Abhishekh Kumar Singh

Cloud Security & Governance
Defined and executed enterprise-wide cloud security strategy for Koch and subsidiaries, architecting controls across 1,000+ AWS accounts and multi cloud environments.
Designed secure architectures for core services (VPC, S3, Lambda, EC2, EKS,RDS, CloudFront, GuardDuty) with baseline security frameworks mapped to NIST CSF / ISO 27001.
Established CSPM/CNAPP reference architectures (Wiz, Ermetic , Divvy, CrowdStrike ) with automated remediation pipelines, improving compliance posture by 35%.
Architected API security strategy with Data Theorem, reducing exposure to leaky endpoints in gateway infrastructure

Identity & Access Management (CIEM)

Designed and governed enterprise IAM architecture, leveraging Ermetic CIEMfor least-privilege enforcement across AWS organizations.
Built scalable IAM frameworks (SCPs, permission boundaries, custom policies)to prevent privilege escalation and align to Zero Trust principles.

Exposure Management & Vulnerability Response
Established enterprise exposure management program integrating Qualys,Wiz, and Invicti into a unified risk-prioritization framework.
Architected patch management and remediation workflows, embedding them into CI/CD pipelines for consistent security posture.
Designed application security strategy integrating Invicti DAST into DevSecOps pipelines, improving SDLC resilience.

Network Security & Infrastructure Protection
Architected hybrid network security design using Palo Alto, FortiGate, and CheckPoint firewalls across on-premises and cloud environments.
Integrated SIEM platforms (Splunk, QRadar) into enterprise detection architecture, reducing MTTR by 25% through playbook-driven automation.
Guided ISO 27001 and PCI DSS readiness through security architecture alignment and compliance mapping.

Tooling, Automation & DevSecOps
Defined security automation frameworks leveraging Terraform, GitLab CI/CD,and cloud-native tooling to enforce security baselines at scale.
Built reference architectures for secure onboarding of applications into Invicti and other exposure management platforms.

Evaluated and selected advanced security platforms (Wiz, Ermetic,
CrowdStrike CSPM, Detectify) to strengthen long-term security architecture.

Compliance, Governance & Risk Management
Designed governance models aligning cloud and network security with ISO27001 and NIST CSF, enabling continuous audit readiness.
Partnered with risk and audit teams to integrate compliance controls into security architecture, reducing manual audit efforts.
Defined incident and change management frameworks within ServiceNow,embedding security approvals into enterprise workflows.

Leadership, Training & Collaboration
Mentored cross-functional teams on secure design principles, IAM governance,and risk prioritization.
Developed executive-level security roadmaps and awareness programs,translating architecture outcomes into business impact.

• Implementing customer-proposed changes, encompassing firewall/security device upgrades, patch management, link migrations, and RMA activities (device/module replacements).
• Managing firewall migrations from one vendor to another, coordinating SOC and NOC efforts as needed.
• Designing change requests and executing them effectively.
• Ensuring timely change implementation, with rollback procedures in place if necessary, and providing feedback and root cause analysis (RCA).
• Conducting day-to-day activities such as implementing security patches on IPS and blocking customer-provided IOCs to enhance security.
• Primarily worked on firewalls asa, checkpoint and proxy websense.

• Utilize our tool to manage Change and Incident tickets for various clients, ensuring timely resolution within specified timeframes.
• Create Change documents and update customer databases as required.
• Worked with Juniper, check point and asa firewalls.
• Supported Bluecoat proxy solutions.
• Regularly perform scheduled activities such as firewall upgrades, complex change implementation, and design changes, while maintaining a strong focus on customer service by engaging with stakeholders through on-call support.

• Working as Security Engineer in SOC environment.
• Responsible for implementing Firewall rules/Policies and monitoring network traffic via Siem tool and IDP.
• Taking preventive action against anti-abuse mails.
• Implementing Change Review form and providing end to end connectivity to client.

• Implementation of ASA, Checkpoint UTM(1070), Smart-1 5 and Power-11000, Juniper ISG1000, Tivoli Endpoint Manager(BigFix) and MacAfee Webgateway as Proxy gateway at various customer locations.