Enterprise Security Architect
Mr. Basu is an Enterprise Security Architect at Infosys and a vulnerability management consultant.
Basu provides managed security services to one of the largest financial institutions in the US for vulnerability management, server compliance and database compliance. Mr. Basu is a Certified Ethical Hacker (CEH) and a CISSP. He is experienced in vulnerability assessment, security evaluation and penetration testing of servers, databases, infrastructure network and applications using various tools such as ZAP (OWASP), Qualys, Nessus, OpenVAS, Rapid7 (nexpose/infraVM) and various Kali Linux tools.
Mr. Basu has performed various security audits to evaluate compliance with security standards such as ISO 27001, NIST-800-171 and FISMA and involved in decision making process for a vulnerability management solution.
Basu has 15 years of progressive industry experience. He has also managed various projects and managed various sized teams. Basu is also well versed with security requirements for US Govt. projects as he worked as a Software Engineer to support projects for the US Navy and followed strict STIG requirements for enterprise software development.
He also develop security training materials and conducts company wide cyber security.
- Security Architecture
- Application Security
- Cloud Security
- Penetration Testing
- Infrastructure Vulnerability Management
- Project Management
- Azure Security Engineer
- Azure Solutions Architect
- CompTIA Security+, Network+, A+, Linux+
- LPIC -1 Certified Linux Sysadmin
- CompTIA IT Operations Specialist (CIOS)
- CompTIA Linux Network Professional (CLNP)
- CompTIA Secure Infrastructure Specialist (CSIS)
- CompTIA IT System Support Specialist (CSSS)
- Microsoft Security Fundamentals
- Microsoft Windows Server Administration
- Microsoft Networking Fundamentals
- CIW Certified Business Associate
- Certified Safety Sensitive Personnel
- Bachelors in Earth Sciences – Jadavpur University, 2000.
- Master’s in Applied Science – Indian Institute of Technology, 2002
- Master’s in Geochemistry – Georgia State University, 2004
- Master’s in Hydrogeology – Virginia Tech, 2006
- Associate in Cyber Security, New River Community College, May 2017
- Associate in Networking, New River Community College, August 2017
- Associate in Information Technology, New River Community College, August, 2017.
Cyber Security Competitions
- Finalist at Cyber Security Competitions (RUSecure) at Radford University in 2016 (ranked 7th/70) and 2017 (ranked 5th/120), first stage. Team captain for both years.
- Finalist in Cyber Start hacking competition organized by SANS in 2017. Received $1500 scholarship and access to special cyber security development program by SANS.
- Participated in National Cyber League, 2017.
For one of the end-client in the financial sector, Mr. Basu works as the on-site Team Lead for vulnerability management, server compliance and database compliance.
• Performs compliance and vulnerability assessment of over 5000 servers using Qualys.
• Performs database compliance for Sybase, Oracle, MS MQL and UDB/DB2 using Qualys.
• Performs assessment of network devices for vulnerability and compliance.
• Uses ServiceNow for IT requests, incidents and CMDB.
• Integrates CyberArk as a central password vault for all scanning accounts used in Qualys.
• Maintains in-house scripts developed in Java and Python to automate scanning of infrastructure resources using Qualys API.
• Develop transact-SQL queries and procedures to analyze and process vulnerability data gathered from Qualys scan results.
Harmonia Holdings Group LLC
Software Engineer and Information Security Group Lead, 11/2015 – current
As a software Engineer and Team Lead, Mr. Basu has worked on multiple Government projects, especially for the US Navy. He is also the team-lead for the Information Security Group (ISG) at Harmonia that is responsible for managing and continually improving Harmonia’s Quality Management System processes relating to information security. In addition to developing enterprise software applications n JAVA EE, Mr. Basu performs technical security assessments of applications and infrastructure, security design reviews as well as risk assessments.
Example of project specific work is specified below.
Client: Office of Naval Research (ONR), STEELBLUE, SAPPHIRE
Software Engineer / Information Security Group Lead. 2015-2018
- Developed application using Java EE to support a R&D project for the military.
- Research and apply DISA Security Technical Implementation Guides (STIGs), Develop RMF artifacts
- Perform Risk Analysis, lead ISO 27001 certification, review security controls, perform gap analysis and recommend additional security controls.
- Perform vulnerability assessment of Harmonia’s production network.
- Provide security training to employees at Harmonia.
Client: Office of Naval Research (ONR), Fusion in a cloud
Software Engineer, Team Lead 09,2016 – 12/2017
- Develop Enterprise Ruby and Java applications in MVC architecture.
- Develop automation scripts using Ansible.
- Manage a private-cloud with an ESXi hypervisor and perform testing of cloud based distributed software stack.
- Manage and configure clusters within a private cloud using Puppet and Ansible
- Group lead of the Information Security Group (ISG) at Harmonia that manages information security risk for the organization.
- Perform penetration testing (ZAP tool) and prepare vulnerability reports for software products.
- Perform server STIG and application STIG for government projects.
- Prepare Security Assessment Reports (SAR) based on NIST 800-53 control framework.
- Prepare POAM documents, Security Assessment Reports (SAR) and vulnerability reports.
- Develop datastore using relational database systems and concepts (SQL Server, MySQL, PostgreSQL, etc.)
Client: Office of Naval Research (ONR), SAPPHIRE
Software Engineer 11,2015 – 09, 2016
- Developed application using Java EE and developed REST client for the application.
- Develop unit tests and integration tests for the application.
- Maintain source code using git
Marshall Miller and Associates (MMA) / Cardno Inc. Bluefield, VA
Senior Hydrogeologist / GIS analyst, 06/2006-11/2015
Mr. Basu worked as a consultant at Marshall Miller and Associates and performed various roles based on the project need. As a programmer, Mr. Basu developed secure computer code in Java, R and Python and performed vulnerability assessment and input validation. As a GIS Analyst, he prepared and maintained databases and developed SQL queries for geo-data analysis. Mr. Basu also developed numeral three dimensional models using FORTRAN to assess regional ground water flow.
- Managed complex large-scale projects for various clients; Managed access control to data and maintain client confidentiality as a consultant; manage physical security, safety and access control of drilling sites.
- Developed computer code using R to analyze radioactive sensor data and developed in-house software plugins for hydrogeologic data analysis.
- Developed python scripts to automate GIS data processing and model development.
- Prepared safety procedures and policies for various field projects.
- Prepared procedure for VA Department of Transportation (VDOT) for handling acid producing soils.
- Prepared numerical groundwater models using FORTRAN based MODFLOW; prepared analytical groundwater models based on ANAQSIM.
Research Assistant/Teaching Assistant, 06/2004-06/2006
Virginia Tech, Blacksburg, VA
- Taught graduate level lab classes in Hydrogeology; developed FORTRAN code for 3D-groundwater problems; performed data analysis and data visualization of geochemical data; used Atomic-Adsorption Spectrometer and Scanning Electron Microscope for chemical data analysis.
Research Assistant/Teaching Assistant, 06/2002-06/2004
Georgia State University, Atlanta, GA
- Taught geology lab classes, Managed X-Ray diffraction lab; performed K-Ar radiometric dating of soil samples; Performed statistical data analysis of geochemical data.
- Cisco CyberOps Scholarship, 2018
- SANS CyberStart Scholarship to attend special cyber security course developed by SANS institute, 2017.
- Outstanding Student Award in IT and Network Security, New River Community College, 2017.
- Recipient of NSA Funded awards on Cyber Security Competition hosted at Radford University, 2016 and 2017.
- Who’s Who Among Students in American Universities and Colleges, 2016.
- President’s List, New River Community College – 5 times between 2015-2017.
- University Gold Medal, Jadavpur University, 2000.
- National Award, West Bengal Board of Education, 1997.
3,196 total views, 19 views today