliance Status of Servers and workstations and presenting it in meetings.
- Checking infection on servers and workstations and taking remedial actions.
- Vulnerability Management.
- Raising Incidents, Problem or Change tickets if required while monitoring IPDS or AV.
Education
PG - Diploma - IT Infrastructure, Systems And Security (DITISS)
Centre For Development Of Advanced Computing
Feb 2015 - Aug 2015
B.Tech - Information Technology
Pranveer Singh Institute Of Technology (UPTU)
Jun 2010 - Jul 2014
Class XII (ISC) - Science Education
Dr. Virendra Swarup Education Centre
Apr 2009 - Mar 2010
Class X (ICSE Board) - Science Education
Dr. Virendra Swarup Education Centre
Apr 2007 - Mar 2008
Skills
Risk Assessment
Vulnerability Management
Symantec Endpoint Protection (SEP Antivirus)
McAfee ePolicy Orchestrator(Antivirus & MCP)
GDPR
Threat modelling
Information security supplier assessments
IPS/IDS monitoring
Security design review
Timeline
Senior Security Consultant
Ernst & Young (GDS)
2016-09 - Current
Trainee
Atos
2015-08 - 2016-08
Class X (ICSE Board) - Science Education
Dr. Virendra Swarup Education Centre
Apr 2007 - Mar 2008
Class XII (ISC) - Science Education
Dr. Virendra Swarup Education Centre
Apr 2009 - Mar 2010
B.Tech - Information Technology
Pranveer Singh Institute Of Technology (UPTU)
Jun 2010 - Jul 2014
PG - Diploma - IT Infrastructure, Systems And Security (DITISS)
Centre For Development Of Advanced Computing
Feb 2015 - Aug 2015