NEHA DALPE

949-***-**** ad4gxy@r.postjobfree.com LinkedIn

SUMMARY

With over 7.5 years of experience in Information Security and software development. Proficiency in conducting vulnerability assessments, web application penetration testing, API testing, medical device security review, cloud security review (AWS), and application security review.Demonstrated proficiency in risk assessment, governance, medical device security, and compliance. PROFESSIONAL EXPERIENCE

CitiusTech Healthcare Technology Lake Forest, CA

Technical Lead I Oct 2021 – Present

● Compliance/Governance Policies

-Develop a roadmap, policies and procedures, support documentation, vulnerability management, data protection, incident, and breach notification

-Managed security assessments for 20+ products, ensuring compliance with healthcare industry standards and FDA, EU MDR, China, Korea regulations

-Advised 15+ clients on cybersecurity best practices, leading to 50% reduction in security breaches

● Medical Device Security

-Actively involved in Secure software development lifecycle to deliver products heavily enriched with security by design (DevSecOps) principle.

-Collaborated with software developers to integrate security measures at code level, reducing potential vulnerabilities.

-Participated in VAPT activities and recommended corrective measures based on CVE/CVSS, leveraged MITRE ATT&CK framework to identify. limitations of Penetration testing within a given environment

- Mentored and led a team of 5+ full-time employees for project training over 6 months in an Agile, Scrum. Tools used: BlackDuck, Insight VM, Qualys, BurpSuite, Microsoft Threat Modeling Tool, Coverity, Veracode, Nmap, Wireshark, Excel CitiusTech Healthcare Technology Mumbai

Sr Software Engineer Apr 2020 – Oct 2021

● Medical Device Security

-Reverse Engineering and Dynamic Analysis for security analysis

-Experienced in assessing controls about ISO 27001, CIS benchmarks, NIST 800-53

-Offering immediate solutions to patch vulnerabilities- preventing 65% more security attacks each year

● AWS cloud security review

-Perform configuration of Network and Access Control List in AWS

-Configure inbound and outbound rules for their implementation

-Verify encryption methodology and detailed testing of the implementation Tools used: BlackDuck, Insight VM, Qualys, BurpSuite, Microsoft Threat Modeling Tool, SonarQube, Checkmarx, Nessus, CIS Benchmark CitiusTech Healthcare Technology Mumbai

Software Engineer Apr 2017 – Apr 2020

● Managing and handling the API(JAVA) response for end-to-end integration and updating the database to build fully dynamic data functionalities.

● Developed and maintained automated CI/CD pipelines for code deployment using Jenkins.

● Conducted Application Security for 40+ web applications using frameworks like OWASP Top 10 and deep dive analysis of cyberattack tools, tactics, and techniques.

● Performed Vulnerability Assessment, Data gathering, and Configuration review of the underlying OS and Databases Tools used: CIS Benchmark, MySQL, Visual Studio Code, Angular 7.0, Bootstrap CitiusTech Healthcare Technology Mumbai

Trainee Software Engineer Jun 2016 – Apr 2017

● Programmed various features in ‘CareTend’ a web-based platform that is intended to serve all three lines of business namely: HME/DME (Home Medical Equipment/ Durable Medical Equipment), I.V. (intravenous medicine), and Specialty Rx (specialty prescriptions) and their associated users.

● Implemented Google Tag Manager to track page views and events handled in the application.

● Generated automated builds for iOS and Android using hockey app on Jenkins Server Tools used: Typescript, Javascript, HTML5, CSS3, Git EDUCATION

Illinois Institute of Technology Jan 2022 –Dec 2022 Master of Science in Cyber Forensics and Security GPA – 4.0/4.0 Courses: Vulnerability Analysis and Control, Database Security, Cybersecurity Management, Legal and Ethical Issues in Information Technology University of Mumbai Jul 2012 – May 2016

Bachelor of Technology in Computer Engineering GPA – 6.75/10 Courses: Object Oriented Programming, Operating Systems, Computer Networks, Product & Project Management CERTIFICATIONS

Certified Lead Implementer ISO/IEC 27001:2013 June 2022 Certification Number: ENR-01117008

Certified Ethical Hacker (CEH) Mar 2020

Certification Number: ECC3540621987 Azure, Azure Devops,devops, Microsoft Azure, Microsoft Office, mssql, powershell,python, user stories,Experienced Technical Lead with over 4 years of experience in cybersecurity and software development. Expert in implementing security measures, conducting security assessments, and mentoring teams. Led compliance efforts resulting in a 50% reduction in security breaches and prevented 65% more security attacks each year. Seeking a Senior Specialist IT Product Security position at a company where I can apply my cybersecurity and development skills to support software development from a security perspective and contribute to the creation and maintenance of cybersecurity documentation and threat modeling activities.

Contact this candidate