SANDIP SENGUPTA

mailsengupta@gmail.com
+91-8296481109/8014324921
Bengaluru

● A proactive and passionate Information Security specialist worked in almost all fields of security
domain starting from Application Security, Network Security, Data Security, Compliance & Auditing
as well as in Risk Management and therefore have the ability to understand Security Loopholes from
different perspectives. ● Always an eager learner in security domain and well networked with
security big names to follow every minute changes in this industry. ●Have worked with diverse
security critical sectors (Government, Telecom, Banking and IT) to learn the various demand of
today’s think-tank for a future security safe heaven. ● Proven success, key opinion leader & subject
matter expert in the following disciplines:

AREAS OF EXPERTISE
 Risk Management
 Information Security Governance and reporting
 ISO 27001 implementation & Auditing
 PCI-DSS, NIST standards on Cyber Security
 OWASP 2013 and Secure SDLC standards
 Business Continuity Planning
 Developing Security Policies and Procedures
 Security architecture design and review
 Knowledge on Nessus, Nexpose, Metasploit
 AppSpider, Acunetix Web App Security Scanner
 Network Infrastructure Security Mechanism
 Threat and Vulnerability assessment
 Penetration Testing
 Proactive research on latest threats
 Cryptography Algorithms
 Knowledge on reviewing firewall rulesets, IDS,
IPS

EDUCATION
 Masters in Advanced Computer Science (Computer Security): University of Manchester: UK
(2013). Modules: Cryptography, Network Security, IT Governance. (Equivalent to M.Tech in
India)

 B-Tech in Information Technology: West Bengal University of Technology: India (2007)

EXPERIENCES
FIS (Fidelity Information Services) From May 2016

At FIS (a Fortune 500 company), I am working in its Risk as A Service line of business which works as
cloud source security services to Banking Sector. Being a part of its Red Team, I have

 Performed Vulnerability Management, Penetration Tests and doing Risk assessment for
different banking sector clients as required.
 Performed secure code reviews
 Performed static code scanning and direct issue remediation
 Enforced additional security policies with technical teams·
  Maintained and govern software and component inventories
 Worked with Security Analysts and Production Support to monitor security tools
 Communicated and enforce additional security and development policies and procedures

Aujas Networks Nov 2015 – May 2016

Position: Consultant
As a consultant for Aujas Networks I worked with one of the largest Telecom providers of the World.
My job is to create a baseline security audit of all the critical applications the client uses for South
Asia region and report it to CISO. It deals mainly on overall risk profiling of all the applications being
used and analyzing the security gaps associated with them. As part of my job responsibility, I am
working with over 1500 systems/server’s data to generate a detailed security analysis of the
applications being used by the Telecom giant.

National Institute for Smart Government June 2014- Nov 2015

Position: Consultant- Cyber & Data Security in State Data Center

My job is to support CISO (Director of Directorate of Information Technology) with all the relevant
consultation for the betterment of State Data Center Security process. Successfully implemented ISO
27001:2013 standard in SDC and raised the awareness of all stakeholders of State IT Departments
regarding Information Security. Successfully overcame the challenge of Creating Security Awareness
among Government Employees and implemented a robust Network security structure with 60%
reduction in security implementation flaws.

Accomplishments:

 Orchestrated standardization of key management policies, identity and authorization

management, host and network infrastructure security mechanisms.

 Remodeled implementation of security environment in State Data Center (SDC) based on the
existing standards and frameworks such as IS027001, NIST and ensured adherence and
implementation of e-governance security frameworks and ISO security standards over 60
State IT Departments.

 Liaise & coordinated with internal and relevant external agencies (both government and non
government) to ensure that the security standards are adhered to on all the initiatives.

 Identified security gaps in current implementations at all the layers of application/ ICT
infrastructure devices, cryptographic algorithm and develop solutions and create
implementation methodology to plug the gaps.

 Enhanced the Network Security mechanisms by auditing through different VA tools

(Metasploit, Nessus, Openvas) over and over to minimize the risk of security loopholes for
the first time in SDC.
RAD Communication Systems 2010
Position: Project Manager

Accomplishments:

 Maintained client relations to ensure the changes involved in the project

 Managed staffs to ensure best outcomes within time limits.
 Assisted technical team in their design and development tasks.
 Trained new resources
 Enhanced Corporate Communication to above satisfactory level which generated more
valuable projects

PervCom Consulting Private Limited 2009

Position: Software Developer, Business Developer

Accomplishments:

 Developed Object tracking software using Asp.net, C#, SQL Server

 Provided on site customer solution for different projects regarding object tracking.
 Provided onsite customer presentation about the RFID tracking solution.
Technology Skills:
Asp.net 3.0, SQL Server 2005, Microsoft BizTalk Server 2006

NIIT Technologies Limited 2007- 2009

Position: Software Developer.
Accomplishments:
 Developed Security Awareness materials for internal purpose.
 Developed customized web pages using ASP.net, C#.
 Developed new database and customized existing one with the help of SQL server for the
vehicle tracking software.
 Tested developed software and prepared test cases.
 Worked constantly under tight schedule in huge team environment.
 Took part in client dealing with software requirements.

Technology Skills:
ASP.NET 2.0,C# 2.0,WCF,Visual Studio 2005/2009, SQL server 2005, SQL Server Reporting
Service, SQL server Integration services, BizTalk Server 2004.

ACTIVITIES & INTERESTS

 Solving Puzzles
 Learning languages
 Mountaineering, Rock Climbing, Trekking, Camping.
 Worked with few NGOs in different parts of the country.

Sandip Sengupta - mailsengupta@gmail.com - +91-8296481109