AVINASH SWARNA

• At CDS my current role is Cyber Security Specialist, I am responsible for cybersecurity product compliance activities to support solution development and delivery, conducting thorough assessments and audits to identify potential vulnerabilities and control gaps
• Defined Cloud Architectural standards and best practices for large-scale designs, policies, and control standards in a Hybrid Cloud environment, encompassing CASB, CSPM, DLP, and SOC strategies
• Managed the overall delivery of security tracks, implementation strategies, and proof-of-concepts (POCs) aligned with Cloud Security Alliance (CSA), NIST 800 Series, CSF, OWASP Top 10, PCI/DSS, and industry best practices
• Spearheaded Identity and Access Management (IAM) initiatives including Policies, MFA, SAML Federation, and Akamai Web Application Firewalls (WAF)
• Collaborated with AI researchers and developers to integrate security protocols seamlessly into the development lifecycle of Generative AI models
• Reviewed and updated security controls for network components such as VNet, Subnets, Auto Scaling, Security Groups, ACLs, Azure Config, and VNet Logs
• Developed data security protocols and implemented across teams, focusing on Data-at-Rest Encryption using AES 256, KMS, SafeNet KeySecure, and CloudHSM
• Managed Patch and Vulnerability Management and formulated Penetration Testing Strategies
• Led cloud security efforts for enterprise projects under GDPR compliance, ensuring new data privacy laws for Personally Identifiable Information (PII) were met
• Implemented robust access controls and encryption methods for protecting sensitive data utilized by Generative AI models
• Supported public, private, and hybrid cloud services on AWS and Azure to meet FedRAMP guidelines and NIST Special Publication recommendations (NIST 500-292, 800-53, NIST CSF)
• Implemented SOC type 2, ISO 27001, and other stringent compliance audits
• Created and managed Azure Resource Manager (ARM) and Terraform for Infrastructure automation
• Environment: Kubernetes, Azure, SOC, SIEM, K8s, GenAI, IAM: Policies, MFA, Federation, GDPR, AWS, MySQL, Azure SQL DB, Azure Data Factory, EventHub, SOC2, ISO27001

• Responsible for collaborating corss teams to develop, implement, review, and update Information

Security policies and procedures in accordance with regulatory requirements and industry standards.

• Designed and Implemented Cloud Governance and Security using Wiz.io, Splunk, Cloud Trail,

Cloud Watch, Lambda and other AWS services to identify and remediate security threats.

• Defined SCP policy and firewall rules to establish On-Prem and AWS workspace connectivity

• Monitored, analyzed and responded to network incidents and events(SOC SEIM)

• Collaborated with solution engineering teams to develop Disaster Recovery Plans, implementation

and annual tabletop exercises to meet client and audir requirements.

• Developed and enforced security standards and best practices specific to Generative AI technologies,

ensuring compliance with industry regulations and company policies.

• Developed an Enterprise Security Risk Management Framework, and Cloud Security Posture Controls

• Conducted Third-Party Risk Assessments in Servicenow and Archer goverance tools.

• Worked on Dockerizing applications and configuring container orchestration security pipelines using

Kubernetes, AWS ECS, AMI, and Helm package manager, alongside CI/CD pipelines.

• Enhanced data security governance and disposal strategies in accordance with NIST guidelines.

• Conducted SOC assessments, established baseline and target maturity levels, and developed

transformation strategies.

• Defined standards for key AWS Cloud Services, implemented baseline security controls (NIST 800-53 Revision 4), and provided additional guidance on these controls
• Designed and developed Cloud-specific security policies, standards, and procedures including firewall management, SSL/IPSec, SIEM (Security Incident and Event Management), DLP (Data Loss Prevention), encryption, user account management (SSO, SAML), and password/key management
• Conducted regular system tests, reviewed network security, and ensured continuous monitoring of cloud security posture management, implementing Proof of Concepts (POCs)
• Drove continuous improvement of Security DevOps pipelines, processes, and Information Security tools, services, and processes
• Assisted Developers and Operations (DevOps) teams with the use of Platform as a Service (PaaS) and Container as a Service (CaaS)
• Implemented monitoring and logging solutions tailored for detecting anomalies and potential threats within Generative AI environments
• Conducted stakeholder interviews and prepared control tests within defined scopes for SOC II audit reporting and attestations under SSAE 16
• Lead vendor risk programs, and the onboarding and offboarding of relationships, continually assessing their security practices
• Environment: IAM, Azure, AWS, Kubernetes, SOC, SIEM, K8s, GenAI, AWS SecurityHub, IAM: Policies, MFA, Federation, AWS, MySQL, Azure SQL DB, Azure Data Factory, SOC2, ISO27001, PCI/DSS

• Define and drive end-to-end agile DevOps based software development life cycle with automation in mind with right tools and techniques to improve security posture across organization
• Perform risk assessments that identify vulnerabilities in policy, processes, applications, and controls requiring techniques to mitigate inefficiencies
• Developed, maintained, and managed an Information Security Management System aligned with ISO 27001, SOC type 1 and SOC Type 2 audits
• Managed the large security, risk and compliance initiatives of SOX-404 IT, PCI DSS and HIPAA/HITECH, Privacy Act, and FTC including security policies, procedures and controls
• Build and operate a security & awareness program relating to vendor risk management program
• Setup entire process for automated dev, qa, and production deployments with Ansible and Jenkins
• Help SOC team to coordinate reports from the SIEM, IDS/IPS, and vulnerability scanning
• Developed 'Infrastructure as Code' mindset across technology teams to automate configuration management through GIT
• Environment: Kubernetes, SOC, SIEM, K8s, Sagemaker, IAM: Policies, MFA, Federation, AWS, MySQL, Azure SQL DB, Azure Data Factory, SOC2, ISO27001

• Designed, implemented, and supported fully automated CI/CD processes using Jenkins and DSL Build Pipeline
• Engineered Jenkins for administering weekly Build, Test, and Deploy chains as part of CI/CD processes, utilizing SVN/GIT with Devel/Test/Prod Branching Model for weekly releases
• Implemented CyberArk Privileged Identity Management suite and session management suite (version 9.7) for secure identity management
• Collaborated across teams to resolve CyberArk issues in CyberArk Central Policy Manager (CPM), ensuring credential reconciliation and maintenance for CyberArk versions 9.6 and 9.8
• Managed application account lifecycle using CyberArk on Windows, databases, and Linux servers through the AIM module
• Integrated SIEM event monitoring systems such as Splunk and ArcSight with CyberArk and BeyondTrust for enhanced event monitoring capabilities
• Administered CyberArk vault, overseeing Safe creation, LDAP integration, and other authentication methods
• Managed and resolved DNS issues in multi-zone environments, ensuring integration with Active Directory
• Environment: Jenkins, Sonarqube, Encryption, BGP, CI/CD, Jenkins, Firewall, IAM: Policies, MFA, Federation, AWS, MySQL, Azure SQL DB, Azure Data Factory, SOC2, ISO27001