Information Security Penetration Testing
Resume:
SUVEETHA RAJKUMAR
Dallas, TX 945-***-**** *********@*****.*** LinkedIn
PROFESSIONAL SUMMARY
Seasoned Information Security professional with a master’s degree in Computer Science and Information Security and certifications in Oracle Cloud Infrastructure Security, Generative AI, ISC2 CC, and CISSP (in progress). Extensive expertise in Vulnerability Assessment and Penetration Testing (VAPT) using tools such as Nmap, Nessus, Burp Suite, Wireshark, and MS SQL.
Proficient in implementing and managing robust security controls across AWS, Azure, and GCP, with a focus on SIEM, CASB, and Intrusion Detection Systems (IDS). Deeply knowledgeable in cybersecurity principles and regulatory frameworks such as NIST CSF, ISO 27001, GDPR, PCI-DSS, HIPAA, SOX, CCPA, HITRUST, and SOC 2. Skilled in Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, and Identity and Access Management (IAM). Demonstrates strong capabilities in Security Assessment and Testing, Security Operations, and Software Development Security. Experienced in root cause analysis, penetration testing, and using CVSSv3 for effective vulnerability prioritization and remediation. Proven record in executing complex IT governance initiatives such as Business Continuity Planning (BCP), Disaster Recovery (DR), Incident Response (IR), and compliance audits. Recognized for exceptional skills in risk assessment, security incident management, and cyber resiliency. Adept at developing standard operating procedures (SOPs), translating complex security requirements into actionable strategies, and driving organizational improvements to enhance security posture and ensure ongoing resilience. TECHNICAL SKILLS
PROFESSIONAL EXPERIENCE
Senior Security Consultant January 2021 – Present
Graspear Solutions Pvt Ltd
Vulnerability Management for Formwork Resource Management System (FRMS) Client: Larsen & Toubro, Chennai
Tools Used: Burp Suite, Wireshark, Nmap, Nessus, MS SQL
• Lead Vulnerability Assessment and Penetration Testing (VAPT) on the Formwork Resource Management System (FRMS), utilizing tools such as Burp Suite, Wireshark, Nmap, Nessus, and MS SQL to identify and address critical security vulnerabilities.
• Conducted comprehensive security assessments on applications, systems, and databases, ensuring adherence to industry standards like OWASP and NIST.
• Security Tools: Burp Suite,
Wireshark, Zen map.
• Penetration Testing Tools:
Nmap, Nessus
• Data Analysis and Visualization
using Power BI
• Database Management: MS
SQL Server, DB2
• IAM and Role Management:
Active Directory (AD).
• Operating Systems: Linux,
UNIX, Windows
• Project Management
• IT Risk & Compliance
• Business Continuity
• Incident Management
• Policy Creation
• Vendor Risk Assessment
• Executed detailed risk assessments to evaluate and prioritize both operational and compliance risks, significantly enhancing the overall security posture of the FRMS.
• Implemented a risk monitoring system using Nessus and MS SQL, reducing high-risk vulnerabilities by 70% within three months.
• Prepared and presented a detailed risk mitigation roadmap to senior management, leading to the effective remediation of identified vulnerabilities and strengthening the system’s security.
• Coordinated cross-functional collaboration to ensure the alignment of security strategies with organizational goals, leveraging Wireshark for enhanced data-driven security analysis. SIEM Solution and Vulnerability Scanning Implementation Consultation Client: Diplomatic Construction, Oman
Tools Used: SIEM Solutions, Vulnerability Scanning Tools, Network Security Monitoring, Cloud Technologies (AWS, Azure, GCP)
• Developed a comprehensive proposal for the implementation of a Security Information and Event Management (SIEM) solution and advanced vulnerability scanning tools, incorporating cloud technologies including AWS, Azure, and GCP for Omantel. The proposal was designed to significantly enhance threat detection and overall network security.
• Collaborated closely with Diplomatic Construction Oman to assess client requirements and tailor the proposal, focusing on improving incident response capabilities and integrating cloud migration strategies into the security framework.
• Conducted an in-depth assessment of the existing security landscape, identifying critical areas for improvement.
• Drafted a risk management framework that incorporates Security and Risk Management practices aligned with NIST Cybersecurity Framework (CSF) and ISO 27001, aiming to enhance compliance and security posture.
• Developed strategies for leveraging Common Vulnerability Scoring System (CVSSv3) to prioritize remediation efforts, resulting in a clear and actionable path for reducing high-risk vulnerabilities.
• Proposed a comprehensive training and support plan focused on Security Operations, Identity and Access Management (IAM), and Network Security best practices, aimed at increasing the client's internal security capabilities.
• Prepared a detailed cost-benefit analysis that demonstrated potential improvements in security posture and operational efficiency, effectively supporting the client's decision-making process for both cloud and on-premises environments.
Web Application Testing and Management for Care Conference Canada Client: Care Conference, Canada
Tools Used: Burp Suite, Selenium, OWASP ZAP, Wireshark, MS SQL, AWS
• Led the security and performance testing of Care Conference Canada’s web platform, identifying and mitigating critical vulnerabilities using Burp Suite, OWASP ZAP, and Wireshark.
• Performed penetration testing and applied secure coding practices to minimize the attack surface and enhance the web platform's security.
• Delivered a detailed security report and developed standard operating procedures (SOPs) to address identified vulnerabilities, ensuring robust security management and ongoing resilience.
• Demonstrated a proven record in executing complex IT governance initiatives such as Business Continuity Planning (BCP), Disaster Recovery (DR), and Incident Response (IR) during the project, driving organizational improvements and compliance with industry standards. Identity and Access Management (IAM) Setup for Internal Applications Client: Larsen & Toubro, Chennai
Tools Used: Azure AD, Azure AD Connect, Microsoft Graph API, PowerShell, SAML/OAuth protocols.
• Implemented Single Sign-On (SSO) and Multi-Factor Authentication (MFA) using Azure AD, significantly enhancing both security and user experience across internal applications.
• Designed and enforced Role-Based Access Control (RBAC) policies, ensuring that access permissions were appropriately managed across all internal applications, reducing the risk of unauthorized access.
• Integrated Azure AD with multiple web applications, providing centralized authentication mechanisms and improving the overall cybersecurity posture of the organization.
• Reduced unauthorized access attempts by 95% within two months through robust security measures, including SAML/OAuth protocols and PowerShell.
• Streamlined user onboarding and offboarding processes using Azure AD Connect, reducing administrative overhead by 60% and enhancing operational efficiency.
• Provided training and documentation to IT staff, ensuring they were equipped to manage the IAM system effectively, leading to sustained security improvements. Consultant July 2019 – December 2020
Subjective Approach LLC, California
Information Security Analyst
Client: Born Natural
Tools Used: AD, PowerShell, Nessus, Nmap, Microsoft Office Suite, JIRA, Confluence, SharePoint
• Managed and maintained Active Directory (AD) user accounts, groups, and permissions, ensuring secure access control while assisting senior team members with advanced configurations.
• Collaborated in the development and implementation of patch management strategies, learning best practices and contributing to enhanced system security.
• Regularly performed system hardening activities to improve security configurations, working alongside senior staff for guidance and growth.
• Monitored and analyzed security alerts, assisting in identifying and mitigating potential threats while learning advanced threat analysis techniques.
• Supported vulnerability assessments using Nessus and Nmap, applying necessary patches and updates with guidance from senior colleagues.
• Conducted security scanning and compliance checks for mobile app uploads to Google Play Store and Apple App Store, ensuring compliance with security standards and gaining exposure to mobile security best practices.
• Assisted in documenting security procedures and policy development, while also contributing to team knowledge sharing and supporting junior team members.
• Participated in additional tasks like mentoring new hires, assisting with team projects, and contributing to a collaborative, growth-oriented environment.
Teaching Assistantship with Research Focus on Encryption and Cloud Security Institution: Thiagarajar College of Engineering, Madurai August 2015 – May 2016
• Supported academic sessions and assisted students with coursework in computer science and information technology.
• Mentored students in the research lab, focusing on encryption techniques like Homomorphic Encryption and cloud security.
• Conducted research and authored papers on advanced encryption methods and cloud data security, utilizing Java, VMware virtual cloud environments, Linux, and performance measurement tools.
• Co-authored publications in reputable journals and conferences o Indian Journal of Science and Technology: “Ensuring Confidentiality of Cloud Data Using Homomorphic Encryption”
o ICDASDC (International Conference on Data Science, Data Security, and Computing) “Data Security in Cloud Using Homomorphic Encryption”
• Volunteered for ISACA events, promoting industry-academia collaboration. Educational Facilitation and Mentorship August 2004 – October 2010 Institution: KLN College of Engineering, Anna University, Madurai
• Mentored students in computer science, information technology, and emerging technology trends, offering career guidance and industry insights.
• Served as a Steering Committee member for ISO 9001-2000, overseeing quality management and standards enforcement.
• Organized and led the Infosys Campus Connect Foundation Programme.
• Invited as a resource person from EMC2 Information Storage Management to deliver a speech on Business Continuity in Storage Technology.
• Implemented Wipro Mission 10X Effective Teaching Methodology, significantly improving instructional effectiveness and learning outcomes.
• Managed and executed the IBM The GreatMind Challenge Contest, earning recognition as “IBM The GreatMind Challenge Ambassador” for successful project delivery. o Oversaw end-to-end project delivery, including resource allocation, project scope definition, development, and implementation.
o Conducted code reviews, performance tuning, and applied quality audit processes to ensure high standards.
Key Achievements
• Implemented a comprehensive vulnerability management program that reduced the average time to patch critical vulnerabilities from 45 days to 10 days.
• Successfully integrated Azure AD with multiple web applications, significantly improving the organization’s cybersecurity posture and compliance with security standards.
• Developed a custom risk assessment framework, improving risk prioritization accuracy.
• Recognized as "Security Consultant of the Year" in 2022 for outstanding contributions to client projects. EDUCATION
• M.E. in Computer Science and Information Security Thiagarajar College of Engineering
• B.E. in Information Technology Madurai Kamaraj University CERTIFICATION
• ISC2 Certified in Cybersecurity (CC) 2024
• Oracle Cloud Infrastructure Security 2021 Certified Associate
• Oracle Cloud Infrastructure 2023 AI Certified Foundations Associate
• Oracle Cloud Infrastructure 2024 Generative AI Certified Professional
• Oracle Cloud Infrastructure 2021 Certified Architect Associate
• Oracle Cloud Infrastructure Foundations 2021 Certified Associate
• IBM Certified Database Associate - DB2 Universal Database V8.1 Family
Contact this candidate