Strategic cybersecurity planning, developing tailored security solutions, offering insights, and providing aligned recommendations to advance the company's security strategy, policies, procedures, and guidelines.
Formulating an enterprise-level vulnerability and patch management program aimed at continual enhancement leveraging SANS Vulnerability Management Maturity Index (VMMI)
Actively scrutinizing and evaluating security vulnerabilities within systems and network infrastructure, reporting them to relevant teams and suggesting effective remedies.
Supervising the security patch management process to ensure timely application of patches for addressing vulnerabilities.
planning, design and execution of Data Loss Prevention & UEBA systems (Teramind) in compliance with GDPR regulations, including policy setting, monitoring, alerting mechanisms, and anomaly detection and prevention
Engaged in enhancing network and system security by planning, designing and implementing industry-standard best practices aligned with CIS benchmarks and GDPR privacy regulations.
Working in planning and designing comprehensive endpoint detection and response strategies to enhance security measures.
Engaged in planning and establishing a Security Operations Center (SOC) utilizing Microsoft Sentinel & Defender for centralized log management. Aimed at enabling continuous security audit, monitoring, and later review.
Creating customized application whitelisting configurations tailored to the specific needs of different departments and aligned with business requirements.
Working on the backup management for the business continuity and disaster recovery for the company’s critical data and VMs. Created backup policy aligned with the company’s business operations and best practices.
Collaborating with development teams to ensure secure architecture and contribute to security-related aspects of application development.
Delivering regular reports auditing our current services, tracking changes, and evaluating internal security practices.
Developing a personalized security training initiative aimed at fostering risk awareness and cultivating a culture of diligence across all employee levels.
Monitoring network traffic, ticketing systems, and promptly responding to unusual packets or security incidents.
Addressing L3 tickets (escalated tickets) related to IT security promptly and proposing solutions based on priority.
Assisting and supporting support and infrastructure teams in security assignments to ensure comprehensive coverage and implementation of security measures.

Planning and executing cyber security initiatives to safeguard corporate data\\\'s confidentiality, integrity, and availability aligned with organizational objectives.
Developing information security policies and related documentations.
Implement security measures for systems, networks, and applications to reduce attack surfaces.
Working with security compliance, ensuring adherence to industry-standard frameworks such as CIS and ISO control-set.
Establish security baselines for organizational systems and conduct regular assessments.
Develop and maintain application security policies aligned with ISO27001, CIS & OWASP guidelines.
Lead the collaborative SOC setup, implementing incident response, optimizing SIEM, create use cases and runbooks.
Keeping detailed documentation and regularly updating them for aligning them with latest security trends.
Upgradation of the organization\\\'s security solutions, capabilities and baselines.
Drive vulnerability management program (Insight-VM) for IT infrastructure, prioritize remediation, monitor progress, and provide status reports to stakeholders.
Conduct tailored security awareness and training w.r.t acceptable use of IT, online security & security policies and conduct effectiveness drills.
Monitor and analyze emerging security trends and threats, staying updated on the latest developments in the cybersecurity landscape to proactively mitigate potential risks.
Manage cybersecurity budgeting, evaluate security products, procure solutions, set timelines, conduct proofs of concept (POCs), validate use-cases, handle third-party contracts, and monitor service level agreements (SLAs).
Champion cybersecurity initiatives by delivering insightful presentations to end users. Effectively translate technical details into practical and actionable insights, fostering a heightened understanding of cybersecurity importance across all organizational levels.
Collaborate with cross-functional teams to assess and define network segmentation requirements for critical components, minimizing potential attack surfaces.

Implement robust security controls for data and infrastructure, managing access control systems, surveillance, intrusion detection, and security policies, aligning with industry frameworks and policies.
Helping team in planning and designing network security including architecture, logical segmentation, zoning, firewalls, WAF, PAM and other cyber security components.
Establish and maintain security baseline configurations for IT systems, ensuring consistent adherence to standards such as CIS and industry’s best practices.
Actively taken part in the establishment of TIA-942 compliant T-III kevel data center and practiced robust infrastructure security measures.
Implementing and managing endpoint security controls in Active Directory, including fine-grained password policies, privileged access management and LAPS.
Working on the end-to-end design, implementation, and management of the SCCM-based patch management solution, coordinating and scheduling deployment activities to minimize business disruptions, and ensuring timely patching, updates, and service packs across all systems.
Enforcing security policies and practices ensuring adherence to predefined configurations and standards.
Managing the operations of infrastructure virtualization using SCVMM, ensuring the VM lifecycle through planning, provisioning, configuration, and retirement.
Implementing the least privileges and role-based access control principals to mitigate the potential impact associated with compromised accounts.
Performing regular backups of critical VMs and configuration of critical network appliances, storing online and offline copies and perform routine testing to validate backup.
Upgrading legacy antivirus solution by procuring, designing, deploying and monitoring NG-EDR systems for intrusion prevention, device control, user behaviors, threat intel and reporting.
Identify opportunities for continuous improvement in cybersecurity controls, processes, and policies, recommend and implement enhancements to strengthen the overall security of the organization.
Remaining abreast of contemporary security trends and emerging threats to uphold the organization\'s robust security posture.

Maintain interconnectivity of networks, servers, and devices across 150+ locations, including headquarter and remote offices.
Maintain Microsoft servers, including Active Directory, DNS, WSUS, DHCP, File Storage, and Email Servers.
Perform critical data backups and ensure data security as per established procedures.
Install workstations, printers, scanners, video surveillance systems, biometric authentication devices, servers rooms, and networking equipment across multiple locations.
Successfully performed systems and infrastructure migration from distributed to centralized system including applications, DBs, and other resources.
Manage users, groups, security, authentication, authorization, and permissions to enhance infrastructure security.
Install, configure, and maintain network firewalls & internet proxy servers.
Conduct scheduled patching, updates, and upgrades of critical operating systems.

Deeply demonstrated my expertise in managing Microsoft security infrastructure while working on security capabilities of the platform. with focus on authentication & authorization, identity management, group policies, LAPS, managing security objects and granular permissions and implementing role-based access control.
Maintaining LAN network security including software security, workstations & mainframes hardening, VPNs, DMZs, ACLs & VLANs etc..
Implement and manage Secure Group Policies (GPO) permissions, secure file sharing, secure FTP, user and devices based security implementations.
Diagnose and resolve network-related promptly.
Maintain comprehensive documentation of network configurations, protocols, and procedures.
Implemented and administered enterprise vulnerability & patch management solution by leveraging centralized server of Microsoft SCCM for update and configuration management.

Managed LAN and Active Directory, prioritizing authentication, authorization, identity management, group policies, and role-based access control.
Oversaw the entire network infrastructure, including software, workstations, mainframes, VPNs, routers, switches, and hardware appliances.
Handled DNS, DHCP, file servers, MIS, print services, and other network-related tasks to ensure efficient issue resolution.
Implemented patch and updates management, ensuring the security of critical servers.
Provided daily network support for computer labs and end-users of all levels across the university.