Summary
Overview
Work History
Education
Skills
Certification
Roles And Responsibilities
Personal Information
Hobbies and Interests
Projects
Disclaimer
Timeline
Generic
Tareet Nag

Tareet Nag

Kolkata

Summary

Dynamic cybersecurity professional with extensive experience at medium and large enterprises, excelling in API and web application penetration testing. Proven track record in vulnerability assessments and risk management, leveraging skills in DAST, SAST, DevSecOps, Red Teaming, Threat Modeling, and OWASP Top 10. Adept at collaborating with teams to enhance security posture and drive impactful solutions.

Overview

9
9
years of professional experience
1
1
Certification

Work History

Senior Associate

Cognizant
02.2023 - Current
  • External and internal VAPT for web application and API tools Burp Suit and Kali Linux and opensource tools.
  • Identified security flaws in Web and APIs, Mejor vulnerabilities found such as XXS, SQL INJECTION, LFI, RFI, BOLA, IDOR, Broken Authentication and Authorizations, Information Disclosure vulnerabilities etc.
  • Performed penetration testing on client’s infrastructure, vulnerability assessment, thick client, web applications, could S3 bucket and web services pen testing.
  • Scanned Financial database for clients for vulnerabilities based on the Restful architectures Conducted white/gray box penetration testing on the financial systems using Kali Linux.
  • Create report document and make recommendation.
  • Port scan servers using NMAP and close all unnecessary ports to reduce the attack surface.
  • Performed live packet data capture with Wireshark to examine security flaws.
  • Perform API testing restful and web services.
  • Network and application security assessment.

Senior Solution Advisor

Deloitte USI
08.2021 - 02.2023
  • Performing vulnerability assessment and penetration testing of internal and external assets.
  • implemented risk management strategies, conducting vulnerability assessments, and ensuring compliance with industry standards.
  • Reviewed security scorecard vulnerabilities, assess the impact and remediate.
  • Scanned Financial database for clients for vulnerabilities based on the Restful architectures.
  • Conducted white/gray box penetration testing on the financial systems using Kali Linux.
  • Performed DAST and SAST scan and assessment the risk and pen-testing.

Penetration Tester Consultant

PricewaterhouseCoopers
01.2019 - 08.2021
  • Performed penetration testing on client’s infrastructure and vulnerability assessment of database server.
  • Reviewed policies and act like a Subject Matter Expert on best practice on Vulnerability Assessment.
  • Scanned Financial database for clients for vulnerabilities based on the Restful architectures Conducted white/gray box penetration testing on the financial systems using Kali Linux.
  • Performed DAST and SAST scan and assessment the risk and pen-testing.
  • Reviewed security documentation and make recommendation.
  • Assisted in conference call meeting with Developer to mitigate vulnerability findings.
  • Port scan servers using NMAP and close all unnecessary ports to reduce the attack surface.
  • Performed live packet data capture with Wireshark to examine security flaws.
  • Used LDAP injections techniques of exploiting Web applications that use client supplied data.
  • Ran vulnerability and compliance scanning on test machines and reviewed security standard and Minimum-Security Baseline for the client.
  • Assisted on Monthly conference call to discuss implementation and upgrade of critical infrastructure.

Cyber Security Engineer

HCL Technologies Ltd.
01.2018 - 12.2018
  • Forwarded findings to Cyber Forensic Investigations or Security Incident Response team(s) to further investigate and remediate.
  • Monitored SIEM and IDS/IPS feeds to identify possible enterprise threats.
  • Investigating logs and payloads for server crashes/core dumps, DDoS attacks, SQL/XSS, SPAM, etc.
  • Provide root cause analysis and remediation techniques for clients in regard to security incidents and governance documents.
  • R80 Migration from GAIA 77.30 TO R80.10.
  • MDS migration from GAIA R77.30 TO R80.10.
  • Handling Escalation on checkpoint and Cisco.
  • Troubleshooting on Palo Alto.
  • New project implementation in checkpoint, Cisco, Palo alto.

Network Security Engineer

QOS Technology Ltd. (CHECKPOINT TAC)
02.2016 - 01.2018
  • Key responsibilities are handling escalation of high-end customers.
  • Escalation handling on High CPU utilization, VPN, IPS, URL Filtering.
  • End to End implementation support for onsite projects.
  • Configuring all checkpoint high-end devices.
  • Managing escalation in TAC.
  • Implementation of CHECKPOINT all appliances including MDS and CMA.
  • Implementation of PALO ALTO all appliances including Panorama.
  • Migration of CHECKPOINT management server with migrate tool.
  • Upgrade Firewall to latest version GAIA R70.30 to R80.30.
  • Configuring and troubleshooting IPSEC VPN checkpoint and Palo Alto.
  • SSL, REMOTE ACCESS VPN, GLOBAL PROTECT configuration.
  • Configuring and troubleshooting HIDE NAT, STATIC AND MANUAL NAT, SOURCE NAT, DESTINATION NAT, and U-Turn NAT.
  • Configuring and troubleshooting IPS and wildfire.
  • Configuring and troubleshooting URL FILTERING, APP ID, SSL Decryption.
  • Troubleshooting High CPU utilizations on Palo Alto and checkpoint.
  • Configuring CLUSTER SETUP, DISTRIBUTED SET UP, and STANDALONE checkpoint end to end.
  • Palo Alto active/active and HA configurations.
  • Panorama and Palo Alto configuration.
  • HA troubleshooting.
  • Palo Alto implementation importing configuration firewall to Panorama.
  • Upgrading firewall and panorama, Troubleshooting on VPN, High CPU.

Education

MCA -

Grater Kolkata Eng. And Man.
Kolkata
01.2015

BCA -

Future Institute of Eng. and Man.
Kolkata
01.2012

XII -

Garia Baroda Prasad
Kolkata
01.2008

X -

Sonerpur Vidyapith
Kolkata
01.2006

Skills

  • API Pen testing
  • Web application pen testing
  • Network Infrastructure Pen-Testing
  • Thread Modeling
  • Devsecops with CICD Pipeline
  • Secret Code Scanning
  • SAST
  • DAST
  • Risk management
  • Vulnerability Assessment
  • Mobile Pentesting
  • SonarQube
  • Github scanning tool
  • Checkmarx
  • Fortify Scan
  • OWASP Top 10 Vulnerabilities
  • NMAP
  • OPENvss
  • Responder
  • Msfconsole
  • Sslscan
  • Cert-scan
  • Go-buster
  • LDAP-search
  • DNS-search
  • SPF finder
  • Web application recon tools
  • Burp Suit
  • POSTMAN
  • Go-spider
  • Kiterunner
  • Wfuzz
  • Gobuster
  • Arjun
  • Chrome Devtool
  • SQLMAP
  • JWT_Tool
  • Real-time traffic analysis
  • Network IDS
  • Packet dissection
  • Wire Shark

Certification

  • CEH
  • OSCP (Trained)
  • CCSE
  • PCNSE
  • MZ 101
  • MZ 900

Roles And Responsibilities

Security Analysis with more than 9.5 years of experiences in various domains such as Web Application security testing, penetration testing, Manual pen testing, Thread Modeling, Devsecops, Firewall, WAF, Network Devices. Manual source code review in Checkmarx and SonarQube SAST, DAST. Red Teaming activities. Having experience in red teaming activity and bug bounty programming. Proficient in Linux operating system configuration, utilities, and small programming.

Personal Information

  • Date of Birth: 28/04/1990
  • Gender: Male
  • Nationality: Indian

Hobbies and Interests

I like to play football, cricket, reading football magazines and I try to keep myself Updated with latest news as well as technologies. I also like to travel various adventurous places to have new experiences.

Projects

Goldman Sachs Bug bounty Programming New York Life Security Consultant HDFC BANK P & G BANKING PROJECTS

Disclaimer

I hereby declare that all the particulars furnished above are true to the best of my knowledge and belief.

Timeline

Senior Associate

Cognizant
02.2023 - Current

Senior Solution Advisor

Deloitte USI
08.2021 - 02.2023

Penetration Tester Consultant

PricewaterhouseCoopers
01.2019 - 08.2021

Cyber Security Engineer

HCL Technologies Ltd.
01.2018 - 12.2018

Network Security Engineer

QOS Technology Ltd. (CHECKPOINT TAC)
02.2016 - 01.2018

MCA -

Grater Kolkata Eng. And Man.

BCA -

Future Institute of Eng. and Man.

XII -

Garia Baroda Prasad

X -

Sonerpur Vidyapith
Tareet Nag