Nilotpal Sarkar
Cloud Solutions Architect
Bangalore
Summary
Developed security expertise in fast-paced, high-stakes environment, ensuring protection of critical systems and data. With having 13 years of experience, I Excel in threat analysis and mitigation, as well as implementing robust security protocols. Seeking to transition into new role where these skills can be leveraged to drive security excellence and innovation.
Overview
6
6
years of professional experience
6
6
years of post-secondary education
Work History
Lead Information Security Engineer (Vice-President)
Wells Fargo
12.2023 - Current
- Leading the Entra ID Engineering Team
- Working as a Solution Architect
- Oversaw changes to the configuration of security infrastructure platforms and planned accordingly
- Worked with Executive Leadership Team to enhance Business Strategy and provided strategic direction to Identity Platform
- Implemented security best practices i.e Security Baselines to improve the security posture of Entra ID
- Implemented Drift Tool which can detect changes to Entra ID Configurations
- Working with Security Team to find out vulnerabilities in Entra ID
- Designing multiple Conditional Access Policies for the Organization
- Designed & Demonstrated Cloud Kerberos Trust to Leadership
- Have been recognized/awarded by CISO for planning & executing to deprecate Weak MFA
- Helping Team to start deploy Windows 365 Cloud PC.
- Implemented Azure AD Password Protection and Azure MDI (ATP) for threat detection
- Implemented the concept of Cloud CPM plugin which is an add on feature of CyberArk for critical high privileged account to login
- Boosted security measures through the implementation of multi-factor authentication, enhancing user management capabilities
- Log Analytics Workspace
- Azure/AWS IAAS
- Executed risk and vulnerability evaluations, presenting findings and strategic recommendations to executive leadership
- Developed security policies company-wide, ensuring compliance among all departments
Domain Services Engineer | SME
McAfee Enterprise (Trellix)
02.2022 - 12.2023
- Migrated Domains as part of Divestiture Activities
- (McAfee to Trellix), including Data Center separation
- Introduced CIS based Group Policies
- Built Disaster recovery strategy
- Extended some of the Domains to Public Cloud Platform such as Aws and Azure
- Introduced the concept of DNS Anycast
- Hold a working knowledge on both Aws and Azure Cloud Platforms (IAAS)
- Implemented LAPS with Microsoft's new security update
- Completed OKTA integration with Active Directory (One way Sync)
- Setup SAML, OAuth 2.0, OIDC, applications & helped the Team to publish OKTA LDAP Interface
- Implemented OKTA ASA
- Complete knowledge on Azure AD (Entra ID)
- Published SAML, OAuth 2.0, OIDC, applications in Azure AD
- Azure AD Privileged Identity Management & Identity Management
- Implemented Azure AD Password Protection and Azure MDI (ATP) for threat detection
- Implemented the concept of Bastion Host to access Domain Controllers
- Hold a working knowledge on Vmware Platform as well, such as Vsphere/Vcenter, spinning up VM's
- Built 2 Tier Internal - PKI Infrastructure
- Good understanding of WPAD along with proxy solutions
- Good understanding of Intune
- Traffic capture via Wireshark/Netmon
- Implemented Security Products like Silverfort, Azure ATP | MDI
- Provided Strategic direction to Identity Platform
- Introduced an Application called Group ID by Netwrix, which builds Hierarchical based Distribution Lists & Dynamic Distribution Lists
- Worked with SOC Team to build Critical Alerts, i.e protecting Domain Admins, Enterprise Admins Group, etc
- Provided automation solution using Powershell Scripts, resulting less human efforts & saving time
- Maintaining Security measures
- Built Domain Controller's both Physical & VM's
- (2016 & 2019)
- Taking backup of the Server's
- (System State)
- Lead role in the Transition phase
- Received several awards for outstanding performance
- Acting as a Key Player for the Team
- Saving multiple escalations, ensuring Organization doesn't have to pay penalty
Directory Services SME
DXC Technologies
09.2020 - 02.2022
- Designed multiple Active Directory Forest
- (Architectural work) for Clients
- Provided suggestion to use ESAE based Active Directory Architecture
- Taking backup of the Server's
- (System State)
- Provided automation solution using Powershell Scripts, resulting less human efforts & saving time
- Group Policy Management
- DNS Management
- Complete knowledge on Azure AD (Entra ID)
- Published SAML, OAuth 2.0, OIDC, applications in Azure AD
- Azure AD Privileged Identity Management & Identity Management
- Implemented Azure AD Password Protection and Azure MDI (ATP) for threat detection
- Built PKI Infrastructure, based on 2 Tier Hierarchical Model
- Highlighting Security Loophole's like Accounts with Password not required, Account's having a clear Text Password
- Highlighting
- Account's having Admin-Count =1
- Checking the AdminSDHolder - ACL's
- Monitoring Domain Controller's Health - Using a DCdiag PowerShell Script
- Complete Azure AD Administration
- Provided Cross Skill training to other Towers, so that they are at par with Active Directory
- Worked with different towers to setup AD LDAPS Integration
- Received several customer awards for outstanding performance
- Gained client's trust by providing them the right solution
- ITIL Framework
Senior Security Engineer
Accenture Pvt Ltd
02.2019 - 09.2020
- Operation on Active Directory - maintaining client's Single/Multi Forest Architecture
- Designing the Active Directory Forest
- (Architectural work)
- Providing suggestion to use ESAE Architecture
- (Red-Forest)
- Troubleshooting Active directory replication (Inter-Site, Intra-Site), File replication and DNS replication
- Highlighting Security Loophole's like Accounts with Password not required, Account's having a clear Text Password
- Highlighting Account's having Admin-Count =1
- Checking the AdminSDHolder - ACL's
- Monitoring Domain Controller's Health - Using a DCdiag PowerShell Script
- Implementing PowerShell-Scripts
- (Account's/Server/DC Health Monitoring)
- Seizing and transferring of FSMO roles
- Complete Administration of Azure Active Directory and related Azure tools/functionality
Education
ICSE -
Sunrise School
02.2005 - 02.2006
ISC - undefined
Sunrise School
06.2006 - 06.2008
BCA - Bachelors of Computer Science
West Bengal University of Technology
04.2008 - 08.2011
Skills
- Vision
- Creativity
- Planning
- People management
- Adaptability
- Critical Thinking
- Problem Solving
- Ability to Learn Quickly
- Decisiveness
- Delegation
Timeline
Lead Information Security Engineer (Vice-President)
Wells Fargo
12.2023 - Current
Domain Services Engineer | SME
McAfee Enterprise (Trellix)
02.2022 - 12.2023
Directory Services SME
DXC Technologies
09.2020 - 02.2022
Senior Security Engineer
Accenture Pvt Ltd
02.2019 - 09.2020
BCA - Bachelors of Computer Science
West Bengal University of Technology
04.2008 - 08.2011
ISC - undefined
Sunrise School
06.2006 - 06.2008
ICSE -
Sunrise School
02.2005 - 02.2006
Similar Profiles
Laxmikanth ChittampallyLaxmikanth Chittampally
Senior Operational Processor at Wells Fargo India Solution PVT Ltd, Wells FargoSenior Operational Processor at Wells Fargo India Solution PVT Ltd, Wells Fargo
Mayank OberoiMayank Oberoi
Financial Accounting Associate/ Alteryx SME at Wells Fargo International Solutions Private LTD (Wells Fargo)Financial Accounting Associate/ Alteryx SME at Wells Fargo International Solutions Private LTD (Wells Fargo)
Kavya S PrabhuKavya S Prabhu
Senior Institutional Investment Analyst at Wells FargoSenior Institutional Investment Analyst at Wells Fargo