You are on page 1of 7


Pankaj Sehgal
S 607-B Sudha Tyagi, School
block, Shakarpur,

Mobile No: +91-


Home No: +91-



8+ years of IT industry experience which consists of SOC, Enterprise Security
Domain (PCI & HIPAA), Team Management and industry verticals which
includes analyzing all the Security tools.
Working on the following Technologies: Security Incident and Event
Management, Perimeter and Host-Based Intrusion Protection (IDS/IPS),
Vulnerability Assessment, Log Analysis, Proxy, Firewall Compliance Auditing &
have Knowledge on Firewall technologies.
Have experience in Log Monitoring using ArcSight, Tripwire and Symantec
Critical System Protection and have real time experience in Vulnerability
Assessment using different tools (QualysGuard, Dell Secure works, IP360).
Good communication skills, interpersonal skills, self-motivated, quick learner &
an excellent team player.
Skill Set:
|Languages |C++,Foxpro Programming 6.0 |
||Tools |Arcsight, Sourcefire, Qualysguard, Deep security, Symantec CSP, Tripwire,
Symantec Endpoint Protection, Bluecoat Proxy,Trigeo,McAfee ePO, Cisco ASA,Dell
Secureworks,Antivirus,Web Application Firewall, Tripwire IP360 vNE, Tripwire Security
Intelligence Hub and Configuration Compliance Manager.
Bachelor of Commerce in the year 2006
|Year Of Passing |Degree /Diploma/ Certificate |
|2007 | Post Graduate Diploma in Computer Applications from Makhanlal |
| |Chaturvedi Rashtriya Patrakarita University, Bhopal |
Post Graduate Diploma in Information Technology from Symbiosis (in-Progress)

Certified Ethical Hacking C|EH in the year 2011.
Checkpoint Certified Professional in the year 2013.
ISO 270001 Lead Auditor Certified in the year 2015.

Professional Training:
Packet Analysis and Web Application Attacks in the year 2011.
Qualysguard and Policy Compliance certified in the year 2013.
ITIL Foundation Level Training in the year 2013.

Professional Experience:

Previous Organization 1:
WIPRO TECHNOLOGIES as Project Engineer|| Pune
07th January 2008 till 25th March 2011

Global Security Operations Centre (SOC)

The project involves security incident management, Network and Host intrusion
management & Monitoring Vulnerability Assessment & File integrity monitoring.

Job Responsibilities:

Security Monitoring:
Analyzing Security alerts like virus activity, web application attacks, network
security events, application compliance, asset monitoring & Firewall alerts.
Threat Analysis (Virus, Worm, and Vulnerabilities), Checking latest Threats and
Risks related for the day, including technical details & giving awareness to the
Involved in activities such as Creation of new Dashboards, Active channels,
Active lists, Reports & also fine tuning of rules for better monitoring.
File Integrity Monitoring using Tripwire.
Network Intrusion Monitoring using Sourcefire (ISS Site protector also).
Host Intrusion monitoring using Deep Security (SCSP as well).
Identification, investigation and resolution of security breaches detected by those
Participate in the creation of security documents related to products.
Collect and review security logs and reports of all operational devices.
Perform trend analysis where there is benefit to do so and suggest improvements
to the security of the Project.
Actively investigates the latest security vulnerabilities, advisories, incidents, and
penetration techniques and notifies clients when appropriate.
Schedule and analyze vulnerability scans on various business critical assets
Timely escalation of incidents to security management team.
Review VA Reports and Security Logs for follow-up and closure.

Previous Organization 2:
AXA Technologies Shared Services Ltd Bangalore
March 28th 2011 till January 06th 2012

Global Security Operations Centre (SOC)

The project involves Security Incident management, Endpoint Protection and RSA

Job Responsibilities:

Monitoring customer networks in the Security Operations Center to identify

security breaches, service outages, network performance issues.
SIEM integration with databases, Windows servers, UNIX servers, File
monitoring, Applications, Firewalls etc.
Implementation, Installation and upgrade of Management server and SEPM client
installation done on all windows workstation
Integrated SEPM with the SIEM tool
Policy created and applied on the basis of IP address, hostname and Group
Failover configured between DC and DR site
Implementation of Network Access Control (NAC)
Configured Proactive threat protection and Zero day protection
Group update provider server- GUP configured to reduce the bandwidth choke
Executed scan commands remotely to remove virus, worms on hosts during non-
business hours
Blocked storage media and applications using application and device control
Agent and server communication checked on daily basis to ensure current virus
definition is updated on all workstations
Worked with firewall team in setting up different security rules and security issues
blocking different sites as well as different type of malicious URLs
Troubleshooting for performances issues in SIEM.
Identification, investigation and resolution of security breaches detected via
Managing critical SEPM servers at Data Center.
Monitoring & Managing 250+ Servers across all the locations.
Trouble shooting & resolving virus infections on desktops, laptops & critical
Forward analysed logs and pick out infected and possibly infected files from it
and sending them to vendor for developing custom signatures.
Writing Documents on handling various security events.
Preparing Daily Incident report, Weekly Incident Report and Monthly Incident
Report and presenting it to client.
Handled a team of around 4 members per shift (acted as a shift lead L2)
Current Organization 3:
Fiserv India Pvt. Ltd| Noida
January 09th 2012 till 08th August 2014:

Compliance Risk Information Security Specialist in ARC Team

The project involves security incident and event management (Trigeo), Host intrusion
management (Tripwire), Vulnerability Assessment (Qualys), Antivirus (McAfee ePO),
Proxies (Bluecoat), Firewall (Cisco ASA) and Network Intrusion Detection System
(Source fire).

Job Responsibilities:

Monitoring the network infrastructure of a leading US bank through Trigeo a

Security Incident and Event Management (SIEM) Tool for over 500 devices,
Windows, UNIX etc.
Implemented log forwarding from security devices to collector boxes and then to
the correlation engines
Implemented load balancing on collector to increase the performance of collectors
Fine tuning done by creation and modification of security rules thereby reducing
the false positives with enhancement in performance of the SIEM tool
Failover configured for SIEM tool between DC and DR Network
Administration of ESM, smart connector, connector appliance and logger
Creation of active channel and active monitor in ESM GUI using logical operators
Email Notification and ticket generation has been implemented for major security
Investigating incidents using active channels, event graphs, annotations, cases,
and reports
Auditing the events from Intrusion traffic analysis systems and analysing the
impact of events in internal network.
Configuring\Monitoring Intrusion Prevention system and writing rules to fine
tune the alerts with different BUs.
Full inbound and outbound protection for web traffic
Different Rule set created for filtering the web requests
Creation and modification of Global Block list and Global whitelist
Access provided to specific websites as per the request based on username and IP
Access to the domains allowed/denied on the basis of reputation of domains
Log analysis and report generation in case of any security incident
Analyzing the infection trends and providing steps for mitigation of threat.
Releasing security advisory for zero day attacks and vulnerability updates.
Monitoring the daily & weekly antivirus definitions distribute status.
Creating weekly and monthly report for bluecoat proxy and McAfee ePO to detect
the malicious traffic, analyze and reports to BU for remediation.
Vulnerability Reporting and vulnerability scan scheduling using QualysGuard in
line with PCI ROC.
Exclusion of IPs from scanning in case an issue is reported from a team
Schedule and analyze vulnerability scans on various business critical assets with
PCI DSS requirements and other supplemental guidelines published by PCI SSC.
Creating scan profiles and asset tagging for vulnerability management.
Timely escalation of incidents to security management team.
Follow-ups with asset owners for remediation of vulnerabilities either at OS or
application level & follow up with the patch management teams with respect to
the vulnerabilities updates.
Coordinating with change management team & firewall team for the defined
tickets with respect to the status.
Creating and Submitting Weekly Security Audit Report in a timely manner
directly to all BUs.
Participating in ARC IT Security\Weekly Vulnerability Assessment Meetings.
Review VA Reports and Security Logs for follow-up and closure and respond to
auditor questions on compliance and network security issues

Working as an individual contributor on all security products directly with BU

partners & ETG (Enterprise Technology Group).

Key Accomplishment:
Maintain and keep requirements documentation (RACI) for active initiatives up to
date, thus providing accurate reference material for development and operational
Participated in hiring of network security resources in India as being a Technical
resource panel member.
Created network security procedures and guidelines along with BU members for
the betterment of the project.

Current Organization 4:
United Health Group (UHG)| Noida
11th August 2014 till Present:

Working as a Lead for Infrastructure Compliance Management and Configuration

Compliance Management in IRM Team.

Schedule and analyze network vulnerability scans on various business critical

assets with HIPAA requirements and other supplemental guidelines published by
Creating scan profiles, network profiles and asset tagging for vulnerability
Perform an adhoc vulnerability credential/non-credential scans based on the
business requirement.
Vulnerability scans scheduling using IP360 in line with HIPAA and Vulnerability
Reporting using Security Intelligence Hub.
Creating and Submitting Weekly Security Audit Report in a timely manner
directly for internal team as well as UHG customers.
Working on the IP 360 ASPL file downloads to check vNE manger is running
with current vulnerability definitions (monthly or adhoc basis).
Performed the analysis of IP360 cores to break down few cores which are too big
in size to reduce the core size and moreover to make the network scans feasible
while launching.
Performed an GAP analysis of UHG network infrastructure to compare what all
network segment do we cover via IP360 to see how much % of scanning we do or
what all IPs are in our range of scanning via IP360 for future planning to cover
the delta of IPs.
Perform an analysis on experiencing issues with our Tripwire Vulnerability
scanning and reporting tools via vulnerability reports database to check its
running state with the latest scan information and reporting services back to
normal operations when required.
Perform the activity of restarting the DB Loader when SIH has not been reporting
for several hours e.g. IP 360 vNE server or CCM servers.
Perform a baseline scans to find out whether there is any change in state of the
machines policies or configuration.
Preparing a weekly Configuration compliance management report to find out
scanner connected/disconnected status, completed/failed status and how many
scanners running last month with the current month report.
Troubleshoot scan engines that appears down or disconnected.
Monitor Each Scan Engine own Scan Task Queue Viewer and see scan tasks dont
complete or taking too long to run, and then investigate the problem.
Newly discovered machines to be moved to the appropriate group, run active
checks and perform baseline scans, when required. .
Creating and Submitting Weekly Security Audit Report in a timely manner
covering Scan engines or scan tasks status & and network vulnerabilities in the
Created a software requirement specification document (SRS) to enhance the
product capability for performing vulnerability and baseline scans & highly
appreciated by the US Business counterparts.
Publishing the security bulletin every week which covers the network level
vulnerabilities that have a huge impact on business and also coordinate with the
remediation team accordingly.
Actively participating with the Microsoft Vulnerabilities in coordination with
Microsoft to discuss the vulnerabilities released by them and also acting as a
single point of contact from India team to re-rate those vulnerabilities according
to corporate.
Actively participating in the P1 and P2 vulnerability discussions with corporate
Member of the WFM group who works on requisitions, created to fill the backfills
and other budgetary controls.
Publishing the business updates to whole ISG Group which have an impact on
Information Risk Management and discuss the same with US counterparts
Member of the communication team who actually takes care of all
communication related activities to ISG Group.
Handling a team of 6 members out of which 4 sits in India and 2 sits in

Personal Details:
|Date of Birth |28/01/1985 |
|Languages known |English, Hindi, Punjabi |
|Gender |Male |
|Marital Status |Married |
|Permanent Address |394-Chandra lok Sabun Godam Meerut city-250002 |
|Alternate E-mail ||
References: Available upon request


I hereby declare that the information furnished above is true to the best of my knowledge.