IT Security Consultant
Resume:
Yati Goel
S-** Pandav Nagar, Delhi – ******, India
Phone: +91(0)704-***-**** +91(0) 11 65410670
E-mail: **********@*****.***
Information Security Consultant, ISO 27001 Lead Auditor
Seeking a challenging position that will effectively utilize my knowledge to achieve professional growth in the field of IT security, along with fulfilment of my organization’s objective.
4+ Years of total experience that includes 2 years in Information Security and 2+ years in Data Warehousing & BI Reporting.
Domain: Information Security, Banking and Travel Transport & Logistics (Airline)
Adaptable to work individually as well as in team environments, a good team player.
Good analytical, problem solving and communication skills.
Currently working in NIIT Technologies Ltd. as an IT Security Consultant and Senior Developer from July 2011.
1.Company: NIIT Technologies Ltd.
Client: Shared Services India
IT Security Consultant June 2015 - Present
2.Company: NIIT Technologies Ltd.
Client: ING Bank Netherlands Netherlands
Project: Penetration Testing
IT Security Consultant May 2015
Project Description:
Security Assessment Services provides the PT service to get reasonable assurance that the combined set of controls that must safeguard an infrastructure is still sufficient in order to effectively manage vulnerabilities found in the way relevant infrastructure is implemented. This service scans, by using external parties, the external connections for possible vulnerabilities, which can be used by hackers for malicious purposes.
Roles & Responsibilities:
Contacting the Asset Owner to provide the scope for PT and discuss about the approach.
Analyzing the data and authentication of scope using CMDB.
Assigning the test to third party vendor and discussing the approach for performing the test.
Analyzing the correctness of finding and QA of ratings assigned to the findings.
Inform/share final reports with Asset Owner and Risk manager.
Tools Used:
RCEC Repository
HPSC
PT Administrative Tool
CMDB – Configuration Management Database
VID – Vulnerability Intelligence Database
3.Company: NIIT Technologies Ltd.
Client: ING Bank Netherlands Netherlands
Project: Vulnerability Scanning – Infra
IT Security Consultant Jul 2013 – April 2015
Project Description:
Vulnerability Scanning – Infrastructure (VS-i) service is to regularly and proactively identify, classify and report vulnerabilities and initiate follow-up actions to improve the safety of the systems. By performing vulnerability scanning, the weaknesses in an asset are identified and the stakeholders are informed of risk of the exploitation of these vulnerabilities.
Roles & Responsibilities:
Creating the process description.
Creating the monthly scope for the team on which the scan has to be performed.
Analyzing the data and authentication of scope using CMDB.
Enhancing the scoped asset data to provide complete information.
Handling the change management process.
Analyzing the correctness of results.
Assisting in resolving risk – related incidents.
Creating monthly management reports and dashboards.
Performing follow-up activities with the stakeholders for the discovered set of vulnerabilities.
Creating Remediation Plan, Closure Memo, etc.
Providing evidence for OCD, and closure of other audit findings.
Optimizing VID tool as per ING requirements.
Designing and optimizing SID, reporting and other functions.
Managing the SID tool.
Managing group mailbox.
Weekly meeting with developer and challenging the developer for optimization of various tools used.
Weekly meeting with third party vendors for smooth and continuous working of the process.
Establishing the process for expansion of scope and its implementation in a smooth and effective manner.
Managing the group mailbox, wherein, answering technical and procedural questions related to security and other process related queries
Tools Used:
Tenable Nessus
HPSC
JIRA
CMDB – Configuration Management Database
SID – Security Intelligence Database
VID – Vulnerability Intelligence Database
4.Company: NIIT Technologies Ltd.
Client: ING Bank Netherlands Netherlands
Project: REFA – Repository External Facing Assets
IT Security Consultant Oct 2013 – Feb 2014
Project Description:
REFA was a new repository created to maintain and keep track of all the external facing assets. This repository includes all the ING websites and DNS servers worldwide. It is used as a source for deriving scope for EVS (External Vulnerability Scanning). It is used by asset owner to be in control of their assets, registration and maintenance of assets. It is also used by cybercrime team for incident management purpose in order to find asset owners when in crisis situation.
Roles & Responsibilities:
Initiating and managing REFA project.
Planning, designing and implementing REFA process.
Creating the Process Description.
Establishing contact with ING Stakeholders worldwide, to collect information regarding their asset in order to build the repository.
Continuously working towards making the process more mature.
Preparing monthly management reports.
Development and designing of REFA tool.
Weekly meetings with developer for implementation of REFA tool.
On-boarding ING entities/ stakeholders in the REFA tool.
Managing the tool.
On-boarding ING entities/stakeholders in the REFA tool.
Interaction with third party for maturing improving the correctness of data
Discovery of ING assets using RiskIQ.
Weekly meeting RiskIQ
Planning, customizing, implementing and optimizing RiskIQ as per ING requirements.
Tools Used:
RiskIQ
REFA Tool
5.Company: NIIT Technologies Ltd
Client: Virgin America India
Project: CDD Extract Reporting
Software Engineer Oct 2011 – Feb 2013
Project Description:
Virgin America as per their current system needs some very critical reports from system like - Revenue Management Reports and Planning and Sales Reports. This project is to build a light weight application which communicates with Virgin America CDD Batch / Streaming databases and generate reports in excel format. To generate automated queries to create daily batch reports.
Roles & Responsibilities:
Development of GUI for the reporting application using HTML and PHP.
Worked on SQL Queries for report creation.
Manually performed Unit Testing for the reports created.
Performed Client interactions, in order to gather and clarify the business requirements.
Maintaining the reporting tool for the client
Technology/ Tools Used:
PHP
MySQL
Jasper Reports
6.Company: NIIT Technologies Ltd
Client: Sabre India
Project: NSK Offload
Software Engineer Jul 2011 – Sep 2011
Project Description:
New Data Model for Ticketing was formed due to which all the impacted applications had to be modified to adapt the new model. Applications which were directly impacted were – CDD, VCR, CDS, GMS, DAR. Due to the change in Data Model we needed to fill the gap between the existing Data Model (NSK) and the New Data Model (T2). Provided mechanism to compare the output of existing NSK and new T2.
Roles & Responsibilities:
Performed data validation using automated comparison tool.
Manually tested/compared the files generated using NSK and T2.
Logging defects and created daily defect report
Technology/ Tools Used:
ODI – Oracle Data Integrator
Oracle 11g
VB Script
Master of Computer Applications 2011
Delhi Institute of Advanced Studies, GGSIP University
B.Sc (H) Computer Science 2008
Ram Lal Anand College, Delhi University
Completed Certification: ITIL V3 Foundation, Certified Ethical Hacker v8, ISO 27001:2013 Lead Auditor(from BSI India)
Trainings: Oracle Warehouse Builder, Microsoft Business Intelligence, Oracle, PL/SQL, Informatica
Passport Number: M2358659
Passport Valid till Date: 30/09/2024
PAN Card No.: AKEPG5228Q
Contact this candidate