Omkar Raut
Charlotte,North Carolina
Summary
A cybersecurity consultant with 3 years of experience, who reduced security risk by 70% through implementing security measures, is now seeking a rewarding career in their area of specialization to utilize their full potential and contribute to the company’s long-term growth.
Overview
3
3
years of professional experience
1
1
Certification
Work History
Security Engineer Intern
Amazon
Seattle, USA
05.2022 - 08.2022
- Devised a framework using Graph Database and data visualization to speed up and increase the accuracy of analysis for complex, multi-dimensional datasets by 80% while also increasing the accuracy of the analysis results by 50%
- Evaluated high-severity tactics and techniques from MITRE attacks and categorized them against AWS services, improving remediation time by 50% and enhancing the organization’s security posture
- Mapped 250+ AWS Security Hub Controls to the different techniques and tactics, and gained insights into various AWS services
- Reduced the time to identify attacks, and implement mitigations by 80% for internal security teams and developers
Associate Security Consultant
Varutra Consulting Pvt. Ltd
Pune, India
11.2019 - 08.2021
- Adapted to conduct web, network, mobile, APIs, and thick client vulnerability assessment and penetration testing
- Discovered over 100 vulnerabilities and mitigated in the client’s infrastructure with a possible impact of $50 million and considerably more
- Conducted DAST/SAST, ethical hacking, and expertise in exploiting vulnerabilities such as XSS, CSRF, SSRF, Broken Access Control, SQL Injection, Privilege Escalation, XXE, and so on
- Performed client and server side attacks, enhanced and secured clients’ infrastructure, resulting in $3M savings across multiple applications in banking, finance, healthcare, and software industries
- Managed over 30 clients and Implemented security enhancements to the apps, development, and production environments by collaborating with developers and system administrators
- Reported vulnerabilities in a comprehensible document based on their severity and CVSS score, resulting in a 60% decrease in the likelihood of cyber attacks.
Associate Security Analyst
GFI Informatique India
Pune, India
11.2018 - 10.2019
- Monitored and analyzed daily network traffic using LogRhythm SIEM and IDS/IPS tools, detecting and responding to over 500 security incidents, and IOCs per month, and produced 50+ actionable threat intelligence reports
- Investigated the source of malicious network traffic, detecting and blocking 500+ malicious IPs, domains, and URLs; Blacklisted 100+ malicious hashes, mitigating the risk of future attacks
- Created monthly trend analysis, and risk assessment reports utilizing bar graphs and pie charts, resulting in a 40% improvement in the organization’s incident response time and a 25% decrease in overall risk exposure
- Coordinated with customers to provide real-time advice on network configuration, access controls, policies, and attack mitigation procedures, reduced escalation and resolution times by 70% resulting in a $50 million cost savings.
Education
Master of Science - Cybersecurity
University of North Carolina
05.2023
Skills
- Languages: Java, Python, C/C, SQL,HTML/CSS
- Security Frameworks: OWASP TOP 10, NIST, OSINT, SANS 25
- Tools/OS: Burp Suite, OWASP Zap Proxy, Nmap, Nessus, Nexpose, SQLmap, Metasploit, Wireshark, Shodan, Nikto, Acunetix, Netsparker, MobSF, Postman, Echo Mirage Hijacker, Frida, Widows, Kali Linux
- Security Technologies: Nessus Security Center,LogRhythm, Splunk, Cyber Security Operations, Information Security, Cloud Security, Cryptography, Security Monitoring, Computer Forensics, Malware Analysis, Information Assurance, Identity and Access Management , Security Incident Event Management, Multitasking, Teamwork, Problem Solving, Customer Service
Projects
1. Project Tunestore
- Identified and analyzed vulnerabilities within the Tunestore application through a security assessment.
- Conducted a comprehensive security assessment and penetration test to evaluate the overall security of the application.
- Discovered and successfully exploited multiple SQL injection and cross-site scripting (XSS) vulnerabilities, as well as broken access control and clickjacking.
- Implemented mitigation strategies using secure code practices to address and resolve all identified vulnerabilities.
- Performed threat modeling for the application, resulting in the reduction of the attack threat vector.
2. Splunk Project
- Deployed and configured Splunk on local account for log management and analysis.
- Integrated logs from servers, computers, and networks into Splunk for comprehensive monitoring.
- Analyzed over 100k logs to investigate various types of traffic, including DDoS attacks, Command and Control traffic, Ransomware activities, SQL Injection attempts, and Man-in-the-Middle attacks.
- Took proactive measures to mitigate threats by blocking suspicious IP addresses on the firewall for enhanced security.
3.Malware Analysis
- Performed static and dynamic analysis on “mur.exe" and discovered complex malware with dangerous capabilities, including keylogging.
- Identified malware's connection to external server TOOPOLEX.COM for obtaining sensitive data through encryption and CA certificates.
- Highlighted the malware's ability to terminate all processes, including debuggers, using the Terminate Process function.
- Noted the malware's use of various API calls, Windows functions, and manipulation of mouse and keyboard events to evade detection.
- Used tools such as CFF Explorer, PEView, Virus Total, Strings,Resource Hacker, Dependency Walker, Apate DNS, Process Explorer, Regshot,Wireshark, ProcMon,IDA Pro, OllyDbg,
4. Digital Forensics
- Conducted digital forensics investigation on criminal activity as final project for Digital Forensics course
- Analyzed logical images from laptop and USB drive, examining data such as communications, images, web searches, and text files
- Seized accuser's Android phone, laptop, and USB drive to aid in the investigation
- Improved digital forensics analysis skills through project, gaining proficiency in analyzing computers and USB drives
- Utilized tools such as FTK Imager , Autopsy , Reg Explorer, Greenshot, Event Viewer, Silent Eye, Reg Explorer
Certification
CEH - Certified Ethical Hacker
OSCP- In Progress
Certified Network Security Specialist
Timeline
Security Engineer Intern
Amazon
05.2022 - 08.2022
Associate Security Consultant
Varutra Consulting Pvt. Ltd
11.2019 - 08.2021
Associate Security Analyst
GFI Informatique India
11.2018 - 10.2019
Master of Science - Cybersecurity
University of North Carolina
Similar Profiles
Lieszel WolfgrammLieszel Wolfgramm
Fulfillment Center Associate at AmazonFulfillment Center Associate at Amazon
Ethan AlcornEthan Alcorn
Transportation Manager II at AmazonTransportation Manager II at Amazon
Morena ArandaMorena Aranda
Learning at AmazonLearning at Amazon