Overview
Work History
Education
Skills
Timeline
Generic

Mohan M

Overview

9
9
years of professional experience

Work History

Application Security Intern

RC MATRIX LLC
, USA
09.2023 - 01.2024
  • Collaborated with development and architecture teams to assess system and application designs, ensuring that security concerns were integrated into the architecture from the outset
  • Evaluated attack surfaces to determine possible points of exploitation and advised on reducing or eliminating vulnerabilities
  • Worked with cross-functional teams to recommend and implement effective mitigation strategies, offering guidance on secure coding practices and architectural improvements
  • Proficient in using threat modeling tools like Microsoft Threat Modeling Tool to streamline the threat modeling process
  • Promoted a DevSecOps culture by seamlessly integrating SAST and DAST scans into the CI/CD pipeline, ensuring that security is a fundamental part of the development process

Cyber Security Engineer/Analyst

Cognizant Technology Solutions
, India
05.2018 - 11.2022
  • Administrating various incidents/security alerts triggered in the SIEM tool
  • Serving as a Tier 3 Analyst in SOC operations for real-time monitoring, analyzing logs from various security/Industrial appliances
  • Working specifically related to detection and response capabilities using SOAR – Paloalto
  • Experienced into Siem technology like QRadar, Logarithm apart from those I have experience into EDR
  • Carrying out log monitoring and incident analysis for various devices such as Firewalls, IDS, IPS, databases, web servers, and so forth
  • Security event analysis and intrusion detection by review and analysis of events generated by various Components including IDS/IPS, firewalls, Routers, DB, OS, and various types of security devices
  • Knowledge of Installation, Configuration, and up-gradation of various connectors, and their troubleshooting
  • Work closely with business units to ensure that they know what and how to feed data into QRadar and Create network hierarchy and classify Log Sources within the QRadar SIEM
  • Monitoring the customer network using SIEM tools – Splunk, Qradar, LR and HP Arcsight
  • Performing Real-Time Monitoring, Investigation, Analysis, Reporting, and Escalation of Security Events from multiple log sources
  • Design, develop and create correlation rules within the Security Information and Event Management SIEM platform

Product/Application Security Engineer

Corefront Technologies Pvt ltd
, India
09.2016 - 04.2018
  • Implemented and managed the integration of SAST and DAST tools into the software development lifecycle, enabling automated security testing at various stages of development
  • Developed and fine-tuned scanning policies for SAST and DAST tools to align with the organization's specific security requirements, minimizing false positives and ensuring effective vulnerability identification
  • Conducted regular SAST scans to analyze source code for security vulnerabilities, including but not limited to SQL injection, cross-site scripting (XSS), and insecure authentication, leading to the early detection and resolution of critical issues
  • Performed dynamic scanning of web applications and APIs using DAST tools to identify runtime vulnerabilities, such as injection attacks, broken authentication, and sensitive data exposure
  • Collaborated with development and security teams to continuously improve SAST and DAST processes, enhancing the accuracy of scans and reducing the time required for security testing
  • Developed custom scripts and automation for advanced SAST and DAST testing scenarios, enabling thorough and efficient security assessments
  • Generated comprehensive reports from SAST and DAST scans, providing clear details of vulnerabilities and recommended remediation steps to development teams
  • Promoted a DevSecOps culture by seamlessly integrating SAST and DAST scans into the CI/CD pipeline, ensuring that security is a fundamental part of the development process
  • Ensured that SAST and DAST scanning processes aligned with industry standards and compliance requirements, such as OWASP, PCI DSS

Network Security Engineer

Datapro Information Technology Pvt ltd
, India
09.2014 - 08.2016
  • Analyzing and implementing complex firewall rules on FortiGate, Juniper, Cyberoam, and Palo Alto security services (PA-3020,3060,5050,5060)
  • Respond to security related requests for help from customers related to physical access, firewall issues, content filter, spam filter and virus protection
  • Assist in identifying security risks and assist in developing mitigation plans
  • Audit firewall rules
  • Analyze logs
  • Assist in managing vulnerability analysis and work with people to correct deficiencies
  • Manage content filters
  • Troubleshooting and resolving security related technical issues effectively and efficiently
  • Assist the IT Security Manager with audits for both physical site and data systems
  • Prioritize, evaluate, resolve and escalate calls as required
  • Provide appropriate detailed and timely follow-up support with customers
  • Submit accurate and well-documented solutions consistently for inclusion in the knowledge base
  • Provide updates, status and completion information to the IT Security Manager through voice mail, email or in-person communication
  • Participate in security related projects
  • Review and update security policies and procedures
  • Evangelizing security within the company and be an advocate for customer trust
  • Maintain confidentiality of all applicant, client, and company proprietary information

Education

Master’s - Data Analytics

Clark University
MA, United States
01.2023

Advanced Certificate Programme - Data Science

IIT- Bangalore
India
01.2022

B-tech - Electronics and Communication Engineering (ECE)

Jawaharlal Technology University
Anantapur, India
01.2014

Skills

  • Cyber Security operations
  • SIEM
  • EDR/XDR
  • Network Security Operations
  • NIPS
  • Secure SDLC
  • Threat modeling
  • Secure coding
  • SAST
  • DAST
  • Vulnerability Assessment
  • Penetration Testing
  • DevSecOps
  • Infrastructure Security
  • Network Security
  • AWS cloud
  • Microfocus Fortify
  • Checkmarx
  • Mend
  • Burpsuite Professional
  • Nmap
  • Nessus Vulnerability Scanner
  • OWASP ZAP
  • Microfocus WebInspect
  • Microsoft Threat Model 2016
  • Linux
  • Ubuntu
  • Redhat
  • Windows Servers
  • F5 ASM Web Application Firewall
  • Metasploit frameworks
  • OWASP
  • SANS-25
  • PCI DSS
  • ISO 27001
  • GDPR
  • NIST
  • ITIL

Timeline

Application Security Intern

RC MATRIX LLC
09.2023 - 01.2024

Cyber Security Engineer/Analyst

Cognizant Technology Solutions
05.2018 - 11.2022

Product/Application Security Engineer

Corefront Technologies Pvt ltd
09.2016 - 04.2018

Network Security Engineer

Datapro Information Technology Pvt ltd
09.2014 - 08.2016

Master’s - Data Analytics

Clark University

Advanced Certificate Programme - Data Science

IIT- Bangalore

B-tech - Electronics and Communication Engineering (ECE)

Jawaharlal Technology University

Similar Profiles

CREATE PROFILE
Mohan M