Profiles search

Simran Sohal

Information Security Analyst @ APA
Boston, MA, United States

Details

Education: Master of Science - MS

Cybersecurity

Northeastern University

2021 : 2023

Bachelor of Engineering - BE

Information Technology

Institute of Engineering & Technology DAVV, Indore

2016 : 2020

High School



St. Raphael's H.S. School

2016
Experience: 2023 : Present

American Psychological Association

Information Security Analyst II

Graduate Teaching Assistant : Security Risk Management & Assessment

2022 : 2022

Khoury College of Computer Sciences

Graduate Teaching Assistant

• Performed penetration testing using Nmap, Burp Suite and Metasploit to collect proof of concept of exploitable vulnerabilities such as Improper Access Control and Authentication failure, and provide security remediations.

• Collaborated with developers for static application security testing (SAST) using Fortify to identify source code vulnerabilities such as XML eXternal Entity injection (XXE) and SQL injection, and propose secure code recommendations.

• Automated security testing process by building CI/CD Jenkins to scan GitHub repositories using Fortify and Checkmarx.

• Implemented Single Sign On (SSO) through OAuth 2.0 and OpenID Connect to enable seamless access to applications.

2022 : 2022

Bloomberg LP

Product Security Engineer

2022 : 2022

Northeastern University

Residential Security Office Proctor

• Conducted anomaly-based and signature-based malware detection by network traffic monitoring and log analysis of various

network devices like Netgate pfsense firewall, Cisco routers and Snort IDS.

• Set up Splunk alerts for event correlation and incident response operations to proactively identify and mitigate threats.

2019 : 2019

Indian Railways

Network Operations Intern
Company: American Psychological Association
Years of Experience: 2

Skills

Burp Suite, Cisco Firewall Security, Cloud Security, Continuous Integration and Continuous Delivery (CI/CD), Cross-functional Collaborations, Cyber Risk Management, Database Management System (DBMS), Data Privacy, Digital Forensics, DLP, Educational Leadership, Ethical Hacking, Firewalls, Google Kubernetes Engine (GKE), GRC, IDS IPS, Incident Response, Information Security, Infrastructure Security, Internet Protocol Suite (TCP/IP), Intrusion Detection, IT Security Assessments, Java, Linux, Log Analysis, Malware Analysis, Network Engineering, Network Security, NIST 800-53, Penetration Testing, PKI, psense, Python (Programming Language), Risk Management, Security Automation, Shell Scripting, Snort, Threat & Vulnerability Management, Vulnerability Assessment, Vulnerability Management, Web Application Security, Wireless Security, Wireshark