SHASHI KIRAN R

• Managed and executed enterprise-wide vulnerability assessments and remediation using Qualys VMDR, Rapid7 InsightVM, and Tenable.io, supporting both on-premises and cloud environments.
• Worked with infrastructure and application teams to ensure timely remediation of high-risk vulnerabilities, prioritizing based on CVSSv3, exploitability, and business impact.
• Developed and maintained Cisco Vulnerability Management (CVM) reporting workflows and dashboards to deliver real-time vulnerability metrics to stakeholders.
• Handled Lacework Cloud Security Posture Management (CSPM) to contribute to the overall vulnerability management process.
• Integrated CVM with Veracode to bridge infrastructure and application security gaps, enabling consolidated vulnerability tracking and reporting.
• Designed and tested custom API-based JSON integrations to import vulnerability data into CVM and internal reporting systems, supporting bespoke use cases.
• Led the transition from Tenable to SentinelOne Singularity VM, aligning policies, scan configurations, and asset tagging strategy for seamless continuity.
• Aligned vulnerability assessments with CIS Critical Security Controls, ensuring periodic evaluation and reporting against defined controls.
• Led the migration of Qualys authentication from password-based login to SAML SSO, coordinating with IdP teams (e.g., PingIdentity, Okta) to configure SAML metadata, SP/ACS URLs, and perform user group mapping for role-based access.
• Performed GCP asset tag clean-up in Qualys, eliminating obsolete and duplicate dynamic tags, and restructuring the tag hierarchy based on project IDs, labels, and environment-specific metadata for better visibility and automation.
• Utilized patch management tools, such as SCCM and Qualys Patch Management, for automated patch deployment.

Project Role: SME L4 Vulnerability Management and Penetration Testing (On-site)

• Tracked key performance indicators to understand infrastructure, and proactively manage trends.
• Carried out regular assessments on servers, workstations, and network devices, ensuring all devices connected to the network are monitored and assessed.
• Performing DAST on internal and external web applications, and having demo calls with stakeholders on application operation and dependencies.
• Controlled user access to shared folders created on servers, ensuring data security and user authorization.
• Carried out weekly calls with stakeholders, analyzing their remediation strategy and guiding them on solutions to stay on track with their compliance metrics.
• Analyzed and worked on vulnerability prioritization so that it would make it easy for stakeholders to prioritize their actions.
• Headed vulnerability exception practice and approvals based on analysis.
• Analysis of false positives, false negatives, and guiding the vendor on signature updates based on advisories.
• Handled threat intelligence emails on a regular basis, making sure the reported vulnerability impact is analyzed, and relevant stakeholders are aware of the same.
• Training coop members on practices involved in Infrastructure Vulnerability Assessment.
• Creating and modifying reports based on the requirements.

• Performing real-time vulnerability assessments on one of the Infosys-owned entities, BPM, on a monthly and quarterly basis.
• Leading PCI DSS engagement assessments and ensuring vulnerabilities reported are remediated within the SLA notified.
• Initiative taken to report and follow up on ransomware, supercritical vulnerabilities on a weekly basis with the stakeholders.
• Creating entity-wise management dashboards for real-time visibility of vulnerability compliance.
• Reporting vulnerabilities through Archer to track remediation done within the specified timelines.
• Involved in the Metasploit deployment project and testing different use cases and features before implementing them in production.
• Maintained vulnerability closure compliance of 91% during assessments.

• Raising an incident with concerned teams, responding to the incidents and service requests, and bringing together additional information to either resolve or escalate the issue to the appropriate teams.
• Create and deliver SOC Standard Operating Procedures, process frameworks, and work stream training for new analysts.
• Performing vulnerability scans on Herbalife assets using Qualys Guard monthly, and identifying the most critical ones for immediate remediation.
• Creating a consolidated report of the Vulnerability Assessment and presenting it to the relevant stakeholders and the Cybersecurity Team's higher management.
• Supported Indian businesses by reviewing Architecture Review Board requests from a cybersecurity perspective, with relevant documentation.
• Frequent coordination with the Risk Management team to achieve a successful rate in the remediation of vulnerabilities and achieving PCI compliance.

• Performed Research on Authors from around 400 Universities abroad which will determine their ranks in their respective University and analyzed/presented ideas on the tool enhancements which was appreciated and implemented henceforth Responsible in developing in-House application and websites for the company
• Involved in acceptance testing using Selenium WebDriver, developed automation test scripts for the DVI maintenance tool ,developed test Scripts to automate research using selenium WebDriver
• Streamline information of the company.