GAGANDEEP SARAN
Mountain,CA
Summary
Information Security expert with experience across full information systems lifecycle. Highly skilled in Threat & Vulnerability Management. Self-motivated and deadline-oriented with track record of on-time deliverables.
Overview
12
12
years of professional experience
1
1
Certification
Work History
Senior Cyber Security Consultant
Visa
12.2022 - Current
- Conducted security assessments and vulnerability scans, identifying and addressing critical vulnerabilities in the cloud environment, VMs and Bare metal infrastructure resulting in a 40% reduction in potential security risks
- Assisted with remediation planning, governance, and risk treatment activities for the organization as required, with a focus to reduce the overall number of Security findings, exceptions, and the duration to remediate with an effective upto 90% remediation
- Experienced with Container Vulnerability Management, Identification of Vulnerabilities in Container images using Prisma cloud
- Collaborated with development teams to implement secure coding practices, reducing the number of security vulnerabilities in code by 50%
- Deep understanding of tools like Qualys, prisma cloud, Kali Linux, Burp suite, Black Duck, Sona type and Penetration testing Framework
- Manage SIEM solution for effective security monitoring of systems, optimize the performance of log collection and correlation rules
- Review SOC Alerts and respond to incidents
- Discovered the best actions necessary to defend devices, networks, software, data, and complete information systems against possible intrusion and phishing attacks
- Acted as an escalation for technical questions from clients and internal teams based on penetration test, Vulnerability Scans, Cloud Vulnerabilities and Security Architecture findings
- Lead innovation efforts to increase efficiencies and automated manual processes as appropriate.
Information Security Analyst
Apple Inc
09.2018 - 11.2022
- Responsible for Infrastructure, datacenter Servers, endpoint devices vulnerability Scanning and vulnerability reporting through Qualys in different campaigns and ad hoc request for subsidiary Monitored them constantly through dashboard by running reports weekly and bi-weekly Configured vulnerability scans, tailored to specific client requirements Performing security analysis and identifying possible vulnerabilities in key derivation function Vulnerability Assessment report detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities Facilitates vulnerability remediation process, created workflow with all Business Cross functional team to achieve effective remediation goals (above 90)
- Responsible for 3rd party risk assessment through security scorecard with improving and maintaining score to more than 95 Identified and resolved any false positive findings in assessment results Keep current with vulnerabilities, attacks, and countermeasures as well as devoting time to research and development activities Conducted Vulnerability scan to meet 100 percent compliance for common information technology management frameworks such as NIST, PCI-DSS, ISO 270002
- Maintained inventory of hardware items and software licenses.
Information Security Intern
Chelsoft Solutions Co
01.2018 - 06.2018
- Directed research pertaining to latest vulnerabilities, tools and latest technological advances in combating unauthorized access to information Performed Vulnerability scans using Nessus tool Understood approaches for addressing vulnerabilities including system patching, deployment of specialized controls, code or infrastructure changes, changes in development processes, cloud and mobile devices Identified and resolved any false positive findings in assessment results Worked with computer operations to define standard operating system builds and configurations and develop effective build maintenance processes.
Cyber Security Analyst
Genpact Headstrong Capital Markets
02.2014 - 01.2017
- Worked as System administrator and Cyber Security analyst for Credit Agricole Corporate and Investment Bank
- Administered and maintained user access controls, processes, and procedures to prevent unauthorized access, modification, or misuse of bank resources Experienced in Account creation, Password reset, addition of user's attributes using Active Directory Created and managed MS Outlook mailbox for employees using Microsoft Exchange Server 2010 Assess and Analyze security events from various monitoring and logging sources to identify and/or confirm suspicious activity Managed firewall, network monitoring and server monitoring Managed Patch management process, Patch deployment of system and servers Prepared weekly progress deck for team and discuss progress with client on weekly basis Taken care of Incident Management and Service Request Management.
Technical Developer
Genpact India PVT Limited
05.2011 - 01.2014
- Provided IT support to U.S clients (DuPont, Wilmington DE) Worked on different technologies like Networking, Windows, VMware, Citrix Managed and Maintained Servers, PC's, Routers and Switches Updated servers with latest service packs and hotfixes Taken care of account creation, Password reset, addition of user's attributes using Active Directory Created and maintained virtual machines using VSphere Created and configured baseline image for system and servers using Citrix tool Monitored health of organization's IT systems and assets through regular health check.
Education
M.S - Cybersecurity & Information Assurance
University of Central Missouri
Warrensburg, MO05.2018
Bachelor of Technology - Electronics & Communications
Punjab Technical University
08.2009
Skills
- Vulnerability Scanning Tools: Qualys, Rapid7, Nmap, Masscan, Malware Scanning: Crowd strike SIEM tools: Splunk
- Web Vulnerability Scanning Tools: Burp Suite, Nikto, SQLMap
- Penetration Testing: Metasploit, Kali Linux, Wireshark
- Programming language: Python, C Soft Skills: Problem Solving Skills, Good Interpersonal Skills
- Project management
- Powershell scripting
- Intrusion detection
- Risk assessment
- Administer information security software and controls
- Security event monitoring and investigation
- SQL programming
- Cloud security assessment
Certification
CISSP - Certified Information System Security Professional
Timeline
Senior Cyber Security Consultant
Visa
12.2022 - Current
Information Security Analyst
Apple Inc
09.2018 - 11.2022
Information Security Intern
Chelsoft Solutions Co
01.2018 - 06.2018
Cyber Security Analyst
Genpact Headstrong Capital Markets
02.2014 - 01.2017
Technical Developer
Genpact India PVT Limited
05.2011 - 01.2014
M.S - Cybersecurity & Information Assurance
University of Central Missouri
Bachelor of Technology - Electronics & Communications
Punjab Technical University
Similar Profiles
SHREYA DESHREYA DE
DIRECTOR OF ENGINEERING at VISADIRECTOR OF ENGINEERING at VISA
Gary GodbeeGary Godbee
Global Technology Sourcing, Senior Director at VisaGlobal Technology Sourcing, Senior Director at Visa
Karthikeyan KanagarajKarthikeyan Kanagaraj
Staff Software Engineer at VisaStaff Software Engineer at Visa
Michael J. GreenMichael J. Green
VICE PRESIDENT, GOVERNANCE, INVESTIGATIONS AND TRAINING at VISAVICE PRESIDENT, GOVERNANCE, INVESTIGATIONS AND TRAINING at VISA