Santhosh Sivasankaran

Performed Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite and Nessus. Performed risk assessments to ensure corporate compliance and quarterly audit program. Perform Network related changes like provide remote support for hardware replacement and validate configuration changes. Define and document a security road map for Brown Advisory’s network. Implementing system security hardening guidelines on the systems and performing functional testing on the system after system security hardening is in place.

Work with internal business units to drive secure configurations in images used for desktops, servers, network devices, and wireless network devices. Strong Linux administration skills and hands-on programming experience. Identify and resolve any false positive findings in assessment results. Delivers security training and education to technical staff within findings and acts as an internal security consultant to advise or influence business or technical partners Performs R&D on new technologies. Responsible for identifying and classifying cyber security vulnerabilities and work on mitigation plans with system owners, ensure plans are documented understood and track the results of the plan execution. Conducted security assessments and vulnerability testing for internal systems, providing recommendations for remediation and mitigation strategies. Monitored and analyzed security logs and alerts, identifying potential threats and responding to incidents. Configured and maintained network devices such as routers, switches, and firewalls.

Experience with Splunk searching and reporting modules, knowledge objects, dashboards, add-on's, access controls, and lookups. Audit defensive security products and make appropriate recommendations based on industry best practices for remediation. Assist client in managing their information protection and data. privacy Review Nessus scans, Burp results, Cylance for potential threats. Identify security issues such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflow. Performing vulnerability assessment on the IT systems viz. Servers, Network Devices, Web Applications. Identifying the critical, High, Medium, VA in the applications based on OWASP Top 10 and prioritizing them based on the criticality Investigated Cyber threats, and managed policy for Host Based Security System (HBSS) using e Policy Orchestra- tor, performing asset discovery and compliance scans using e Eye Retina. Configure port-security to prevent any unauthorized access to the network.

Performing containers vulnerability assessment on Lacework,Aquasec, IBM marketplace,GCP Marketplace, DTR, Sonarqube, SYNK,Shiftleft. Experience in using scripting languages to automate tasks and manipulate data. Programming experience is a plus. Conducted AWS Well-Architected reviews to ensure system reliability, performance, security, scalability, and cost-effectiveness. Assessing IT control elements to mitigate IT risks regarding the confidentiality, integrity, and the availability of business information. Reviewing the systems for IT general controls, risk and compliance with policies and regulations. SaaS/MaaS/PaaS platform p erforming container security, Image hardening, K8s security, API security, and threat modeling. Good Knowledge Kubernetes to orchestrate the deployment, scaling and management of Docker. Design & Implementated business by using best practices, Defining the security architecture, security tools, techniques, methodologies to implement secure development and production environmenet in cloud/containers platform on PaaS & SaaS. Onboarded GitHub Enterprise and GitHub Actions to help streamline collaboration, developer productivity, CI/CD pipelines, and the ability to ship higher-quality software faster.