Application Security Vulnerability Management

Ishmeet Singh

Aurora, Colorado, *****

+1-303-***-**** *****.*********@*****.*** https://linkedin.com/in/ishmeet-singh-014568218

Detail-oriented cybersecurity Engineer with 3+ years of experience in telecom and mass media industry. Skilled in threat and vulnerability management, application and network security. Currently focused on safeguarding Charter's environment by securing the network, assets and applications against cyberattacks. Adept at working on multiple projects simultaneously and presenting data more effectively to executive leadership using graphic elements.

Tools and Tech Stack

Domain: Threat and Vulnerability Management Network Security Application Security Container Security Security Operations DevSecOps

Tools: Qualys Veracode Prisma Cloud AWS VMware ESXi Kenna Archer Nessus JIRA Hybrid Analysis Nmap Wireshark Docker Virtual Box Tableau Splunk GitGuardian CrowdStrike

Programming: Shell scripting Perl Python C++ PL/SQL HTML Java Ruby

Professional Experience

Charter Communications- Security Engineer I, Greenwood Village, CO Aug 2022- Ongoing

Application Security

Implemented a robust application security program, thereby reducing 60% of the critical vulnerabilities identified in Charter's web applications.

Collaborated with the principal engineer to spearhead the DevSecOps initiative which has enabled us to integrate security into the software development lifecycle, resulting in a 50%reduction in the time to remediate vulnerabilities.

Presented the AppSec program's achievements and status to top management in a compelling narrative format, using metrics to tell a story of success.

Crafted comprehensive Request for Information (RFI) documents to assist principal engineers in soliciting vendor responses for Static Application Security Testing (SAST)and Dynamic Application Security Testing (DAST) application assessments as part of the vendor bake off evaluation.

Assisted the senior engineers with firmware reviews on Customer Premise Equipment (CPE) (Retail + Leased) utilized in all areas of services – residential, SMB (Small medium business), and commercial.

Increased application scans by 105% using Veracode.

Enforcing security controls to ensure Secure Software Development Life Cycle (SDLC) across DevSecOps pipeline

Led code reviews for security vulnerabilities, focusing on OWASP Top 10 risks, and collaborated with development teams to implement effective remediation solutions.

Vulnerability Management

Investigated false positives and risk-accepted vulnerabilities detected via Qualys scans, and ensured accurate classification and mitigation.

Improved authenticated scan coverage for customer-facing devices and managed vulnerabilities through Kenna.

Maintained the security posture of the company as per best practices laid by NIST framework.

Maintained dashboards, created, collected and reported vulnerability security metrics to management.

Charter Communications- Security Engineer Intern, Greenwood Village, CO Jan 2022- Aug 2022

Detected vulnerabilities through port scanning and automated scanners

Rationalized the enterprise's asset list for network scanning by engaging with vulnerability management and IP control teams.

Mapped the customer facing red network assets for improved IP management through N-map.

Conducted threat analysis for about 500 incidents, reducing response times by 30% through improved processes.

Reformed unpatched/vulnerable systems by advising different project teams on triaging security defects.

Education

August 2018- December 2023 Bachelor of Innovation in Computer Security,

University of Colorado, Colorado Springs

Certifications

Vulnerability Management Specialist- Qualys (Jun 2022)

Contact this candidate