Pravallika S Kaushik
Phone : 425-***-****
Address : Bellevue, WA
Email id : firstname.lastname@example.org
Seeking an opportunity to show my technical and security skills in securing applications and IT infrastructure and maintaining compliance on servers and network devices.
5 years’ experience in Information Security and IT Audits.
Certified in ITIL V3 Foundation(IBM), EC Council Certified Ethical hacker (CEH) Version 8.0, CompTiA Security+ certification version 301. Successful completed Qualys Quard training and certification for Vulnerability management, Policy Compliance and Web Application penetration testing.
Audited networking functionality including Windows Active Directory & user access management. Audited networks, operating systems, databases, applications
Managing SSAE16 SOC reporting, SOX compliance, ISO27001 audits, IT general control.
Created and Administered Security training for new employees and people needing access to critical resources Work Experience:
April 2014 –Oct 2015, Information Security Analyst with GT Nexus (Team Size: 3) Project: Vulnerability Management (Tools: Qualys Quard, Helpdesk, JIRA) Discovered and identified network-attached IT assets. Reported on the security configuration of IT assets. Established a baseline of vulnerability conditions for network-attached devices, applications and databases to identify and track changes in vulnerability states. Produced reports with content and format to support specific compliance regimes and control frameworks. Supported risk assessment and remediation prioritization based on vulnerability severity and asset criticality. Supported operations groups with information and recommendations for remediation and mitigation. Managed and administrated decentralized and distributed scanner instances. Provided ongoing support and maintenance of vulnerability signatures and advisories for the majority of assets. Analyzed the workflow, enterprise management and third-party technology integrations that a vulnerability assessment solution provides. Project: Web Application Security testing (Tools: Qualys Quard, Bugzilla, JIRA, White Hat Sentinel, Cassandra product security) Trained application developers in secure coding techniques and helped in integrating security into the software development life cycle (SDLC). Conducting application penetration testing, web application security reviews and source code security analysis for GT Nexus domain and client website across all verticals. Assisted in ongoing vulnerability management across the enterprise and worked with developers and administrators to remediate identified vulnerabilities. Performed onsite and remote security consulting including penetration testing, application testing, web application security assessment, onsite internet security assessment, social engineering awareness training, wireless assessment, and IDS/IPS hardware deployment. Performed vulnerability analysis of test, Internet, and/or Intranet connected systems, networks, and applications on both Windows & Linux systems. Generated and presented reports on security vulnerabilities to both internal and external customers. Analyzed common vulnerabilities and exposures (CVE) using CVE numbers to look up additional information from trusted sources such as US-CERT Vulnerability Notes DB, National Vulnerability DB, Secunia.com and vendor Sites. Project: Information Security Audit
Created and managed audit process utilizing third party auditors. Created, managed and implemented internal security audit process. Handled correction process internally. Acted as a representative of the firm during outside party audits. Ensured that new procedures were compliant with IT procedures. Worked with Risk team to ensure compliance. Audited internal IT security controls. Maintained system configuration service line structure. Assisted in reporting of security alerts. Monitored, revised and documented information security alerting. Ensured to document analysis of security concerns in incident response format. Managed SSAE16 SOC reporting, SOX compliance, ISO27001 audits, IT general control. Adhered to Security Policies. Reviewed and understood the key control and related testing plan. Acted as a Single Point of Contact for 3rd Party Auditor. Identified all possible defects and record results. Worked effectively in detecting audit findings earlier at the readiness stage and strived to convert possible Audit finding into recommendation. Assisted with root cause and risk analysis as required during Audit stage.
Project: Cyber Security- Regulatory GRC.
Facilitated the assurance audit reports for clients. Maintained audit scope document and client application metrics and exemptions
– formal annual review conducted, audit Team room, control owner list. Met external auditor to review request list and address any issues/concerns. Tracked audit items with internal owners, provided status report to audit lead & external auditor field lead with status of evidence obtained. Reviewed audit evidence to verify accuracy and completeness. Had weekly meetings with external auditor, IT Controls lead, and audit coordinators to review issues and risks. Created control objective testing schedule based upon defined control priorities which was used as input into the timeline required for audit evidence (populations and samples) including follow up. Monitored & reported status
& escalated issues/risks within the plan. Tracked status and completion of remediation plans & execution & completion of quarterly reviews. Project: Identity and Access Management (Tools: HelpDesk, JIRA, Active Directory) Implemented single sign on (SSO) using Active directory which allowed users of GT Nexus applications (Prod & PreProd) & systems to log in once and gain access to a broad range of IT resources. It resulted in a centralized & automated solution for access control, user management and provisioning & a consolidated user data repository. Handled user access grants and revocation. Project: Vendor Security Assessment & Remediation Coordination (RFI/RFP) Maintained the vendor inventory within Archer GRC tool for tracking and producing reports. Assisted with tracking across the vendor assessment program as part of the overall remediation efforts. Provided the Level-2 support for business owner/Relationship Manager in completing the risk classification survey. Developed and generated reports post completion of assessment, communicated the findings and submitted the report to vendors and Vendor Relationship Managers. Combined gaps in application, infrastructure identified as part of assessment with findings from industry standards like ISO 27001, PCI-DSS and regulations like SOX. Handled policy exception requests, prepared the Common Control framework which incorporates the global and local regulations. Prepared the test of design and test of effectiveness for the technical controls. Created Business continuity planning and risk assessment framework, did risk analysis on security tools. Prepared the data privacy framework and implemented the centralized solutions to maintain the compliance posture as per the law of land. Responsible for preparing the compliance dashboard to report the overall compliance posture of the tools. Feb 2011 – April 2014, Cloud Security Analyst at IBM India Project: Anti-Virus Management (Tools: McAfee ePO v4.6.5, Seibel, SEP manager 12.1) Managed installation of Symantec Endpoint Protection Manager Implementation and deployment in large environments. Configured Settings for Servers and Clients in the SEP manager (legacy and cloud servers). Performed antivirus administration and troubleshooting for Symantec Antivirus Corporate Edition and Symantec Endpoint Protection. Created packages and installed them on the servers and clients. Generated reports in McAfee EPO manager to check on the compliance status as per tickets generated from Seibel. Ran Health check on Antivirus tools and prepared reports for it. Project: Privilege access & (SIEM)Log monitoring (Tools: IBM Tivoli Service Request Manager V7.2, Seibel) Monitored and audited all privileged actions performed by users on systems subject to HIPPA or oversight by Federal Financial Institutions Examination Council (FFIEC). Used TSRM tool to post evidence supporting justification for actions after getting the same from users and then sent it to ACAT team to verify. Worked with internal teams to get logs for servers or network devices if needed. Project: Systematic Attack Detection (SAD)(Incidence Response & Forensic Analysis) (Tools: Arc sight v4.0, Seibel) IBM Managed Service Delivery (MSD) systematic attack detection process was responsible for detection and the investigation of the systematic attacks. Performed review of the systematic attack notifications and did further analysis or verification as necessary or upon management’s request of follow up events. Investigated notifications that were received in the past and were longer being received. Project: Vulnerability and Patch Management (Tools: Qualys Quard, SAP(GUI)SCORE) Was focal point for TCP/IP vulnerability scanning team & handled various EMEA accounts. Responsible for the security compliance of all servers. Created system for tracking vulnerabilities and started doing scans in the tool Qualys Quard and maintaining the asset list and automated periodic scanning of all servers. Created scan groups and scheduled the scan for Windows and Linux servers as required by policy. Analyzed reports for top ten OWASP Vulnerabilities. Assessed the Scan report and prioritized the vulnerabilities. Implemented Patch management technical solution for both Linux workstation and servers. Was responsible for the patching compliance of IBM supported servers across EMEA. Created scan groups and scheduling the scan for servers in Qualys guard. Assessed the Scan report and prioritize the vulnerabilities on the basis of IBM Security processes (e.g. GSD331, ITCS104, ISec). Part of CAB (Change advisory board) for the approval of server down time. KPI (Key Performance Indicator) Tracking Monthly and weekly. Project: Information Security Audit
Key Controls Testing Audit (KCO Audit)-A process is designed to provide reasonable assurance regarding the achievement of three objectives- Effectiveness and Efficiency of Operations, Reliability of Financial Reporting, Compliance with applicable laws and regulations. Reviewed and understood the key control and related testing plan. Performed testing on samples and record results timely. Identified any defects and record results. Assisted with root cause and risk analysis as required. HIPPA IRR Audit- To perform HIPPA Internal Regulatory Review Audit on HIPPA Compliant Customers and to be in line with the HIPPA Regulation amended by US Government. Performed Audit in Logical Security Areas like Complete Identity Access Management (Includes QEV, CBN, Termination Testing, New Users testing and HIPPA Training Validation testing), Vulnerability Scanning. Project: System Security Checking (Tools: Tivoli Security Compliance Manager, Tivoli Endpoint Manager, Enterprise Compliance Manager) Enforced information security control measures, evaluated vulnerabilities, determined probabilities and assessed its impact to breach of security and initiated activities to resolve any issues or risks. Performed System Security checking against emerging OS and subsystem technology in a fast paced, high visibility environment using automated tools like WWTS, Tivoli Security Compliance Manager, and Symantec Enterprise Security Manager. Reported any security risk through global issue/risk management process via CIRATS and facilitated resolution plans and solutions needed for information security risk management to meet regulatory requirements and audit recommendations. Assisted with the evaluation of systems security settings to ensure protection strategies/policies are properly implemented and working as intended. Assisted in developing a data security plan to ensure that threats, risks and vulnerabilities from emerging security issues are addressed with fixes and immediate mitigation measures. Acted as liaison with the client account manager, IBM service team, IBM SSO and client security team to incorporate security into client's networks, systems, and information assets. Assessed the server compliance scan report and prioritized the non-compliances flagged. Was responsible for ensuring the compliance of IBM supported servers across EMEA to security standards. Created scan groups and scheduled the scan for severs as required by clients in TSCM. Have knowledge of several Audits performed and have experience of handling/performing Audits (was the focal point for various internal/external Audits). Educational Qualification: Bachelor of Engineering (Computer Science) Bangalore, VTU University (2006-2010) Trainings Undergone: Perl Scripting, CISSP training, Cyber security & ethical hacking, AS400 Basic administrator Immigration: Work Permit available