Pratap Roy

• Support a Fortune 10 client with enterprise-wide Vulnerability Management and remediation tracking across on-prem, cloud, OT, and IoT environments.
• Lead External Attack Surface Management (EASM) for 120+ entities using Ionix, Black Kite, and SecurityScorecard, driving continuous score improvement.
• Perform vulnerability assessments with Qualys; manage scans, purges, exceptions, exclusions, and support tickets while maintaining the highest SLA-based closure rate with 0% documented errors.
• Conduct DREAD assessments for emerging and zero-day threats, leveraging Qualys, Armis, MDE, and CrowdStrike, to prioritize high-risk exposures.
• Act as the Single Point of Contact (SPOC) for three business units, tracking Salesforce-related vulnerabilities using AppOmni, and coordinating remediation with development teams.
• Design and implement new processes for tracking expired certificates, monitoring end-of-support (OS/hardware/software), Q-Agent cleanup, and Golden Image onboarding, resulting in a 38% reduction in overall vulnerabilities.
• Oversee remediation tracking for OT/IoT vulnerabilities, and perform web security testing and surface-level analysis to validate EASM findings.
• Lead multiple Threat/War Rooms to coordinate remediation during emerging threats and zero-day events, ensuring rapid response and cross-team alignment.

Highlights:

• Improved EASM ratings from 62% to 96% across covered entities through focused remediation efforts.
• Upgraded Black Kite grades, reducing C/D-rated business units from 15 to 3, with the remaining entities improving to B+ or A.
• Collaborated via AppOmni to remediate approximately 8,000 issues and approximately 50,000 insights, clearing approximately 94% of major vulnerabilities.
• Contributed to approximately 20% of total ticket closures for the team by leading scans, purges, exclusions, impact analyses, incidents, and support requests.
• Monitored delivery performance metrics, identifying areas for improvement and implementing corrective actions.
• Coordinated with cross-functional teams for timely deliveries, ensuring client expectations were met.

• Led vulnerability management activities using Nessus, producing detailed reports, and remediation guidance for infrastructure teams.
• Managed web application security testing engagements using Burp Suite and OWASP ZAP, focusing on OWASP Top 10 vulnerabilities.
• Configured and managed Check Point, Palo Alto, Fortinet, and Cisco firewalls, aligning rules with security and business requirements.
• Implemented a secure Zero Trust architecture using Zscaler on Microsoft Azure, improving secure remote access and user segmentation.
• Conducted regular firewall audits to maintain compliance and reduce misconfigurations.

Highlights:

• Identified critical web application vulnerabilities that significantly strengthened the application's cyber defense after remediation.
• Led a firewall rules and configuration review project, achieving an estimated 25% reduction in potential security exposure.

• Performed vulnerability assessments on routers, switches, servers, and network devices using Nessus, OpenVAS, and related tools.
• Researched and implemented security hardening protocols for Nokia, Alcatel, Huawei, Juniper, and Cisco devices, based on CIS Benchmarks.
• Enforced URL compliance at the ISP level using FortiGate and Netsweeper to block malicious, adult, and abusive content, in line with government regulations.
• Monitored network traffic and mitigated attacks using Arbor Sightline Anti-DDoS solutions.

Highlights:

• Reduced security incidents on network devices by approximately 45% through improved hardening and configuration baselines.
• Helped implement an updated URL compliance policy, improving network security posture, and adherence to regulatory requirements.

• Utilized VAPT tools (Burp Suite, Nessus, Qualys, HCL AppScan) to identify and assess vulnerabilities in internal web applications and infrastructure.
• Performed web application security testing aligned with OWASP Top 10, identifying critical issues such as SQL injection and JavaScript-related vulnerabilities, and delivering proof-of-concept (PoC) exploits.
• Prepared detailed vulnerability and security audit reports covering security compliance, deployment status, risk acceptance, antivirus, and DLP.
• Worked extensively with IDS, IPS, DLP, endpoint security, and SIEM tools (Forcepoint, Fortinet, Worry-Free, Trend Micro, LogRhythm), raising and tracking tickets with IT for timely mitigation.
• Acted as the SPOC for two overseas locations, overseeing log management, security auditing, and incident handling.
• Delivered Information Security Management System (ISMS) and security awareness training sessions for the US and India teams.