Deepak Rathore

Performing Website Security Testing based on OWASP Top 10 (Automated and Manual) • Conducting Vulnerability Assessment and Penetration Testing (Automated and Manual) • Conducting Malware Analysis activities and Developing Malware Signature for Firewall and IDS/IPS • Implementing Secure Network Infrastructure • Research on Exploit Development • Daily onsite – offshore status reporting and team management

Auditing/Security Testing of Web Applications based on OWASP/WASC/SANS • Vulnerability Assessment and Penetration Testing of Web Application & Networks • Auditing of IT Infrastructure/Data Centers (Banks, ERP Audit etc.) based on ISO 27001 and RBI guidelines • Configuring and maintenance of Routers, Switches, Firewalls, IDS/IPS. • Patch and configuration management. • Log Monitoring and Preparing status reports • Support to marketing team in terms of clarity of services, joint discussions and customer meetings

Security Testing of Web Applications based on OWASP/WASC/SANS and other vulnerabilities • Vulnerability Assessment and Penetration Testing • Handling Automated DAST and SAST program with various commercial tools • Handling SAST (Static Application Security Testing) program with HP Fortify, Checkmarx and IBM Appscan • Manual & Automated Source code review and False Positive Analysis of reports • Handling DAST (Dynamic Application Security Testing) program with HP WebInspect, Acunetix and Qualys WAS commercial tools • False Positive Analysis of reports generated by Acunetix, Qualys WAS and HP WebInspect • Handling Enterprise Vulnerability management program • Vulnerability remediation & assistance to various teams for mitigation

Handling Technical Risk Management Program for whole organization • Security Testing of Web Applications based on OWASP/WASC/SANS and other vulnerabilities • Vulnerability Assessment and Penetration Testing • Initiating & Setup various Enterprise Security Programs as per business requirements in organization i.e. DLP, AV, Log Monitoring, Encryption Technology, SSL, Risk Management, Proxy, email security etc. • Risk Assessment & Threat Modeling for critical IT system and applications • Checklist based technical audit (based on ISO 27001, NIST and other standards) • Manual & Automated Source code review and False Positive Analysis of reports • Implementing Secure Coding & Programming Principles and Process • Security Architecture review & consulting • Vulnerability tracking management, remediation follow up & assistance to various teams for mitigation techniques

Part of Global Information Security Group and worked closely with CISO for various security initiatives • Leading Application Security, Security Operations, and Security Automation programs organization wide • Helping to develope a virtual security team called “Security Champions” focused on Application security & Security operations to bridge the gap between IT security and product development teams • Conducting application security assessments activities for Web Applications including Web services & Thick/Thin Client • Performing Vulnerability Assessment and Penetration Testing • Performing manual and automated source code reviews • Performing penetration testing for various mobile applications for Android, and iOS • Work with different process champions to build cost saving model and automating security process using various scripting language & continuous integration tools i.e. Jenkins. Creating DAST and SAST pipelines using various open source and commercial grade tools. • Conducting Threat Modeling & Secure architecture review and Driving the implementation & rollout of the secure SDLC process to ensure security is incorporated into the software and product development lifecycle • Performing periodic audit and determine the operating effectiveness of the information security controls. • Measuring maturity of Morningstar software security program using the Building Security In Maturity Model (BSIMM) • Lead design requirements for enterprise identity and authentication systems • Lead application security metrics and governance program including for cloud architectures like AWS • Developing training materials for security awareness and delivering security technology training, such as emerging trends of security risks, latest security tools and methodologies, information security concepts, etc. • Evaluating & Implementing enterprise security solutions as per the business requirements • Responding to incidents, analyzing different logs, performing root cause analysis (RCA) and Transferring learnings from security incidents into security guidelines in accordance with the security strategy • Pro-active follow up on potential security risks & incidents and Work closely with various stakeholders and application teams to mitigate open security issues

Part of Cyber Security CoE and working closely with business leaders to fulfill their cyber security requirements and acting as a cyber defense subject matter expert for IT and OT security. Currently deputed on a client project as Purple team lead where I need to perform RED team and Blue team assessment. Also, providing cyber defense leadership and guidance within the region, articulating region-specific cyber threats and requirements. • Conducting security assessments for connected devices & products (Operational Technology) including IoT, Embedded devices, SCADA, Automotive CAR, and Medical Devices etc. • Developed application certification program for the client with respect to cyber security and privacy requirements that is being used to evaluate the maturity of the developed/procured applications. • Created Open Source Analyzer to proactively scan reported CVEs for all open source & 3rd party library software. • Evaluate Capgemini's client's applications and internally developed applications to determine potential security vulnerabilities by conducting various cyber security assessments. • Lead in defining Capgemini’s client's security posture by creating reference security architectures, conducting application threat modeling and technical risk assessments, and compliance reviews • Deep technical security knowledge to assist architects and developers in designing enterprise grade secure systems • Identify security vulnerabilities (in code, architecture and infrastructure) and provide expert support and guidance to technical and business personnel. Work directly with clients and internal business units to communicate risks and help resolve open vulnerabilities using enterprise risk & vulnerability management program • Implementing security pipelines using various security tools for DAST, SAST, and deployment. Also, having hands-on knowledge of AWS DevSecOps tools and services. • Conducting application security assessments activities for Web Applications including Web services & Thick/Thin Client • Performing Vulnerability Assessment and Penetration Testing for Infrastructure and Network devices • Performing manual and automated source code reviews • Performing penetration testing for various mobile applications for Android, and iOS platform • Conducting OSINT, Social Engineering and Phishing Campaigns for Information Security Awareness • Performing gap analysis, Risk Assessment, Business Impact analysis and vendor risk assessment • Leading enterprise security architecture and review program. Also, leading the development, maintenance and communication / training of future and current state security architecture strategies across the Cyber Security Practice • Assist in maintaining and updating cyber security policies, secure coding guidelines and other security related documentations • Lead the enhancement/development of secure software development lifecycle for Capgemini's client • Reviewing and updating IT security and related compliance security requirements • Act as a security and privacy advocate to protect sensitive data • Developing training materials for security awareness and delivering security technology training, such as emerging trends of security risks, latest security tools and methodologies, information security concepts, etc