Summary
Overview
Work History
Education
Skills
Certification
Languages
Software
Timeline
OperationsManager
Sandeep Jha

Sandeep Jha

Summary

Versatile Security Manager offering 19-year track record of overseeing and managing Security operations to meet business objectives. Strong knowledge of budget administration, business development and key decision making. Disciplined and forward-thinking manager with excellent communication and team-building skills. Encouraging manager and analytical problem-solver with talents for team building, leading and motivating, as well as excellent customer relations aptitude and relationship-building skills. Proficient in using independent decision-making skills and sound judgment to positively impact company success. Dedicated to applying training, monitoring and morale-building abilities to enhance employee engagement and boost performance.

Overview

17
17
years of professional experience
6
6
Certification

Work History

Security Leadership

CloudSufi- Global IT Services and Software Solutions
04.2023 - Current
  • Architecting & Automating the Software Pipeline: I design, build, and optimize CI/CD pipelines for seamless software delivery, integrating security at every stage (SDLC).
  • Conduct comprehensive reverse engineering and security analysis of Android applications for CloudSufi clients on the Google Cloud Platform (GCP), utilizing advanced tools such as IDA Pro, Ghidra, JADX, Frida, APKTool, MobSF, and VirusTotal to ensure robust vulnerability assessments and effective threat mitigation.
  • Project Management and DevSecOps Expertise: As a DevSecOps and Security Testing Manager with 19+ years of experience, I lead the integration of security practices into CI/CD pipelines, automate vulnerability scanning, manage AWS/GCP IAM for least privilege access, and enforce compliance with industry regulations
  • My role involves driving security in containerized environments, securing networks, overseeing incident response, and fostering a DevSecOps culture, ensuring secure, scalable cloud operations.
  • Customer Satisfaction and Communication: Achieved customer satisfaction goals through effective communication with customers and leadership, managing change requests, exceptions, and escalations.
  • Comprehensive Tracking and Budget Oversight: Set up and managed project tracking tools, approved and monitored project expenditures, and ensured projects remained on or under budget.
  • Collaborative Leadership: Partnered with delivery managers, defined success metrics, staffed projects, and ensured smooth handovers to support teams.
  • Infrastructure Maestro: Leverage tools like Ansible, Terraform, or Chef for automated infrastructure provisioning and management across major cloud platforms (AWS, Azure, GCP).
  • Deep Dive Monitoring & Troubleshooting: Implement and manage comprehensive monitoring & logging solutions, using advanced scripting expertise (Python, Perl, C++, Bash, PowerShell, YARA, JS, R) to pinpoint and resolve issues efficiently.
  • AI-Powered DevSecOps Expert: Possess core AI skills in ML (supervised/unsupervised learning, classification, regression, anomaly detection) and DL (neural networks, CNNs, RNNs, generative models).
  • Apply AI for: Static Code Analysis (SCA): Identify vulnerabilities with pattern recognition and ML
  • Threat Modeling: Utilize NLP to suggest attack vectors based on architecture analysis.
  • Dynamic Application Security Testing (DAST): Classify web requests as malicious/benign with supervised learning
  • Infrastructure Security: Detect anomalies with unsupervised learning for potential security incidents.
  • Security Information & Event Management (SIEM): Correlate security events using unsupervised learning to identify threats.
  • User Behavior Analytics (UBA): Detect anomalous user activity with supervised learning.
  • Log Analysis: Analyze logs for suspicious activity using anomaly detection and time series forecasting
  • Additional Skills: Explainable AI (XAI), Data Engineering, Security Automation.

Security Specialist Manager

Wipro India Limited
12.2018 - 03.2023
  • Effectively communicate with internal partners, customer managers and executives on technical and business issues.
  • Experience giving presentations to technical and executive audiences, explaining Security solution concepts and benefits.
  • Able to create security architecture and designs to meet customers' requirements and deploy them in customer's production environment.
  • Create automation scripts/tools whenever required to improve the efficiency of security posture.
  • Effectively able to lead and drive customer workshops and discussions.
  • Develop and implement necessary VAPT policies, procedures and reference architectures that are in compliance with statutory, regulatory, and internal requirements that cover internal and external parties; regulated and non-regulated physical, Operational Technology, and business systems throughout the enterprise.
  • Conduct Vulnerability Assessments of Network and Security Devices using various open source and commercial tools.
  • Map out a network, discover ports and services running on the different exposed network and security devices.
  • Conduct penetration test and launch exploits using Nessus, Metasploit, Backtrack penetration testing distribution tools sets.
  • Research and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, network security, and encryption.
  • Analyze scan reports and suggest remediation / mitigation plan.
  • Keep track of new vulnerabilities on various network and security devices for different vendors.
  • Review software posture and work with operations to plan code version upgrade requirements of supported security and network devices.
  • Advanced technical analysis on intrusions.
  • Audit configuration of Network and Security devices.
  • Providing rich client specific reports.
  • Monitor and respond to regulatory developments and industry best practices in a timely manner.
  • Accountable & responsible for all security patching & related compliance requirements oversight, discovery, monitoring implementation & reporting.
  • Discover, evaluate and oversee deployment of applicable patches across all asset classes (Mobile, Switches, firewall, Workstation, Handheld, servers).
  • Drive process excellence and maturity to push the envelope on delivering a world-class Cybersecurity function.
  • Manage annual penetration testing including RFP process, managing 3rd parties executing the tests, scoping, communicating internally, acting on output from testing and taking necessary corrective actions.
  • Responsible for cyber vulnerability assessments and satisfying specific requirements to ensure security of the environment.
  • Threat modelling to determine threats that pose biggest risk to the business and mitigate according to their risk weighting.
  • Accountable for vulnerability scanning process, schedule & operational monitoring across all device classes (server, desktop, mobile, etc) and hosting models (on-prem, external, cloud).
  • Lead digitization efforts to automate routine playbooks and identify opportunities for automation.
  • Establish metrics to measure performance of the Cybersecurity function and report trends along with any necessary remediation.
  • Attend technical engagement with audit, regulators, clients, and third parties, when required.
  • High-quality management reporting on known threats, vulnerabilities, patching, mitigating actions and risk acceptance.
  • Collaborate and work across other IT areas to assess & mitigate security risks and provide technical guidance as needed.
  • Support incident response and investigation of security incidents including root cause analysis.
  • Manage & mentor a complex & diverse team of Cybersecurity specialists and develop junior resources.
  • Audited networks and security systems to identify vulnerabilities.
  • Investigated potential cyber security incidents, suspected attacks and broader security incident management.
  • Built firewalls and encrypted data to secure confidential information from potential intrusion.
  • Maintained accurate and updated records of testing documentation related to test plans exit reports and schedules.
  • Worked collaboratively with project and operational teams designing continuity solutions to minimize delivered risk.
  • Created thorough business continuity plans to mitigate potential risks.
  • Communicated technical information clearly to non-technical stakeholders for easy comprehension.
  • Supervised risk team members, providing ongoing support and guidance to maintain department effectiveness.
  • Built and maintained risk awareness amongst staff by providing ongoing support and training.
  • Facilitated training workshops to reduce risk of accidents for employees.
  • Produced in-depth risk reports, educating about significant risks and confirming individuals understood accountability.
  • Reviewed new contracts and internal business proposals to maintain a risk-free environment.
  • Oversaw operational and compliance risks with robust compliance assurance processes.
  • Embedded and further refined risk awareness within company culture through briefs and relevant training.
  • Conducted advanced policy and compliance audits, liaising with internal and external auditors to ensure optimum results.
  • Designed and implemented overall risk management processes, analyzing financial impact when risks occur.

Security Consultant

Accenture India Limited
11.2010 - 09.2018
  • Vulnerability Assessment: Conduct comprehensive vulnerability assessments using industry standard tools and techniques to identify security weaknesses in systems, networks, and applications.
  • Risk Prioritization: Evaluate and prioritize vulnerabilities based on their severity, potential impact, and exploitability to facilitate effective remediation efforts.
  • Patch Management: Coordinate and oversee the deployment of security patches and updates to address identified vulnerabilities in a timely manner.
  • Vulnerability Remediation: Collaborate with IT teams and system administrators to develop and implement remediation strategies and controls to address identified vulnerabilities.
  • Vulnerability Reporting: Generate detailed reports outlining identified vulnerabilities, risk levels, and recommended remediation actions for stakeholders, including technical teams, management, and other relevant parties.
  • Compliance and Standards: Ensure compliance with relevant industry standards, frameworks, and regulations such as PCI DSS, HIPAA, ISO 27001, and NIST guidelines.
  • Vulnerability Scanning Tools: Utilize vulnerability scanning tools and platforms to automate vulnerability assessments, track remediation progress, and generate reports.
  • Continuous Monitoring: Implement and maintain an ongoing vulnerability monitoring program to proactively identify and address emerging threats and vulnerabilities.
  • Security Awareness: Contribute to security awareness programs by educating employees on the importance of vulnerability management, best practices, and secure configuration management.
  • Incident Response Support: Collaborate with the incident response team to investigate security incidents related to vulnerabilities, assess impact, and recommend remediation measures.
  • Proficiency in penetration testing methodologies and tools, including both manual and automated techniques.
  • Strong understanding of common vulnerabilities and attack vectors in systems, networks, and applications.
  • Knowledge of network protocols, web technologies, and secure coding practices.
  • Familiarity with industry-standard penetration testing frameworks, such as OWASP Testing Guide or OSSTMM.
  • Experience in secure code review and familiarity with programming languages such as Python, Java, or C/C++.
  • Excellent problem-solving and analytical skills to identify and exploit vulnerabilities effectively.
  • Strong verbal and written communication skills to effectively convey technical concepts and findings to technical and non-technical stakeholders.
  • Ability to work independently and in a team, managing multiple projects and priorities.

Senior Executive- Application Developer

Wipro India Limited
07.2007 - 09.2010
  • As an Application Developer, my role was to involve designing, developing, and maintaining software applications to meet the specific needs of the organization
  • I collaborate with cross-functional teams to gather requirements, analyze user needs, and translate them into functional and efficient applications
  • I also ensure that the applications adhere to industry standards, follow best practices, and are optimized for performance and security.
  • Acquired Skills and Qualifications:
  • Proficiency in programming languages such as Java, C#, Python, or JavaScript, and familiarity with related frameworks and libraries.
  • Strong understanding of software development methodologies, including Agile and Scrum.
  • Experience with application development tools and environments, such as IDEs, version control systems, and debugging tools.
  • Knowledge of database management systems (e.g., SQL, NoSQL) and experience in database design and querying.
  • Understanding of web development technologies, including HTML, CSS, and JavaScript frameworks.
  • Familiarity with software testing principles, including unit testing, integration testing, and test-driven development (TDD).
  • Excellent problem-solving and analytical skills, with the ability to troubleshoot and debug complex software issues.
  • Effective communication and collaboration skills to work with cross-functional teams and stakeholders.
  • Attention to detail and the ability to prioritize tasks and manage deadlines effectively.
  • Degree in computer science, software engineering, or a related field is typically preferred.

Education

Bachelor of Science - Mathematics

Calcutta University
Kolkata, India

Skills

  • Vulnerability Management

  • Cloud security

  • Application security

  • Mobile Application Security Testing

  • Web Application Testing

  • Threat Modeling

  • Reverse engineering

  • API Integration

  • Process Automation

  • Product Development

  • Talent management

  • Machine Learning

Certification

Certified Information Systems Security Professional (CISSP)


Certified Ethical Hacker (CEH) v8


Certified Information Security Manager (CISM)


CompTIA Security+


Offensive Security Certified Professional (OSCP)


Certified Cloud Security Professional (CCSP)

Languages

English
Bilingual or Proficient (C2)

Software

SNYK

Google Cloud Armor

Cloud Key Management Service (KMS)

BeyondCorp

Forseti Security

Splunk

Palo Alto Networks (Prisma Cloud)

Check Point CloudGuard

Elastic Security (Elasticsearch)

Google Cloud Threat Intelligence

Okta

Virtru

Terraform

Aqua Security

Wireshark

Chronicle Backstory

Google Cloud AutoML

TensorFlow Security

Timeline

Security Leadership

CloudSufi- Global IT Services and Software Solutions
04.2023 - Current

Security Specialist Manager

Wipro India Limited
12.2018 - 03.2023

Security Consultant

Accenture India Limited
11.2010 - 09.2018

Senior Executive- Application Developer

Wipro India Limited
07.2007 - 09.2010

Bachelor of Science - Mathematics

Calcutta University
Sandeep Jha