Summary
Overview
Work History
Education
Skills
Certification
Hobbies and Interests
Training
Languages
Timeline
Generic
Sanket Sahoo

Sanket Sahoo

Katy,TX

Summary

Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager with 10 years of cybersecurity experience in healthcare, banking, financial services, and oil and gas sectors. Experienced in threat analysis, risk assessment, and security infrastructure management to contribute to the defense and resilience of organizational networks. Committed to staying updated on emerging technologies and industry best practices for proactive protection against evolving cyber threats. Specializes in application security with a background in business process automation and management (2 years) and hands-on Java and .NET web application development (3 years). Skilled in identifying vulnerabilities and implementing robust security measures for applications and systems across diverse industries.

Overview

15
15
years of professional experience
1
1
Certification

Work History

Advisory Senior Consultant

DELOITTE & TOUCHE LLP
09.2021 - 10.2024
  • Managing the security portfolio of all the projects for the Department of Health and Safety
  • Developing the strategy of secure SDLC for all the projects in my portfolio
  • Creating Visio diagrams, power point presentations and all data collection on excel and work documents from all the key stakeholders including the client, architecture, infrastructure, development teams and PMO
  • Collecting and presenting the data (how much effort required, what application would be involved, method of sharing reports, severity level of vulnerabilities shared) to establish a secure SDLC which did not exist to all key business and technical stakeholders
  • Running a pilot program to conduct SAST and DAST on the public facing applications
  • Creation of remediation plan and share with development and architecture team
  • After successful remediation of security vulnerabilities, implementing the same secure SDLC for the rest of the application and sharing the remediation plan
  • Also taking care of the zero-day vulnerability check to keep the security check up to date
  • Installation of Checkmarx Products on AWS EC2 and RDS servers
  • Conducting scans using both Checkmarx on-prem and Checkmarx One (CxOne) SaaS products
  • Using OWASP ZAP proxy for finding manual pen testing security vulnerabilities in a web application
  • Proficient in applying frameworks and standards like NIST-800-53/82 and IEC-62443 within an ICS environment
  • Proven experience in OT cybersecurity projects, including leading the development of security architectures and secure network systems
  • Skilled in conducting OT/ICS vulnerability scans, both passively and actively, using tools like Tenable Nessus and NMAP
  • Comprehensive understanding of threats, vulnerabilities, attack paths, and exploits in an OT/ICS environment
  • Experienced in selecting, designing, architecting, and deploying security technologies for OT/ICS environments
  • In-depth knowledge of key technologies such as Endpoint Protection, Identity and Access Management, Network Segmentation, and Backup solutions
  • Demonstrated ability to work and communicate effectively with all levels of operations, design teams, project managers, vendors, and peers
  • Proficient in using techniques and tools that facilitate effective analysis, enabling the determination of root causes and resolutions of problems

Associate Security Architect

TECH MAHINDRA (AMERICAS) INC.
12.2019 - 09.2021
  • Gather application portfolio and technology stack including programming languages, frameworks, LOC, modules, app server, web server, stage, and prod environment URLs, bitbucket URLs, pipeline information, open-source dependencies, and package managers
  • Prepare FAQs and process documentation for the Static Analysis Security Testing (SAST), SCA (Software Composition Analysis) and OSA (Open-Source Analysis) scans
  • Perform SAST, OSA and SCA scans on Checkmarx Server via CLI
  • Automate the same for scheduled daily scans and send a notification with the list at the end
  • Setup and configure package managers such as Maven, Gradle, PyPi, NPM, Nuget and SBT on the automation box and Checkmarx managers
  • Also, make necessary settings for package managers to proxy via internal artifactory for dependency resolution
  • Write a script to fetch result summary via CxREST APIs and send notification for the projects scanned to the stakeholders of the application
  • Schedule the script as a CRON job
  • Ingest the automation logs, SAST, SCA and OSA scan logs, results, and reports to Splunk
  • Create Splunk dashboards, reports and alerts based on the data ingested
  • Triage findings identified by the tool including but not limited to SQL Injection, Stored XSS
  • Create custom presets, configure the queries based on the application team feedback and own analysis
  • Understand the Checkmarx additional utilities such as CxAnalytix, CxTruffleHog, CxAudit, CxFlow, CxSCASearch and CxZipUtility
  • Guide application development teams integrate IDE such as Intellij, Eclipse with Checkmarx via plugins
  • Guide application development and CICD team to integrate with Jenkins plugin for Checkmarx
  • Extend my support for troubleshooting issues with the vendor tool during integration, setup, configuration, maintenance, or use
  • Submit tickets/support cases for the same and follow-up

Assistant Consultant

DTCC
06.2019 - 11.2019
  • Analyze the open-source dependencies identified by the Sonatype Nexus tool
  • Configure policies and firewall for Sonatype Nexus applications, projects, and artifacts
  • Perform Threat Model of different applications using ThreatModeler tool and using CAPEC MITRE
  • Analyze the source code of web applications using a Static Code Analysis / Static Analysis Security Testing (SAST) tools like Checkmarx
  • Integrating different streams of security assessments like FOSS, SAST, DAST, TM into a common platform of Vulnerability Management system
  • CICD integration of tools with secure LDAP, Jenkins, JIRA, ThreatModeler, Sonatype Nexus, Microfocus Fortify and Software Security Center, HP WebInspect, Checkmarx
  • Perform other relevant and related stuff such as POC on new tools for RASP and IAST


Assistant Consultant

CITI GROUP
06.2018 - 05.2018
  • Analyzed the source code of web application using a Static Code Analysis / Static Analysis Security Testing (SAST) tools like CheckMarx SAST, HP Foritfy and IBM Appscan
  • Configured policy as per SANS, OWASP in the security assessment tools
  • Worked with different applications and built teams to understand and onboard application to the automated security testing suite
  • Onboarded application to Blackduck, a FOSS tool to scan the open-source technologies used in the application
  • Identified OWASP Top 10 issues like SQL Injection and XSS
  • Worked on JIRA and Archer like tools to automate the process

Assistant Consultant

CITI GROUP
02.2016 - 05.2018
  • Developed an in-house Threat Modelling tool for security analysts, security architecture and Information Security
  • Officers so that they can draw threat model diagrams to calculate the risks at the design phase of the Secure SDLC
  • Developed the web application using AngularJS, mxgraph, Spring framework, Java, and SQL
  • Worked on IBM RTC, HP ALM, RLM tools to achieve DevOps and Agile

IT Analyst

PETROECUADOR
05.2015 - 01.2016
  • Developed a Business Process Model and a web application for internal insurance management to manage policies, claims and reimbursements using the IBM Process Designer
  • Integrated IBM BPM with IBM FileNet to store and manage the documents that are uploaded as part of the application
  • Integrated the legacy systems of the client with IBM BPM through the web services in the IBM BPM
  • Customized the Process Portal using the AnyClient tool to meet the UI Guidelines of the client by altering fronts, adding logos and necessary details
  • Automating the manual work that the team was doing and educated them with incremental training sessions on how to use the automated system

IT Analyst

BANCO PICHINCHA
05.2013 - 04.2015
  • Understood the manual process of the bank replying to the state organization request about the clients and automating it
  • Automated the manual process of administration of contracts of the bank with different vendors for services and logistics
  • Developed a Business Process Model and a web application for the IBM Process Designer
  • Integrated IBM BPM with IBM FileNet to store and manage the documents that are uploaded as part of these applications
  • Integrated the legacy systems of the bank with IBM BPM through the web services in the IBM BPM and Middleware ESB and Message Broker services
  • Customized the Process Portal using the AnyClient tool to meet the UI Guidelines of the bank
  • Carried out a proof-of-concept on IBM BPM 7.5 and got client attention with the same development

Systems Engineer

TATA COMMUNICATIONS LIMITED
02.2010 - 04.2013
  • Developed a web application for the Point-of-Sales team to create customers in bulk and update the client address and contact details using Struts framework
  • Developed a web application for order processing and workflow using Java, JavaScript and SQL and integrating with existing systems like billing, provisioning, Salesforce, and service assurance
  • Provision and Commission service on products like Metasolv and perform billing on products like Geneva
  • Troubleshoot the order completion and Product service requests

Assistant System Engineer Trainee

TCS ILP TRAINING
11.2009 - 01.2010
  • Java and Dr Scheme programming training

Education

MBA -

Lindsey Wilson College
Columbia, KY
05-2027

Master of Science - Cyber Security

Lindsey Wilson College
Columbia, KY
05-2027

MASTERS - INFORMATION TECHNOLOGY

DON BOSCO UNIVERSITY
09.2022

BACHELORS - INFORMATION TECHNOLOGY

KIIT UNIVERSITY
12.2009

Skills

    Key Skills

  • Threat Analysis & Risk Management: Penetration Testing, Vulnerability Assessments, Incident Response

  • Application Security: Static (SAST), Dynamic (DAST) Security Testing, Secure SDLC

  • Cloud Security: AWS, Azure

  • Programming & Scripting: Java, Python, JavaScript, Shell, Powershell

  • Compliance & Standards: NIST, IEC-62443, OWASP, ISO

    • Technical Skills

  • Security Tools: Checkmarx, Fortify, OWASP ZAP, Sonatype Nexus, Splunk, Tenable Nessus, Burp Suite, IBM AppScan

  • Cloud Platforms: AWS, Azure

  • Programming Languages: Java, Python, JavaScript

  • Automation & DevOps: Jenkins, Maven, Ant

  • Databases: SQL, NoSQL

  • Frameworks: Spring, Angular, Struts

  • Operating Systems: Windows, Linux

  • Vulnerability Management: Brinqa, Kenna Security

  • Version Control: Experience with Tortoise SVN, Git and platforms like GitHub or GitLab

  • DevOps: Knowledge of continuous integration/continuous deployment (CI/CD) practices and tools

    • Soft Skills

  • Communication: Strong written and verbal communication skills to convey ideas effectively to both technical and non-technical audiences

  • Problem-Solving: Ability to analyze complex problems, break them down into manageable components, and devise effective solutions

  • Collaboration: Capacity to work well in teams, share knowledge, and contribute positively to group dynamics

  • Adaptability: Willingness to learn new technologies and adapt to changes in the fast-paced tech industry

  • Time Management: Efficiently managing tasks, meeting deadlines, and prioritizing work effectively

  • Critical Thinking: Evaluating situations from multiple perspectives and making well-informed decisions

Certification

  • CISM, ISACA, 2024
  • AWS Security Specialty, AWS, 2024
  • CISSP, ISC2, 2023
  • AWS Foundation, AWS, 2023
  • Checkmarx One Developer Exam, Checkmarx, 2023
  • Salesforce Certified Associate, Salesforce, 2022
  • TRANSCEND Leadership Program, TCS , 2018
  • ASCENT Leadership Program, TCS, 2018
  • IBM BPM Advanced 8.0 Developer, IBM, 2015
  • IBM DB2 10 Mastery Skills, IBM, 2014
  • Oracle Certified Professional, Java SE 6 Web Content Developer, Oracle, 2013
  • Oracle Certified Professional, Java SE 6 Programmer Certification, Oracle, 2012

Hobbies and Interests

Hobbies

  • Numismatics
  • Philately
  • Painting
  • Teaching art to young kids (which help me unwind and keep my creativity flowing)


Interests

  • Machine Learning
  • Data Analytics
  • Artificial Intelligence

Training

  • Splunk 101
  • AWS 101
  • Splunk Admin
  • Azure 101
  • Chef
  • Python Programming 101
  • Azure IOT

Languages

English
Full Professional

Timeline

Advisory Senior Consultant

DELOITTE & TOUCHE LLP
09.2021 - 10.2024

Associate Security Architect

TECH MAHINDRA (AMERICAS) INC.
12.2019 - 09.2021

Assistant Consultant

DTCC
06.2019 - 11.2019

Assistant Consultant

CITI GROUP
06.2018 - 05.2018

Assistant Consultant

CITI GROUP
02.2016 - 05.2018

IT Analyst

PETROECUADOR
05.2015 - 01.2016

IT Analyst

BANCO PICHINCHA
05.2013 - 04.2015

Systems Engineer

TATA COMMUNICATIONS LIMITED
02.2010 - 04.2013

Assistant System Engineer Trainee

TCS ILP TRAINING
11.2009 - 01.2010

BACHELORS - INFORMATION TECHNOLOGY

KIIT UNIVERSITY
  • CISM, ISACA, 2024
  • AWS Security Specialty, AWS, 2024
  • CISSP, ISC2, 2023
  • AWS Foundation, AWS, 2023
  • Checkmarx One Developer Exam, Checkmarx, 2023
  • Salesforce Certified Associate, Salesforce, 2022
  • TRANSCEND Leadership Program, TCS , 2018
  • ASCENT Leadership Program, TCS, 2018
  • IBM BPM Advanced 8.0 Developer, IBM, 2015
  • IBM DB2 10 Mastery Skills, IBM, 2014
  • Oracle Certified Professional, Java SE 6 Web Content Developer, Oracle, 2013
  • Oracle Certified Professional, Java SE 6 Programmer Certification, Oracle, 2012

MBA -

Lindsey Wilson College

Master of Science - Cyber Security

Lindsey Wilson College

MASTERS - INFORMATION TECHNOLOGY

DON BOSCO UNIVERSITY

Similar Profiles

  • Brian Lee

    Brian LeeBrian Lee

    Audit Manager at Deloitte & Touche LLPAudit Manager at Deloitte & Touche LLP

    View Profile
  • George Wanjohi

    George WanjohiGeorge Wanjohi

    Senior Consultant at Deloitte & Touche LLPSenior Consultant at Deloitte & Touche LLP

    View Profile
  • Ankita Agrawal

    Ankita AgrawalAnkita Agrawal

    Senior 3+ at Deloitte & Touche LLP (USI)Senior 3+ at Deloitte & Touche LLP (USI)

    View Profile
Sanket Sahoo