Sounak Ray

I am Sounak Ray, a cyber security leader with 14 years of experience across different domains like Security Operation, Security Engineering, Risk Management, Cloud Security, AI Security etc. with proven track record in companies like Microsoft, Nomura etc.

The Career Path:
Feb 2024- August 2024- Chief Expert Vulnerability Management for Huawei Technologies Duesseldorf GmbH (Munich Research Centre).

KEY DELIVERABLES:
Vulnerability Management
Make plans to apply vulnerability management engineering methods and technologies, including gaining deep insights into application trends, planning and deploying engineering methods and technologies, and incorporating advanced engineering and technology innovation into industry standards or industries to gain a competitive edge.
Leadership – Secure SDL
Lead in designing and maintaining the E2E development of corporate- level vulnerability lifecycle management capabilities, including but not limited to vulnerability awareness, verification, assessment, vulnerability impact mitigation, vulnerability patch ability, vulnerability fixing, and vulnerability disclosure, and continuously optimize the corporate-level capability baseline. Maintain the advancement of engineering, technology, and methods in the field of vulnerability management and security emergency response.
Industry Contribution
Continuously provide public engineering governance, operations, and analysis capabilities based on vulnerability data to facilitate self-improvement of subsidiaries and industries, and provide customers with engineering and technology solutions that are easy to deploy and simplify check and assessment, so as to support efficient, quick, and automatic mitigation of vulnerability risks on live networks

June2022- Jan 2024 with Microsoft

The Career Path:
June 2022- Jan 2024- Senior Security Assurance Engineer for Microsoft India Pvt Ltd.

KEY DELIVERABLES:
Azure cloud security Assurance
Conducting security reviews for first party services to provide security assurance ensuring depth and breadth of coverage to suffice secure multi-tenancy. 
Identifying gaps in SDL and improvise DevSec process.

Azure cloud security variant hunting with DevSec Team:
Handling escalations for security incidents related azure platform for different Microsoft Security Research Center cases.
Variant hunting horizontally and vertically across the first party services to ensure identification of vulnerability and different kind of exploitation techniques.
Penetration testing for multiple services on demand as required.
Threat model review
Threat model review for different applications and services developed for Azure and recommend design as well as overall architecture improvements.
Security review to ensure built-in security in as a part of dev-sec-cloud-ops on demand basis.
Leadership
Managing sprints to accomplish goals aligned with overall C+AI security core priorities.
Assigning and tracking tasks to ensure velocity with effective cycle time. 
Highlights
Identified and ensured remediation from design for many critical as well as cross tenant vulnerabilities leading to security incidents. 
Demonstrated measurable impact in C+AI first party app security over a short period of time.

July 2014- June 2022 with Nomura Research Institute Financial Technologies India Pvt Ltd
The Career Path:
July 2014- June 2022- Senior Manager Information Security for Nomura Research Institute Financial Technologies India Pvt Ltd.

Team Size handled: 11 including 2 Respective Team Leads.

KEY DELIVERABLES:
Managed Security Operation with SIEM:
Leading Security operation centre as cloud based next generation managed security services with ArcSight for more than 15 leading companies in United States including Banks, Financial Organizations, Telecom Giants, Govt Organizations etc.
Authoring next generation SIEM contents like Rules, Reports, Pattern Discovery, and Dashboards etc. as super-user.
Responsible for security incident management framework.
Act as subject matter expert for unusual malware analysis for MDR ( Crowdstrike) service.
Act as escalation point for Security Analysts Team and technically guide analyst team lead for critical cases.

Vulnerability Management and Penetration Testing:
Managing penetration testing framework as per global requirement within Nomura Holdings.
Responsible as the Technical Delivery Lead for product application security testing activity using tools like VEX, Acunetix, Burp Suite and Various Exploitation tools in Kali Linux like SQLMAP, BEEF, MetaSploit Framework, Commix, dotdotpwn etc.
Conduct Vulnerability Management for developed products.
Risk management and Threat modelling for organization as well as NRI clients.
Network and Infrastructure Vulnerability Management for Cloud Infrastructure as well as on premises Data Centres.  

Security Architect and Project Management:
Responsible for cloud architecture review with IAAS by AWS to ensure right amount of security in our SAAS model.
Delivery Head for all the Cyber Security related projects across different domains.
Responsible for activity plan as well as overall productivity of both SOC and Penetration Testing Team.

Information Security Strategy Management
Responsible for managing Information Security Strategic framework of organization.
Conduct internal audit for ISO/IEC 27001 as ISMS tool.
Develop cyber security strategy and controls for various organizational business units.
Responsible for overall information security Risk Management including 3rd Party vendors.

September 2013- June-2014 with Hewlett Packard (HP)
The Career Path:

September 2013- June2014- Security Engineer in HP Enterprise Security Solution (ESS) Team in the project of UCO Bank India under payroll of Nityo Infotech Services Pvt Ltd.

Team Size handled: 3 Associate Security Engineers.

KEY DELIVERABLES:
Security Operation and Incident Management 
Audit and maintain Security Compliance for Data Centre (DC) unit and Disaster Recovery (DR) unit of client.
Security monitoring and Incident Handling by SIEM Technology (Symantec Security Information Manager and ArcSight) in Security Operations Centre.
Creation and modification of correlation rules in SIEM product.
Specialized investigation with analysis of logs for various security devices like firewall, IPS, Windows, AV etc. 
Conducting internal process audits & process reviews for ensuring strict adherence to the process parameters / systems as per defined guidelines in ISO/IEC 27K.
Reviewing reports and Presented to Customer Stakeholders.
Providing solution to assigned tickets regarding security incidents.
Approving changes for other team considering impact from security perspective.

Quality Assurance and Knowledge Building
Providing security awareness training for different internal Teams of Customers.
Improving quality of daily deliverables to client for SOC.

October 2010- May 2013 with Global Cargo Group
The Career Path:

October 2010- May 2013- Security Analyst

KEY DELIVERABLES:
Vulnerability Assessment and Penetration Testing:
Successfully performed Black-box and Gray-box Penetration testing in more than 20 companies on behalf of various Govt and Private secret intelligence agencies and investigation agencies.
Analysis of identified vulnerabilities to eliminate false positives.
Preparing OSTINT (Open Source Threat Intelligence report) report for the Customers.
Web Application Penetration Testing test based on OWASP standards and testing guide and reporting to the client  
Manual Web application security testing using Firefox add-ons,Burp-Suite kali -Linux tools and Automated Testing using tools like Acunetix ,Net-Sparker, Sql-map etc 
Network Penetration Testing using tools like  Nmap, Nessus, Metasploit etc
Analyse vulnerability with Business Context to assess severity level.

Penetration Testing and Security audit
Implemented network and web application security in more than 15 companies.
Investigated Cyber crime and gathered proof against black hat hackers on behalf of various national Investigation agencies.

University graduate with Electronics and communication engineering in 2010 from West Bengal University of Technology, Kolkata, India.

Certifications: NSD- Penetration Testing Professional, CEH, ISO-27001 Lead Auditor, CISSP.