Bharath M

• Experience in evaluating, rating, and performing vulnerability assessments on assets.

• Experience with tools such as Rapid7 Nexpose and InsightVM vulnerability scanner

• Experience in threat modeling, identifying process gaps, and work closely with internal and external teams to address vulnerabilities based on their risk rating.

• Developed and implemented third-party risk management program, including risk assessment frameworks and due diligence process for vendor onboarding and ongoing monitoring.

• Deployed and managed Data Execution Prevention (DEP) systems to enhance the security posture of critical infrastructure.

• Led vendor risk assesmnets for key third-party service providers, utilizing industry recognized frameworks such as shared assements standardized information gathering questioner to evaluate security controls and procyices.

• Proficient in using leading TPRM tools and platforms to centralize vendor risk assessments, track compliance status and automate risk mitigation workflows.

• Optimized DEP configurations to minimize false positives while maintaining robust security measures.

• Experience in assist the oversight of patching when it comes to vulnerabilities, coordinating patch schedules, and communicating vulnerability patch status to senior leadership.

• Experience in vulnerability management strategies, the operation and configuration of enterprise vulnerability scanners, and presenting reports in a meaningful way to assist the teams responsible for addressing the vulnerabilities found.

• Worked closely with incident response teams to enhance DEP policies based on real-world threats and attack vectors.

• Collaborated with cross-functional team, including legal and Procurement, to streamline the vendor due diligence process, facilitating the assessment of venodors security postures and contractual obligations.

• Support Regional TPRM team on the reporting of high-risk third-party contracts and third party high risks / ineffective controls and highlight third party risks and the action planned to address inadequate controls to executive management.

• Collaborated with cross-functional teams to remediate vulnerabilities through DEP configurations and other security measures.

• Experience in Developing information security policies, standards, and procedures for the Vulnerability Management program.

• Experience in Coordination with other teams and business partners regarding Vulnerability Management best practices for both on premise and cloud-based solutions for employees, contractors, partners, and customers.

• Experience in Manage and monitor for newly announced vulnerabilities and CVEs

• Served as the Vulnerability Manager expert and trusted advisor.

• Addressed vulnerabilities quickly and efficiently while ensuring little to no impact to the business.

• Experience in making tactical decisions and contributes to strategic decision-making process.

• Has complete discretion on making decisions regarding vulnerability patching..

• Experience with tools such as Rapid7 Nexpose and InsightVM vulnerability scanner.

• Generate the reports on a daily basis and execute the daily tasks. Managing and adapting the scan schedule.

• Assists the Third-Party Risk Program Manager/Officers to implement and educate on the policies, standards, guidelines, tools, models, systems, and procedures required to support the Program.

• Implemented DEP solutions to protect against buffer overflow attacks and other memory-related vulnerabilities.

• Managing permissions and access to the product. Performing authenticated and unauthenticated vulnerability scanning.

• Troubleshooting and debugging scans.

• Assisting teams with vulnerability resolution, including providing assistance researching vulnerabilities solutions and addressing false positives to reduce system workloads, performing confirmation scans when appropriate, meeting regularly with remediation team, and building reports to provide teams with necessary data. Assisting teams with tracking remediation approaches within InsightVM or Excel.

• Review and advise on existing reports and suggest reports that would solve current business use cases as well as factor the relevant metrics to track Vulnerability Management program.

• Experience with vulnerability management metrics as per Organization standards.

• Experience with Firewall Rule Requests (Ports, Protocols and Services)

• Handled Baseline Configurations, vulnerability exceptions and Compliance exceptions. Update, create and adjust custom policies, standards, and procedures. Manages Policy Compliance scans to configure the settings.

• Design, Configure and adjust Vulnerability and Compliance scanning operation.

• Assist with routine compliance and audit functions to ensure regulatory scanning requirements are satisfied

• Coordinates with the Third-Party Program Manager/Officers to maintain the third-party inventory, risk assessment information, contracts, action plans, watch list, service level agreements, issues, and required documents within the GRC system, SharePoint, and document management system.

• Perform vulnerability, configuration, and compliance scan with Nexpose to detect deficiencies and validate compliance of information systems configuration with organization's policies and standards such as Center for Internet Security (CIS) Benchmarks.

• Analyze vulnerabilities to determine remediation measures and rule out false positive using resources such as National Vulnerability Database (NVD), US-CERT and CIS

• Develop Vulnerability Assessment Report (VAR) to document findings and recommend remediation measures Risk management framework knowledge /Risk assessments security awareness

• Brief System Administrators on the vulnerability report and the recommended remediation

• Assist in the planning of remediation strategies. Work with client to provide advice Remediation, Scanning and projects.

• Monitored DEP logs and alerts to detect and respond to potential security incidents.

• Coordinate with team members to provide guidance related to requirements

• Experience with SAI Digital Manager 360 (Modulo) to do the risk assessment of systems and applications. Assist in the implementation of Risk Management Framework (RMF), through the required government policy and participate fully in documentation process

• Performed security analyses to validate established risk on systems and applications.

• Develop Authorize to Operate (ATO) document to amend the deficiency is system operation as required

• Document Assessment result and Authorized technical activities and coordinate system security plan (SSP)

• Periodically conduct a complete review of each system audits and monitor for corrective action

• Conducted vulnerability scanning (using Nessus), system hardening, security assessment, and penetration testing (using Nmap)

• Interpreted and communicated scan results (often customized as needed) verbally and written to stake holders Strong knowledge of NIST 800-53 Revision 3/4, NIST 800-37, FISMA, HIPAA, Risk Management Framework (RMF), and additional cyber security standards and policies.

• Performed and presented vulnerability assessments

• Quantitatively and qualitatively identified risks to organizational assets, based on scan results

• Conducted documents analysis; assisting with privacy complaints and incidents in accordance with federal privacy policies and procedures

• Firm understanding of networking basics

• Ensure compliance with annual FISMA deliverables and reporting.

• Assisted in proactively developing patch and vulnerability management procedures and processes within the security operations center (Using SCCM)

• Working knowledge of bash shell scripting language and linux

• Provided remediation strategies for vulnerabilities impacting network devices, servers, workstations, etc

• Validated security configurations to ensure they are implemented in accordance with Cybersecurity policies, requirements, and directives, including compliance with Security Technical Implementation Guidance (STIG), Security Requirements Guides (SRGs), and checklists.

• Worked with engineering/architectural teams to assist with privacy assurance protocols.

• Reviewed new security solutions designs and specifications to validate they are ready for existing security operations environment

• Familiarity operating in cloud based environments (AWS/Virtual Systems)

• Operated configuration management tools to support configuration identification, control, reporting, and auditing. Documented and analyzed deficiencies in Plans of Actions and Milestones (POA&Ms) or requests prepared for

• Acceptance of Risk (AoR)

• Develop and maintain SSPs and all other system security documentation, reviewing and updating them at least annually for all assigned systems

• Working knowledge of use of Security Event and Information Management (SIEM) tools for signs of malicious or suspicious activity

• Working knowledge and use of tools including Tenable Security Center, SCCM/WSUS,

• Experience with standards such as Open Web Application Security Project( OWASP), Common Vulnerability Scoring System(CVSS), DISA STIGs, Center for Information Security (CIS) benchmarks, Common Vulnerabilities and Exposures (CVEs)

• Performed Manual Penetration Testing on projects in web applications.

• Manage and perform Confidential AppScan scans before all production releases and analyze vulnerabilities and report to all stakeholders.

• Performed Static Application Security Testing (SAST) using tools such as HP Fortify.

• Performed Dynamic Application Security Testing (DAST) using tools such as Confidential AppScan.

• Perform manual security testing for OWASP Top 10 vulnerabilities like SQL Injection attacks, XSS, CSRF, Session Management etc.

• Performing the manual code review to remove the False Positives and also identify the False Negatives.

• Prepared comprehensive security report detailing identifications, risk description and recommendations with the code snippets for Vulnerabilities.

• Used Burp suite to identify issues like sql injection, XSS, CSRF etc.

• Performed security design review, threat modeling and architectural/system security assessments.

• Static Code analysis using HP Fortify to identify the vulnerabilities in the applications.

• Manual penetration testing of the applications and APIs to identify the OWASP Top 10 vulnerabilities.

• Performed a threat analysis on the new requirements and features.

• Conducted Web Application Vulnerability Assessment & Threat Modeling, secure code review on the applications.

• Conduct re-assessment after mitigating the vulnerabilities found in the assessment phase.

• Provide Security requirements to project teams during design phase.

• Security test planning and security test execution on Web platform projects.

• Train Provided QA Team to identify and acknowledge security issues in their projects.

• comprehensive report on vulnerabilities and action plan to mitigate the identified vulnerabilities.

• Utilizing various logs, rules, and indicators of compromise to correlate events for the purposes of exploit prevention and incident response.

• Researching, identifying and implementing best security practices for all systems and service deployments.

• Monitoring common vulnerability exposure databases (CVE) and identifying vulnerabilities to prevent exposure to all known and potential threats.

• Using research and analysis of vulnerabilities to identify relevant threats and recommend corrective actions based on summarized reporting results.

• Developing methods for addressing vulnerabilities that include system patching

• Managing the tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology teams.

• Prepare combined reports of level of risks, their trend and frequency to the client.

• Preparing detailed documentary to the development team which consists of vulnerability lists, their causes and mitigation or suggestions to over each of them.

• Executed Network Penetration vulnerability assessment on internal network to check out for the various vulnerabilities in the existing network and ensured to communicate the correct mitigation for the existing vulnerabilities to the client.

• Scanned and analyzed port scan results, manually verified the vulnerabilities related to the ports of the system.

• Provided comprehensive report on findings and action items to fix the identified vulnerabilities

• Informed security vulnerabilities identified and recommendations proposed to fix the same: FTP related vulnerabilities, information disclosure, default username/passwords etc.