NIPUN GUPTA

• ADDRESS - 36-37A, DK Road, Uttam Nagar, Delhi-110059 • PHONE: - +91-7976167241

• EMAIL - [email protected] • LINKEDIN- https://www.linkedin.com/in/ernipungupta/
OBJECTIVE
Cybersecurity professional with a strong 10+ Years experience in ethical hacking, penetration
testing, vulnerability analysis, and network security and GRC (Governance, Risk & Compliance).
Hard-working, energetic, personable, and technical-minded individual. Possess exceptional
customer service and communication skills with the strong ability to multitask and resolve issues
quickly. Currently in a cybersecurity role where I continue to develop and learn new abilities while
contributing to the overall success of the organization. I also possess:

• Experience in SOC Operations, Compliance Management, ISO 27001 ISMS, Risk

Management, COSO, GDPR etc. Frameworks.
• Excellent task management. Ability to handle multiple projects simultaneously
• Experience with IT Audits, Risk Management, Incident Response, Compliance and
Governance.
• Proficient in translating information from technical to executive/management terminology

EDUCATION
University of San Diego - MS, Cyber Security Leadership and Operations
• 2024-Pursuing (Online)

Rajasthan Technical University – Bachelor of Technology, Information Technology

• 2006-2010

Rajasthan Technical University – Master of Technology, Computer Science Engineering

• 2014-2016

CERTIFICATIONS
/ TRAININGS • Certified Information Security Manager (CISM) [Active]
• Certified Ethical Hacker (CEH) [Expired]
• Cisco Certified Network Associate (CCNA) [Active]
• ISO 27001 Lead Auditor & Implementer Training
• GIAC Security Operations Certified (GSOC) Training
• MITRE ATT&CK Cyber Threat Intelligence Training
• ISC2 Certified in Cybersecurity (CC)
• Certified in Information Security and Ethical Hacking (ISEH), Appin Technology Lab

PROFESSIONAL
EXPERIENCE Corporate Infotech Pvt. Ltd., Contractual/ New Delhi, IN Apr 2024 to Mar 2025
Information Security Engineer
• Engage in a variety of SOC Operations including Fortinet SIEM, Palo-Alto PA-4434 NextGen
Firewall, TrendMicro Deep Security EDR, NBAD Trend Micro 4300, PAM Sectona, DAM Imperva,
and more.
• Managing the Governance, Risk and Compliance program for EPFO. Internally assess, evaluate
and make recommendations to CISO.
• Conducted internal & external audits (ISO 27001, NIST & DPDP) to ensure regulatory compliance
as well as Regulatory of UIDAI.
• Developed & executed incident response plans, minimizing downtime from security breaches.
• Implementation of Security policies and procedures as per threat landscape and frameworks.
• Monitoring of networks and identify security breaches and remediate vulnerabilities, risks etc.

Akal Information Systems Ltd., Contractual/New Delhi, IN Jul 2022 to Jul 2023
Senior Network and Security Administrator
• Operation of Network Security & optimization of Arcsight SIEM for real-time monitoring & threat
analysis. Also end point protection using EDR solution.
• Identifying risks for data theft and loss, implement DLP Solutions along with DAM Monitoring.
• Performed security audits, ensuring compliance with ISO 27001 & SOC 2 frameworks.
 • Investigated security incidents using SIEM correlation rules & log analysis.
• Led privileged access management (PAM) implementations for secure credential handling.
• Vulnerabilities patching and remediation with Stakeholders, developing solutions for identified
vulnerabilities.
• Assisted in the development and documentation of security policies, standards, and procedures.

Shree Baidyanath Ayurved Bhavan Pvt. Ltd., Permanent, New Delhi, IN Dec 2021 to Apr 2022
IT Security Executive
• Conducted cybersecurity risk assessments, ensuring secure IAM & access controls.
• Assisted in the development and documentation of security policies, standards, and procedures.
• Developed security awareness programs, reducing phishing attack risks by 30%.
• Implemented policy-based security governance frameworks ISO 27001,NIST etc.
• Working in EDR Deployment and Monitoring in SIEM.

Teamlease Services Pvt. Ltd., Contractual, New Delhi, IN Jun 2018 to Jul 2020
Technical Security Engineer L2
• Conducted cybersecurity risk assessments, ensuring secure IAM & access controls, Crowdstrike
EDR Solution.
• Performed forensic analysis of security incidents, analyzing SIEM logs for anomaly detection.
• Implementation of Risk Management Program along with Auditing & Compliance using ISO
27001, NIST, GDPR, HIPPA Frameworks
• Collaborated with IT and security teams to integrate anti phishing measures into broader
cybersecurity strategies.
• Implemented of SOC2 Framework along with Developed and implemented comprehensive risk
management strategies, as well done reduction in security incidents and financial losses.

HNS Technology Pvt. Ltd., New Delhi, IN (Permanent) Mar 2017 to Mar
2018
SOC Analyst
• Ensured regulatory compliance across cybersecurity operations, reducing audit risks.
• Developed & enforced security controls, ensuring adherence to NIST frameworks.
• Monitored user access logs, identifying privilege escalation attempts.
• Supported SOC operations, analyzing network traffic anomalies.
• Compliance implementation in difference projects such as ISO 27001, ISO27701, HIPAA, GDPR

Appin Technology Lab Pvt. Ltd., Permanent, New Delhi, IN Jan 2013 to Mar 2017
Cyber Security Consultant
• Developed and implemented risk management strategies to minimize exposure and enhance the
overall security posture.
• Led IT process audits, ensuring compliance with industry standards and internal policies.
• Conducted regular reviews of IT policies and procedures to ensure alignment with industry best
practices and regulatory requirements.
• Played a key role in the development and maintenance of the organization's business continuity
and disaster recovery plans.
• Collaborated with internal and external stakeholders to communicate risk findings,
recommendations, and mitigation plans using Frameworks ISO 27001, NIST, COSO, COBIT.

Xtreme Infosoft Pvt. Ltd., Permanent, Jaipur, IN Jan 2011 to Dec 2012
IT Administrator
• Implement and maintain endpoint protection, antivirus, and patch management tools.
• Configure and monitor firewalls, VPNs, and network access controls.
• Enforce user access policies, least privilege principles, and multi-factor authentication (MFA)
• Monitor and respond to security alerts, unusual activity, and potential threats.

LIVE PROJECT Cyber Security Engineer, Remote, IN Jul 2022 to Sep

BASED 2022
INTERNSHIP INFOVIRTECH Pvt. Ltd.
EXPERIENCE • Executed a cybersecurity project focused on endpoint hardening, baseline security checks, and
vulnerability remediation strategies along with VAPT.
 • Gained hands-on experience in threat detection, incident triage, and reporting using tools like
OpenVAS, Wireshark, and the ELK Stack in a simulated corporate environment.

Cyber Security Engineer, Remote, California, US May 2022 to Jul 2022

Virtually Testing Foundation
• Worked on real-time threat analysis, vulnerability assessment, and incident response as part of a
live cybersecurity project. Gained hands-on experience with tools like Wireshark, Nessus, and
Splunk under industry mentorship.

PROJECTS I’VE
WORKED Employee Provident Fund Organization Apr 2024 to Mar 2025
• Supported the GRC program for EPFO by conducting IT risk assessments, BIA, and internal
security control evaluations. Assisted in audits (ISO 27001, NIST), policy development,
compliance, and business continuity planning while liaising with stakeholders to mitigate risks.

Delhi Skill and Entrepreneurship University July 2022 to July 2023

• Implemented enterprise network infrastructure with VLANs, core switching, and segmentation
for enhanced security.
• Deployed ArcSight SIEM and Cisco Firepower for real-time threat detection, IPS, and secure
access.
• Performed network vulnerability assessments, hardening, and traffic monitoring to mitigate
security risks.

Power Grid Cooperation of India Jan 2019 to Jul 2020

• Conducted VAPT and on-site security audits across PGCIL sites PAN India.
• Identified and remediated vulnerabilities in networks, systems, and infrastructure in
compliance with security standards.

CONFRENCES/
TALK ATTENDED Null Delhi – March 2018
Talk – “Building Blocks of GRC: A Practical Introduction for Security Teams”

BSides Bangalore – November 2019

Talk – “ISO 27001: Beyond Documentation – Common Pitfalls and Real Fixes”

CyberSec India Virtual Summit – May 2022

Talk – “Security Challenges in Government Projects: Lessons from GRC Implementation”

BSides Delhi – October 2023

Talk – “Modern Risk Assessment Techniques for Dynamic Environments”

Nullcon Goa – February 2024

Talk – “Auditing in Chaos: Aligning Controls with Real-World Security Incidents”

DSCI Annual Information Security Summit (AISS) – December 2024

Conference– “The Future of ISMS in a Cloud-First, AI-Driven World”

CTFS
Completed 100+ hands-on labs on TryHackMe, covering topics like network exploitation, web app
security, privilege escalation, and SOC analysis
KEY HIGHLIGHTS • Strong expertise in ArcSight & Fortinet SIEM for SOC operations.
• Implementation of Governance, Risk & Compliance (GRC) using RSA Archer, One Trust
GRC etc.
• Hands-on experience in security audits, IAM governance, and compliance enforcement.
• Experience on Threat Intelligence, Incident Response, and Risk Management.
• Hands on Experience in Log Review, RCA report of Incident, Policy Drafting, ITGC & ITAC
Controls.
• Extensive experience on Different types of Audits such as Compliance Audits, AUA/KUA
(Aadhar UIDAI) Audits, Vulnerability Assessments, Internal Security Audits, Information
Security Audits, Process Audits etc.
• Programming/Scripting: Python, PowerShell, Cloud Security: AWS Security best practices.