M. SURESH

Projects : Arcutis Biotherapeutics, Rush Healthcare, Lufkin Industries & Natsteel.

• Provide regular reporting on patch management program and overall operation status of patch compliance.
• Prepare and present reports that document vulnerability trends within our environments key areas for improvement.
• Understanding of infrastructure, IoT, oT, Scada systems, application, and cloud vulnerability scanning
• Classify and prioritize risk of new vulnerabilities based on company’s environment
• Maintain key metrics and reports on vulnerability findings and remediation compliance
• Understand company security policies/standards and government regulations
• Recommend new security tools and methodology to improve security posture
• Produces complex, high-priority recurring, automated and ad-hoc vulnerability and status reports with purpose of measuring progress towards goals, measuring performance against objectives, and identifying improvement opportunities in areas of vulnerability identification, assessment, assignment and remediation
• Identify and evaluate complex business and technology risks
• Contractor shall administer, operate, update, patch, configure, develop, integrate, install, troubleshoot and maintain vulnerability management systems, tools, tactics, techniques and procedures
• Manage a team that performs technical security assessments of applications & infrastructure, secure design & configuration
• Hands-on leadership position with technical and non-technical internal partners
• Design and drive strategy and tactical plans toward holistic vulnerability management across multiple technology teams in large complex organization
• Expert level familiarity with enterprise vulnerability management tools, such as Qualys, Rapid 7 InSightVM, Nexpose, Metasploit PRO etc.
• Collaborates with Infrastructure Security Operations Team ensuring proper Security Operations Center (SOC) performance, threat strategy, management and reporting across organization
• Develop strategies to identify, manage, and mitigate identified threats and vulnerabilities to attain desired risk profile and communicate strategies to key stakeholders
• Ensure effective and complete scanning of corporate and production environments
• Research and investigate new and emerging vulnerabilities, to include Zero Day events, assess against risk to corporate and production environments, and participate in external security communities.
• Performed WebApp Scan and deliver vulnerability assessment report using Wapiti, WordPress Site and Drupal Scan
• Improved IT Security Score card with help of Third party Risk assessment using core domains of organization by ensuring Vulnerabilities remediation plan for different security aspects.
• Strategy plan for newly signed SOW on undertaking VMS service with Project Transition plan with timeline as Handover & Takeover checklist.
• Have hands on experience on preparing new RFP's/RFQ based on compliance sheet and SOW for any new business requirement.
• Championed quality assurance initiatives to ensure adherence to industry standards in service delivery.
• Conducted regular progress meetings to update stakeholders on project status, challenges, and solutions implemented.
• Collaborated with cross-functional teams to ensure seamless execution of project milestones and deliverables.
• Performed Cloud Security Posture Management for SaaS applications o365,Zoom, JIRA, Salesforce MC, Smartsheet, Veeva-Vault using AppOmni.
• Monitoring cloud resources to ensure compliance using Sophos CSPM for AWS & Azure Platform.
• Preparation and representation of service delivery on weekly, Monthly & Quarterly business review meeting.

• Dashboard preparation of KPI's/KRI's for Production security tools on quarterly basis to enable yearly planning and strategy for upgrade and new technologies alongside with Global peers.
• Participate weekly CAB meeting with various client business unit for change release management with regional and global peers.
• Work with Group (EMEA) Security Engineering team to help efficiently integrate technology solutions which meets the product vision and roadmap for cybersecurity team.
• Have clear knowledge on Change Management, with practical experience in assessing, analyzing, developing, documenting and implementing change processes and procedures (Deployment guide, playbook, Run book, PIR and RCA).
• Profound knowledge on Service Delivery Management standards & practices (MSS) with help on weekly basis client management.
• Ensure compliance on access reviews for all security tools on half yearly basis with access control team based on reconciliation activity from sailpoint record.
• Mentored and managed service Security production support team with 7 members across (Chennai, Mumbai and Singapore)
• Ensured Operation support coverage as per APAC time zone and covers until EMEA time zone with On-Call support coverage for handling P1, P2, and P3 Incidents along with security tool health check monitoring alert handled.
• Ensured team members were provided with feedback on their yearly Objectives on weekly basis 1:1 series with each team members to have follow up on open topic’s (Long pending/Critical/Planned activities)
• Weekly management call with client and immediate manager on Team performance and project yearly plan on quarterly basis.
• Mentored team members to enhance professional development and accountability in workplace.
• Supervised day-to-day operations to meet performance, quality and service expectations.
• Increased employee performance and job satisfaction to strengthen retention and engagement.

• Responsible for Implementation/Design/Configure/Re-Engineer (fine tune) and Sustain security tools for APAC entity on production environment.
• Comprehensive insight on creation of dashboards, Agent Reconciliation activities as per Client’s requirement.
• Integrated Health check monitoring agent on types of security applications and created centralized view for Application Health Check.
• Demonstrated effectiveness working across multiple business units to achieve results and performed POC and end to end deployments of Security tools in Enterprise Architecture.
• Create, review, maintain and update documentation including Documenting & Publishing fixes in central knowledge base (SOP, Knowledge base article, IT Continuity Plan, Live Play,DR Test.
• Work with global teams to provide consistent processes and solutions.
• Deployment, Migration and Upgradation of Security Tools within Organization security Eco system in project phase.
• Extend support to Security Strategic planning team during evaluation of security Tools and deployment of features in Organization security Domain.
• Capacity planning for future security tool upgrades and enhancement.
• Ensure availability of Tools in production with Zero downtime.
• Have engaged with service partners for migrations, Critical Severities and Incidents and other BAU Projects.
• Strong knowledge on IT Service Now - Incident SLA's (P1,P2,P3,P4,P5), Change management, Problem management with proper root cause analysis report for P1 and P2 INC.
• Ensured overall IT Security assets (Non standard OS VM,Physical Appliance and other application servers)Onboard with CMDB database tagging for proper CHG and INC workflow.
• Engage with external audit team, risk management team, compliance team and other cyber security teams for highlighting issues in their respective domains based on RFP's ensured to capture require evidence and maintained compliance.
• Co-ordinates with Project Management team to Project takeover on new security applications and prepared audit documents like AIA, DR & IC Plan.
• Recommending best practices, answering to client inquiries, overseeing the development of technical solutions, reviewing technical documentation, liaising with stakeholders, coordinating work groups, and performing product demonstrations
• Handled Internal Audits, OPC, Control Testing and Risk Mapping by producing appropriate evidences and closing open risk with preventive and corrective actions.

• Conducted vulnerability assessment on networks on regular basis using Nessus to identify
  Network Related vulnerabilities and done Penetration Testing on clients Infrastructure
  • Identified Vulnerability threat level by analyzing reports
  • Assisted in identifying vulnerabilities and appropriate solutions to eliminate or minimize their
  potential effects
  • Regular Status Updates and Reports to Senior Management
  • Provided solutions and mitigations to developing team regarding reported vulnerabilities
  • Conducting weekly and monthly review meetings with customer to meet their requirements and
  providing suggestions to improve security
  • Developed security assessment tests that were used throughout project lifecycle.
  • End point security managed with system center end point production.

• Responded to user operational issues with desktop computers, laptops and mobile electronic devices to enable problem resolution.
• Entered service tickets into incident tracking system to facilitate faster problem identification and resolution.
• Resolved common user concerns by utilizing preset issue resolution scripts.
• Attended weekly team meetings to enhance product and service knowledge and gain insight into beneficial issue resolution strategies.
• Collaborated with internal partners to effectively resolve user issues.
• Identified system hardware, network infrastructure and connectivity issues that prevented execution of user-initiated tasks.
• Answered user product attribute and usage questions to promote satisfactory product ownership experience.
• Diagnosed and resolved user system functionality issues to enable completion of desired operations.
• Engaged in user support interactions via telephone, chat and email platforms.
• Addressed user customer service concerns and decided when to escalate problems to specialist team members.
• Worked with software development team on reported errors and bugs on newly released software and assisted in deployment of release fixes.
• Collaborated with vendors to locate replacement components and resolve advanced problems.
• Configured hardware, devices and software to set up work stations for employees.
• Followed up with clients to verify optimal customer satisfaction following support engagement and problem resolution.
• Removed malware, ransomware and other threats from laptops and desktop systems.

• Reviewed and recorded hardware inventories by documenting serial numbers and other specifics for accurate tracking.
• Created standardized protocols for documenting processes and technical tasks, enabling consistently repeatable results.
• Developed schedule for software maintenance and updates.