Nissha Gandhi
Summary
- Experienced Security Professional with more than 5 years of progressive experience. I excel in orchestrating comprehensive risk assessments, pentesting and managing regulatory compliance.
- Proficient in implementing and interpreting security policies, I leverage advanced tools for threat analysis and vulnerability assessments. proficient in utilizing advanced SAST, DAST, and SCA tools.
- Skilled in code reviews across diverse languages, I contributed to pre-sales activities and customer presentations, showcasing strong communication skills.
- Extensive experience in scripting and programming languages such as Python, C, C++, and PowerShell.
- offering expertise in incident response, cloud security (AWS), the Mitre ATT&CK framework, and familiarity with security management frameworks.
Overview
5
5
years of professional experience
1
1
Certification
Work History
CYBER SECURITY ANALYST
Sattrix Information Security (P) Ltd
07.2021 - 01.2022
- Applied expertise in ISO 2700x, PCI-DSS, NIST, MITRE ATT&CK, and OWASP top 10 to ensure product compliance And Data privacy.Delivered a highly compliant product, resulting in a 15% improvement in operational efficiency and a 20% reduction in incident response time
- Enhanced security posture by configuring tools like Nessus, IDS/IPS, Splunk SIEM, Wireshark, and Firewalls
- Conducted vulnerability assessments, reducing identified vulnerabilities by over 50% and cutting mean time to remediate critical issues by 30%, strengthening resilience against cyber threats
- Conducted in-depth business and technical analyses through advanced methodologies, I identify and document appropriate compliance controls, ensuring strict adherence to regulatory requirements and enhancing overall organizational security posture
- Conducted comprehensive risk assessments, identifying, and prioritizing potential security threat. Implemented targeted risk mitigation strategies, resulting in a 20% reduction in the overall risk exposure of the organization.
APPLICATION SECURITY CONSULTANT
Blueinfy Solution (P) Ltd
03.2017 - 06.2021
- Conducted penetration testing and vulnerability assessments for big tech companies like KPMG and Salesforce, identifying an average of 20 security vulnerabilities per system .Resulted in targeted remediation efforts and a 30% improvement in overall system security
- Evaluated and reviewed current cybersecurity tools and controls, identified gaps, offered strategic recommendations, and executed risk reduction plans to fortify organizational security posture.
- Conducted source code reviews, identifying an average of 10 vulnerabilities per review, and providing detailed recommendations for remediation.
- Designed, prepared, and presented comprehensive documentation, including project plans, status reports, briefings, and communication materials for internal and external stakeholders, ensuring clear and effective communication within the organization.
- Collaborated in the design and configuration of Identity and Access Management (IAM) systems, enhancing secure authentication and authorization processes, resulting in a 25% reduction in unauthorized access incidents.
Education
Post-Graduation Diploma in Computer Application Security -
Conestoga College
Kitchner, Canada01.2023
MS in Technology in Embedded System and VLSI Design -
Charotar University of Science and Technology
Changa, India05.2016
Skills
- Application Security
- Access Control
- Vulnerability Assessment
- Penetration Testing
- Incident Response Management
- Intrusion Detection
- Compliance Monitoring
- Network Security
- IDS Integration
- Firewall Configuration
- Ethical Hacking
- Threat Intelligence
- Identity Management
- Web Application Security
- Security Analysis
- Secure Coding
- Security Auditing
- SIEM Management
- Risk Management
- Malware Analysis
- Endpoint Protection
- Risk Assessment
- Information Governance
Certification
- CEH (Certified Ethical Hacker v10), 09/01/20, EC-Council
- CISSP (Pursuing), 03/01/24 , ISC2
Tools
Burp Suite, W3af, ZAP Proxy,OpenVAS, Nmap, Jenkins, SonarQube, Snyk, Wireshark, HP Fortify,Checkmarx, HP Web Inspect, Splunk, IBM Appscan, Qualys Vulnerability Management, Tenable Nessus, Splunk, AppSpider and SQL Map.
Timeline
CYBER SECURITY ANALYST
Sattrix Information Security (P) Ltd
07.2021 - 01.2022
APPLICATION SECURITY CONSULTANT
Blueinfy Solution (P) Ltd
03.2017 - 06.2021
Post-Graduation Diploma in Computer Application Security -
Conestoga College
MS in Technology in Embedded System and VLSI Design -
Charotar University of Science and Technology
Similar Profiles
Subhrajyoti MitraSubhrajyoti Mitra
L1 SOC Analyst at SATTRIX INFORMATION SECURITY LtdL1 SOC Analyst at SATTRIX INFORMATION SECURITY Ltd
Sudhanshu SinghSudhanshu Singh
MSS Lead at Sattrix Information Security Pvt. Ltd.MSS Lead at Sattrix Information Security Pvt. Ltd.
Pratik SolankiPratik Solanki
Security Analyst at Sattrix Information SecuritySecurity Analyst at Sattrix Information Security
Aishwaraya MalagiAishwaraya Malagi
Cybersecurity Engineer at Sattrix Information Security PVT, LTDCybersecurity Engineer at Sattrix Information Security PVT, LTD
Mongo SingbeMongo Singbe
Cyber Security Analyst - Email Security at Luxury Scents UtopiaCyber Security Analyst - Email Security at Luxury Scents Utopia