Pramod Saki

16 years of extensive information technology experience specializing in Information Security across many industries. I accumulated vast experience in working in the different areas of security including Cloud Security Architecture Design, Application and Network Vulnerability Assessment, IR Security Automation, EndPoint Security, DevSecOps, WAF Design and implementation, System Hardening and ISMS, PCI-DSS, GDPR Standard Implementation and Audit.

Blazeclan Technologies an ITC Infotech Brand 08/2017 - Present Principal Cloud Security Architect • Full-time Pune

Designed and implemented Zero Trust Architecture across AWS and Azure landing zones, integrating identity-aware proxies and micro-segmentation controls to limit lateral movement and enforce least privilege.

Established standardized AWS and Azure landing zones, automating foundational security controls including centralized logging, identity federation, and policy enforcement through Infrastructure as Code.

Led Cloud Security Posture Management (CSPM) deployment to continuously monitor misconfigurations, enforce compliance baselines, and provide visibility across multi-account environments.

Architected a multi-cloud security strategy covering AWS, Azure, and Kubernetes, aligning controls with CIS Benchmarks and NIST guidelines while enabling unified security governance.

Integrated cloud-native iDP (e.g., Azure AD, Okta) with AWS IAM Identity Center, enabling seamless SSO and conditional access across cloud services and reducing authentication friction by 40%.

Orchestrated Kubernetes security controls with OPA Gatekeeper, Kyverno, and runtime enforcement via Prisma Cloud, blocking unsafe container images and enforcing network policies cluster-wide.

Built AI-driven cloud security automation workflows using AWS Step Functions, Lambda, and Azure Logic Apps, significantly reducing false-positive alert triage effort.

Standardized and hardened cloud landing zones on AWS and Azure using automated guardrails, baseline policies, and centralized logging, ensuring new workloads launch in compliant environments.

Implemented Kubernetes RBAC normalization and namespace isolation, streamlining access controls and reducing cluster-level privilege escalations.

Modernized IAM architecture by implementing least-privilege roles, automating access reviews, and decoupling identity from infrastructure to support scalable enterprise access management.

Wipro Limited 01/2016 - 07/2017 Technical Lead

Led end-to-end Vulnerability Assessment and Penetration Testing (VAPT) initiatives across cloud and on-prem environments, ensuring alignment with security policies and compliance standards.

Implemented McAfee Vulnerability Manager(MVM0 and QualysGuard VM, enabling automated

vulnerability scanning across infrastructure and applications, and integrated findings into centralized dashboards for tracking and reporting.

Coordinated vulnerability remediation efforts by working closely with infrastructure, application, and DevOps teams to ensure timely patching and configuration corrections within defined SLAs.

Provided regular vulnerability management reports and dashboards to key stakeholders and clients, offering visibility into risk posture, compliance status, and remediation progress.

Executed dynamic application security testing (DAST) using AppSpider and Burp Suite to detect OWASP Top 10 vulnerabilities, such as SQLi, XSS, and insecure authentication mechanisms in web applications.

Established patch governance frameworks, defining patch cycles, exception handling processes, and escalation mechanisms to improve patch compliance and reduce exposure windows.

Performed operating system and middleware hardening across Linux, Windows, and database servers based on CIS benchmarks, reducing the attack surface of critical infrastructure.

Developed and maintained a vulnerability lifecycle management process, including asset discovery, scanning, prioritization, remediation tracking, and metrics-driven reporting.

Concentrix Ltd 02/2014 - 12/2015 Lead Engineer

Implemented and maintained Nessus Security Center for automated vulnerability scanning across critical organizational assets, including servers, databases, and network infrastructure.

Customized scan policies and asset groupings based on organizational structure, business unit segmentation, and asset criticality to streamline repository management and improve reporting clarity for asset owners.

Established automated scanning schedules and differential scan baselines, ensuring timely identification of new vulnerabilities while minimizing performance impact on production systems

Performed vulnerability triage and risk analysis using multiple security advisories (NVD, CVSS, vendor bulletins, US-CERT), enabling informed risk decisions and prioritization for remediation.

Coordinated with application and infrastructure teams to ensure timely remediation of identified vulnerabilities, aligning efforts with change management and patch windows

Led the timely publication of newly released vulnerabilities and exploits to relevant technical teams, enhancing awareness and enabling proactive remediation before widespread exposure.

Conducted root cause analysis (RCA) of recurring vulnerabilities and coordinated with IT owners to develop long-term mitigation strategies, including system hardening and patch baselines.

Infosys India Ltd. 05/2012 - 01/2014 Senior Security Analyst

Conducted periodic security audits of network architecture, servers, firewalls, switches, routers, and deployed security solutions to ensure alignment with secure configuration baselines and vulnerability- free deployments.

Performed gap assessments against company security policies, identifying deviations in operating systems, infrastructure components, and deployed applications, and working with respective teams to remediate and align with enterprise security standards.

Analyzed audit reports and security assessment results, identifying recurring issues and inefficiencies, and developed improvement plans to strengthen audit outcomes and reduce repeat findings.

Led and executed PCI-DSS and HIPAA compliance checks, including scope definition, sensitive data discovery scans, control testing, and documentation of compliance evidence for auditors and stakeholders.

Executed sensitive data discovery scans across endpoints, servers, and databases using DLP and scanning tools to identify unprotected storage of credit card data, PHI/PII, and other regulated content.

Authored and maintained standard security documentation, including hardening guides, secure configuration checklists, and security architecture patterns, ensuring consistency and uniformity in security posture across the enterprise.

Mphasis an HP Company. 11/2008 - 05/2012 Senior Infrastructure Engineer

• Threat & Vulnerability MGMT
Responsible for monitoring the Threat and Vulnerability MGMT tool (ESIS) to check recent vulnerability publications and threats associated with them.
Escalation of service request tickets (security tickets) to the next level with security teams that monitor the affected technologies.
Responsible for monitoring technologies deployed at client location (OS, S/W Tools, and Applications). Creation of Threat & Vulnerability MGMT reports on a weekly basis for clients.

Risk Assessment
Creation of a likelihood and impact matrix after determining threat criticality to busines based on vulnerability risk score.

Vulnerability Assessment
Responsible for conducting pre-install, scheduled, ad hoc, and emergency vulnerability assessments (VA) for numerous clients to identify unpatched and vulnerable points in the target machines.
To assist the client in mitigation and remediation of findings during scans.
Creation of an escalation ticket with the scanning tool vendor for the confirmation of false positives, if any.
On-demand packet capturing using N/W sniffers and log monitoring.

Master of Computer Applications

RGTU,Bhopal(MP)

Bachelor of Science

Vikram University(MP)

Higher Secondary(10+2)

MP Board,Bhopal