Profiles search
Deepika Chickmagalur Ramesh
Information Security Engineer at Blue River Technology
San Jose, CA, United States
Details
Experience:
Ensure alignment to all regulatory and security standard methodologies (NIST, CIS20).
Analyze information security systems and applications as well as design security solutions that implement security consistently across internally developed and cloud-based applications.
Recommend and develop security measures to protect information against unauthorized modifications or loss.
Act as an authority to interpret the results from vulnerability scans and work with the SysAdmin to remedy vulnerabilities.
Evaluate/apply new and emerging security technologies and solutions; Supervise and ensure compliance to standards, policies, and procedures by conducting incident response analysis.
Supervise and track the progress of found vulnerabilities and maintain a historical log.
Perform security reviews and prepare and present reports and metrics to management.
Conduct Third Party risk assessment.
2021 : Present
Blue River Technology
Information Security Engineer
•Was involved in investigations of information security incidents to determine impact to the environment and provide root cause analysis of the activity along with any containment and remediation necessary.
•Responded to notable events from security tooling to triage and determine if there was any malicious activity.
•Analyzing attempted or successful efforts to compromise systems or data. This included exfiltration, malware, phishing emails, network attacks, reconnaissance or abuse of policies.
•Hands on experience with tools like Splunk, ServiceNow, DarkTrace, Carbon Black, Data Loss Prevention (DLP) through Vontu, Recorded Future and Qualys.
•Involved in maintaining proficiency in the tools, techniques, countermeasures, and discovered vulnerabilities that would impact eBay’s environment.
•Provided information and updates to shift leads, created pass-downs for the next shift, worked closely with supporting teams, provided feedback for new security policy and standards, and engaged with other teams and subsidiaries.
•Involved in researching the latest information technology (IT) security trends and performing hunting of malicious activity within the network.
•Involved in finding vulnerabilities during investigation in the application and worked with product teams to go through the SAFE review process which involved performing SAST/DAST.
•Involved in digital forensics for various cases and collected evidence in a forensically sound manner.
•Managed Internal Phishing Campaign at eBay to educate users on how to spot phishing emails and raise awareness. Reported on the program results to company leadership.
•Involved in creating standard operating procedures for alerting.
•Assisted in training new hires on how to approach alerts, analyze, triage and document.
•Helped create and deliver presentations to leadership and other teams within eBay regarding my team’s project work and various findings from incidents.
2019 : 2021
eBay
CSIRT Analyst
•Involved in Identification of Vulnerabilities in Varian's 3rd party components, management and prioritization of the identified vulnerabilities.
•Involved in Vulnerability scans, review of results, re-formatting of vulnerability data and updating additional information to vulnerability entries.
•Hands on experience on vulnerability management tools like Kenna Security, Black Duck Binary Analysis and few proprietary tools.
•Involved in end to end documentation of vulnerability management.
2019 : 2019
Varian Medical Systems
Cybersecurity Engineer Intern
• Conducted a full black box Pentest (Penetration testing) through a real-world simulated attack and provided actionable recommendations.
• Documented Statement of Work (SOW) and testing was conducted in accordance with (IAW) the agreed test scope and Rules of Engagement (RoE).
• NIST security framework was followed for conducting red team assessment.
• Identified exploitable vulnerabilities that could be executed by attackers with limited knowledge by focusing on known vulnerabilities with readily available exploits that represent a high likelihood of exposure.
• Ensured all information and data on computer systems are protected.
• Test activities included port and service identification, system fingerprinting, enumeration, vulnerability scanning, exploitation and remediation, security configuration review, DOS attack and password cracking.
• Worked on Amazon Web Services (AWS) to setup phishing attacks using tool Gophish and performed USBDrop.
• Performed Vulnerability Assessment on external facing servers.
• Documented Common Vulnerabilities and Exposures (CVE’s), created reports, risk register detailing assessment findings and mitigation.
2018 : 2019
Confidential
Security Engineer
• Attended walkthrough and understanding of the Business requirement document (BRD)
• Involved in Test case requirement discussions, Test Planning, execution, debugging/analysis, reporting and bug tracking using Clear Quest(CQ).
• Developed Functional and Regression scripts using Java and test execution using Selenium Webdriver.
• Developed the Automation framework for web applications to reduce resource utilization for regression testing.
• Performed security testing on mobile and web application to find if there is any vulnerability in the application.
• Customer support of the project to the Product QA-Team post-go-live and provided a status report.
• Gained Good Experience in ServiceNow ITIL v3 Frameworks and Incident, Change, Problem, Service Request, Catalogs, and Service Level Management Modules.
2014 : 2016
Unisys India
Software Test Engineer
Analyze information security systems and applications as well as design security solutions that implement security consistently across internally developed and cloud-based applications.
Recommend and develop security measures to protect information against unauthorized modifications or loss.
Act as an authority to interpret the results from vulnerability scans and work with the SysAdmin to remedy vulnerabilities.
Evaluate/apply new and emerging security technologies and solutions; Supervise and ensure compliance to standards, policies, and procedures by conducting incident response analysis.
Supervise and track the progress of found vulnerabilities and maintain a historical log.
Perform security reviews and prepare and present reports and metrics to management.
Conduct Third Party risk assessment.
2021 : Present
Blue River Technology
Information Security Engineer
•Was involved in investigations of information security incidents to determine impact to the environment and provide root cause analysis of the activity along with any containment and remediation necessary.
•Responded to notable events from security tooling to triage and determine if there was any malicious activity.
•Analyzing attempted or successful efforts to compromise systems or data. This included exfiltration, malware, phishing emails, network attacks, reconnaissance or abuse of policies.
•Hands on experience with tools like Splunk, ServiceNow, DarkTrace, Carbon Black, Data Loss Prevention (DLP) through Vontu, Recorded Future and Qualys.
•Involved in maintaining proficiency in the tools, techniques, countermeasures, and discovered vulnerabilities that would impact eBay’s environment.
•Provided information and updates to shift leads, created pass-downs for the next shift, worked closely with supporting teams, provided feedback for new security policy and standards, and engaged with other teams and subsidiaries.
•Involved in researching the latest information technology (IT) security trends and performing hunting of malicious activity within the network.
•Involved in finding vulnerabilities during investigation in the application and worked with product teams to go through the SAFE review process which involved performing SAST/DAST.
•Involved in digital forensics for various cases and collected evidence in a forensically sound manner.
•Managed Internal Phishing Campaign at eBay to educate users on how to spot phishing emails and raise awareness. Reported on the program results to company leadership.
•Involved in creating standard operating procedures for alerting.
•Assisted in training new hires on how to approach alerts, analyze, triage and document.
•Helped create and deliver presentations to leadership and other teams within eBay regarding my team’s project work and various findings from incidents.
2019 : 2021
eBay
CSIRT Analyst
•Involved in Identification of Vulnerabilities in Varian's 3rd party components, management and prioritization of the identified vulnerabilities.
•Involved in Vulnerability scans, review of results, re-formatting of vulnerability data and updating additional information to vulnerability entries.
•Hands on experience on vulnerability management tools like Kenna Security, Black Duck Binary Analysis and few proprietary tools.
•Involved in end to end documentation of vulnerability management.
2019 : 2019
Varian Medical Systems
Cybersecurity Engineer Intern
• Conducted a full black box Pentest (Penetration testing) through a real-world simulated attack and provided actionable recommendations.
• Documented Statement of Work (SOW) and testing was conducted in accordance with (IAW) the agreed test scope and Rules of Engagement (RoE).
• NIST security framework was followed for conducting red team assessment.
• Identified exploitable vulnerabilities that could be executed by attackers with limited knowledge by focusing on known vulnerabilities with readily available exploits that represent a high likelihood of exposure.
• Ensured all information and data on computer systems are protected.
• Test activities included port and service identification, system fingerprinting, enumeration, vulnerability scanning, exploitation and remediation, security configuration review, DOS attack and password cracking.
• Worked on Amazon Web Services (AWS) to setup phishing attacks using tool Gophish and performed USBDrop.
• Performed Vulnerability Assessment on external facing servers.
• Documented Common Vulnerabilities and Exposures (CVE’s), created reports, risk register detailing assessment findings and mitigation.
2018 : 2019
Confidential
Security Engineer
• Attended walkthrough and understanding of the Business requirement document (BRD)
• Involved in Test case requirement discussions, Test Planning, execution, debugging/analysis, reporting and bug tracking using Clear Quest(CQ).
• Developed Functional and Regression scripts using Java and test execution using Selenium Webdriver.
• Developed the Automation framework for web applications to reduce resource utilization for regression testing.
• Performed security testing on mobile and web application to find if there is any vulnerability in the application.
• Customer support of the project to the Product QA-Team post-go-live and provided a status report.
• Gained Good Experience in ServiceNow ITIL v3 Frameworks and Incident, Change, Problem, Service Request, Catalogs, and Service Level Management Modules.
2014 : 2016
Unisys India
Software Test Engineer
Company:
Blue River Technology
About
Master’s in Cybersecurity with a specialization in Ethical Hacking and Penetration Testing at National University.
Currently working as a Information Security Engineer at Blue River Technology.
Over 2 years of experience as CSIRT Analyst at eBay.
2 months of experience as a Cybersecurity Engineer Intern at Varian medical systems.
3 months of experience as a Security Engineer (Client: Confidential).
Over 2 years of experience as a Software Test Engineer, Manual and Automated testing in IT service domain.
Skilled at using different Penetration testing tools and have a good understanding of Intrusion detection systems and TCP/IP protocols.
TECHNICAL SKILLS:
Tools: DarkTrace, Carbon Black,Recorded Future, Kenna Security, Black duck binary analysis, Qualys, Metasploit, Wireshark, Nmap, Kismet, TCPdump, Burpsuite, Nessus, Wildfire, Security Onion, Shodan, Discovery, Maltego, Recon-ng, Social Engineering Toolkit (SET), Docker, Exabeam, ServiceNow
Data Analysis/Monitoring tool : Splunk
Operating systems : Windows, Linux/Unix, Kali Linux, Parrot Security
Programming Language : HTML
Bug reporting tools : Jira, Bugzilla
Ticketing tools : BMC’s Remedy Tools, ServiceNow ITSM
Test management tool : IBM Rational Quality Manager
Profile Photo
