RISHIK ROY
Vancouver
Summary
Results-driven Cybersecurity professional with a master's degree in Cybersecurity and over 2+ years of working experience as Security Analyst and Information Technology Operations. Demonstrated focus on using various security technologies to secure networks, endpoints, servers and people. Holds a CEH (Certified Ethical Hacker V10) certification and have practical experience with web penetration testing, malware detection, removal, and phishing investigations. Proficient in using security control technologies such as access control, cryptography, vulnerability management, and SIEM - Log management. Has knowledge and familiarly with various information security frameworks and regulatory frameworks, including ISO 27001 and NIST.
Overview
1
1
year of professional experience
1
1
Certification
Work History
Platform Security Specialist - Security Operations Center (SOC)
ZeroFox Corporation
04.2021 - 10.2021
- Vulnerability scanning and risk-based vulnerability reports and associated infrastructure for each vulnerability
- Monitoring and identification of alerts and security threats which are a potential source of risk to the customers
- Triaged alerts, validated and invalidated them based on a set of rules, escalated alerts to Tier 2 SOC based on severity
- Maintained report writing and documentation regarding information and solutioning related to SOC Programing Python Scripting
- Sandboxing Solution: CheckPoint Threat Emulation
- Log Monitoring and SIEM: Splunk Cyber defense
- Patch Management: Manage Engine
- Vulnerability Management: Tenable NESSUS
- Web Proxy Solution: Netskope Cloud URL Filtering and Application Control
- Endpoint Protection: Crowd Strike | Cortex
- Threat Intelligence: Virus Total, MITRE Attack
- ITSM Tool: JIRA | Fresh Service
- Operating Systems: Windows, Linux, MacOS
- Penetration Testing Tools: Kali Linux, Metasploit, Nmap, Paros Proxy, Burp Suite
- Identify and report all vulnerabilities, security gaps, and weaknesses
- Prioritized detected vulnerability based on criticality of IT assets and fixed vulnerabilities of all IT assets through patch management system
- Re-run vulnerability scan to check if vulnerabilities are fixed
- Promote ongoing relationships with key stakeholders responsible for vulnerability remediation activities
- Produce period-based metrics & dashboard on vulnerability status and remediation to the stakeholders
- Review infrastructure & process; plan technology to mature Vulnerability mitigation program
- Assist in progressive upgrade of Security standards & configuration to ensure required updates are included in standard images
- Research and advice on vulnerability, exploit and patch/configuration change issues to identify the impact on the end system and associated applications and follow up with appropriate internal teams as required.
Network & Security Analyst
Kalyx Networks
07.2020 - 04.2021
- Create, implement, and maintain Network Security policies and procedures, maintain documentation, and provide training and assistance throughout the organization
- Maintaining the regulatory systems about ISMS policy
- Maintaining the virtual private network, firewalls, web protocols
- Monitoring of web security gateways, network access controls, endpoint security Performs
- Investigations of Security breach alert
- Tracking the vulnerable scripts to avert the potential threats
- Review scanning infrastructure; process; technology to mature Vulnerability Program
- Implementation of IOT security policies in accordance with industry standards
- Assign and control user privileges
- End User Support
- Configure hardware and software applications.
Education
Master of Science in Cybersecurity -
New York Institute of Technology
CA, Vancouver01.2023
Bachelor of Engineering in Computer Science -
Dayanand Sagar College of Engineering
Bengaluru, India01.2020
Skills
- Vulnerability Assessment
- CCTV Monitoring
- Social Engineering
- System Hardening
Certification
- Certified Ethical Hacker (CEH) V10
- CNSS-Computer Network Security Specialist ICSI - 2020
- Fortinet NSE 2
- Foundation of operationalizing MITRE ATTACK (AttackIQ)
- Vulnerability and Patch Management
- SIEM Administration
Industry Projects
Carnival Guide Web Application - VAPT, Team Lead, New York Institute of Technology, 01/2023, 05/2023, CA, Vancouver, The scope was to perform (VAPT) Vulnerability assessment & and penetration testing for the carnival guide web application and recommendation for remediation., Conducted SAST (Static Application Security Testing) for the source code repository provided by Carnival Guide Company., Conducted DAST (Dynamic Application Security Testing) for the Carnival Guide Web Application., Used open-source security tools such as (Horusec, SonarQube - SAST) and (Owasp Zap, Burp Suite Pro - DAST) and submitted detailed vulnerability reports with respect to best practices in industry standards
Current Status
PR
References
Available on request
Accomplishments
- Used Microsoft Excel to develop inventory tracking spreadsheets.
- Documented and resolved [Issue] which led to [Results].
- Achieved [Result] by completing [Task] with accuracy and efficiency.
Additional Information
ABCD
Timeline
Platform Security Specialist - Security Operations Center (SOC)
ZeroFox Corporation
04.2021 - 10.2021
Network & Security Analyst
Kalyx Networks
07.2020 - 04.2021
Master of Science in Cybersecurity -
New York Institute of Technology
Bachelor of Engineering in Computer Science -
Dayanand Sagar College of Engineering
- Certified Ethical Hacker (CEH) V10
- CNSS-Computer Network Security Specialist ICSI - 2020
- Fortinet NSE 2
- Foundation of operationalizing MITRE ATTACK (AttackIQ)
- Vulnerability and Patch Management
- SIEM Administration
Similar Profiles
Lillian Marie LawlerLillian Marie Lawler
Customer Success Manager at Zerofox, IncorporatedCustomer Success Manager at Zerofox, Incorporated
Swaroop RSwaroop R
Platform Data Specialist at ZerofoxPlatform Data Specialist at Zerofox
Arpitha T OmkarappaArpitha T Omkarappa
Platform Specialist at ZeroFox Inc.Platform Specialist at ZeroFox Inc.