Balaji Subramanian
Ripley,QLD
Summary
Security Engineer with 6 years of experience in various domains such as
• Web Application security testing, Vulnerability Assessment, penetration testing and generating reports using tools
• Currently working as Security Analyst in IBM Security & Risk Management team.
• Design, & Integration experience on Security information and Event management solutions(SIEM)
• Background/understanding of software development lifecycle
• Excellent communication skills with proven abilities in resolving complex networking, hardware & software related issues
•
Proficient in Linux operating system configuration, utilities and programming
• Extensive knowledge of hardware, software, and networking technologies to provide a powerful combination of analysis, implementation, and support
• Managed the cycle of project continuity, reviewed the technical work of team, and ensured the quality of service deliverable.
•
Skilled in Customer relation, business requirement gathering and Threat
modeling. Organize meetings and
reviews
Overview
14
14
years of professional experience
1
1
Certification
Work History
Penetration Tester - Consultant
Deloitte
03.2015 - Current
- Performed penetration testing on Byte Security's infrastructure and vulnerability assessment of database servers
- Reviewed policies and act like a Subject Matter Expert on best practice. Verified SSL authentication for secure applications development on Web Servers
- Performed dynamic and static analysis of web application using IMB AppScan. Analyze systems for potential vulnerabilities that may result from improper system configuration, hardware or software flaws, or operational
- Scanned Financial database for Byte Security's clients for vulnerabilities based on the RESTful architectures. Conducted white/gray box penetration testing on the financial systems using Kali Linux, Cobalt Strike
- Reviewed security documentation and make recommendation. Assisted in conference call meeting with Developer to mitigate vulnerability findings
- Port scan servers using NMAP and close all unnecessary ports to reduce the attack surface
- Performed live packet data capture with Wireshark to examine security flaws. Used LDAP injections techniques of exploiting Web applications that use client supplied data
- Ran vulnerability and compliance scanning on test machines and reviewed security standard and Minimum Security Baseline for the client. Assisted on Monthly conference call to discuss implementation and upgrade of critical infrastructure
Security Analyst
Allied Universal Security
02.2014 - 01.2015
- Monitored SIEM and IDS/IPS feeds to identify possible enterprise threats. Investigate and triage threats to determine nature of incident
- Forwarded findings to Cyber Forensic Investigations or Security Incident Response team(s) to further investigate and remediate findings
- Collaborated with fellow analyst and leadership to develop and streamline operational guidelines
- Perform analytical support of security incident calls across the enterprise
- Helped to research open-source intelligence feeds for current and emerging threat information
- Vulnerability Management – collaborated with other team members
- Risk Assessment Support – Supported routine and ad hoc audits
- Reporting, Metrics, Deliverables – Provided concise and professional deliverables for architecting and implementing Enterprise-level logging and security event information management solution.
- Design alerting, communications, workflows and training of other IT users.
- Assist in engineering integration to other key security systems
- Worked on IBM Gaurdium tool & reduced intentional intrusion/deletion by 20% through reporting
Security Analyst
Allied Universal Security
09.2012 - 01.2014
- Served as the primary responder for managed security incidents pertaining to client firewalls and all network infrastructure component
- Troubleshoot and researched security incidents using SIEM applications, McAfee Enterprise Security Manager, McAfee Endpoint Protection, IBM Qradar Security Intelligence Platform and HP ArcSight
- Responsible for providing remote consulting services to assist with deployment of network infrastructure configurations across multiple product vendors and technologies
- Served as the primary responder for managed security incidents pertaining to client firewalls and all network infrastructure components
- Event analysis and correlation using multiple log sources including Windows / Linux / Cisco ASA systems and SIEM solutions
- Investigating logs and payloads for server crashes/core dumps, DDoS attacks, SQL/XSS, SPAM, etc
- Provide root cause analysis and remediation techniques for clients in regards to security incidents and governance documents
- Collaborate with team members in tuning SIEM applications in an effort to establish a baseline for network activity and rule out false positive events
Network Administrator
Accuweather.Com
05.2010 - 08.2012
- Involved in complete LAN, WAN development (including IP address planning,designing,installation,configuration, testing, and maintenance)
- Provided Tier 2 support for network issues for the customer
- Used Layer 3 protocols like EIGRP and BGP to configure Routers in the network
- Implemented redundancy /failover using HSRP
- Performed switching technology administration including VLANs, Inter-VLAN routing, trunking, port aggregation & link negotiation
- Configured VPN, ACL, and NAT in the Cisco ASA 5540 firewall to allow only authorized users to access the servers of the internal network
- Used Network monitoring tools to ensure network connectivity and Protocol analysis tools to assess and pinpoint networking issues causing service disruption
- Preformed IOS upgrades and reconfigured devices afterwards
- Updated documentation as necessary
Education
Bachelor's of Technology - Electronics and Communication
JNTU
Hyderabad, IndiaSkills
- Kali Linux
- Wireless Penetration Testing - WPA, WPA2, WEP
- Antivirus solutions including spyware, malware, etc
- Hardware and software troubleshooting
- Network vulnerability scan and penetration testing
- Familiar with password hash cracking MD5, SHA1, SHA2, etc
- Familiar with routers and switches configuration and installation
- Familiar with IP security camera installation
- Real-time traffic analysis, network IDS and packet dissection using WireShark
- Experience with tools: Aircrack-ng, Hydra, Burpsuite, Metasploit, OWASP-ZAP Nmap, Wireshark, Sqlmap, John-Ripper, Nesuss
- Knowledge of Heartbleed, ShellShock and POODLE
- Steganography
- Crisis Management Specialist
- Knowledge of operating systems, application software and cyber security tools Remote access support
Certification
IBM Certified Specialist - InfoSphere Guardium
Certified Ethical Hacker (CEH)
CISSP (Trained)
Timeline
Penetration Tester - Consultant
Deloitte
03.2015 - Current
Security Analyst
Allied Universal Security
02.2014 - 01.2015
Security Analyst
Allied Universal Security
09.2012 - 01.2014
Network Administrator
Accuweather.Com
05.2010 - 08.2012
Bachelor's of Technology - Electronics and Communication
JNTU
Similar Profiles
Neo MojiNeo Moji
Junior Actuarial Analyst at DeloitteJunior Actuarial Analyst at Deloitte
Aishwarya BasaniAishwarya Basani
Audit Senior at DeloitteAudit Senior at Deloitte
Nkcubeko MehlwanaNkcubeko Mehlwana
Audit Trainee at DeloitteAudit Trainee at Deloitte
Rashed Bin ArabRashed Bin Arab
Audit Associate at DeloitteAudit Associate at Deloitte
Jiss ThomasJiss Thomas
Clinical Nurse at West Moreton HealthClinical Nurse at West Moreton Health