Ashish Das

Experience

• 

  Sophos

  Jan 2017 - Apr 2019

  Network Security Engineer

  I worked as Network Security Engineer for Sophos Inc where I worked with various teams and contributed in the following way:- Worked with the tech support team to log, debug, and resolve customer issues with multiple Network Security products of Sophos like UTM on AWS, XG, Sophos Email Appliance, Sophos Cloud Web Gateway, Sophos Optix, Sophos Wireless.- Worked with the Sales Engineering team to secure new orders and renewals by performing and helping with the demonstration of Proof-of-Concept(POCs).- Evaluated customer's network and security infrastructure and provided detailed reports including the vulnerabilities discovered and methods to patch them.- Worked with the development team to test new and improved features, report field reported bugs, and also discover and patch vulnerabilities in various security products of Sophos.- Gained hands-on experience with multiple technologies like Next-Generation Firewall, IDS/IPS, TCP/IP, IPSEC, BGP, OSPF, MPLS, VPN, WAF, SPF, DKIM, DNS, IAM, LDAP, HAProxy, SSL/TLS, PostgreSQL.- Extensive troubleshooting experience on AWS deployed infrastructures, especially on gateway and firewall issues.- Mentored and trained junior engineers with new products and technologies, wrote KnowledgeBase Articles for customers as well as for internal troubleshooting purposes. Show less

• 

  New York University

  Sept 2019 - Jun 2020

  I worked with the Secure Systems Lab at NYU, led by Dr. Justin Cappos, where I worked on a CNCF-incubated project, in-toto, with Dr. Santiago Torres-Arias and contributed for the following:- Enhanced the capabilities of in-toto to verify the trustworthiness of the functionaries in a software supply chain by adding the verification mechanism of functionaries' machines with the help of the Trusted Platform Module (TPM). - Developed the API for TPM in Python (which is originally in C) so that it can be integrated with in-toto's library and can increase the scope of the tool. Show less I worked as a Developer for Vital, which is a private cloud environment at NYU that provides VMs to students of the CSE department to perform lab exercises for various courses. I worked on the following things during my time:- Maintained and debug issues with the Django Server and ZeroMQ.- Automation of deployment of new VMs with the help of Ansible playbook which took considerable time previously when deployed using a gold image.- Integration of Kibana as a platform monitoring tool for Vital which reduced the troubleshooting time for various issues significantly. Show less

  • Graduate Research Assistant

    Sept 2019 - Jun 2020

  • Developer

    Sept 2019 - Mar 2020
• 

  IBM

  Jun 2020 - Aug 2020

  Research Software Engineer Intern

  I worked with the Hybrid Cloud Infrastructure team during the internship and the following were the things I worked upon and its outcome:- Implemented an attack POC on the IBM Cloud host QEMU with the help of previously known vulnerabilities.- This attack used the redundant system calls which were allowed from the Guest OS to compromise the Cloud host.- I worked to develop a Dynamic Syscall Filtering mechanisms for such system calls which were not needed after a certain phase in VM operation.- Studied the different VM operation modes like booting, migration, shutdown and produced a novel finding of the system calls used in each phase.- Developed mechanism to study and evaluate the performance of Cloud Microservices with the help of DeathStarBench benchmark suite.- Achieved to reduce the attack surface of the host QEMU significantly with the mechanism by reducing the binary size to 2.5 MB, and therefore the scope of its compromise.- This mechanism was presented to the Redhat team who maintains QEMU and was submitted as RFC. Show less

• 

  Linode

  Jan 2021 - Jun 2021

  Security Engineer Intern

  • Implementing Incident Response Infrastructure for Linode with the help of osquery, FleetDM, and ELK stack tomanage over 7000 Linode hosts.• Leading the deployment of Sophos Endpoint and policies pushed throughout the Linode’s corporate assets for SIEMintegration through automation tools like SaltStack and JAMF.• Part of the IAM team, which is deploying FreeIPA across 33 Data Centers of Linode for its Linux Host servers, for HBAC roles and permissions.

• 

  Varo Bank

  Jul 2021 - Jan 2023

  Technology Auditor
• 

  Amazon Web Services (AWS)

  Jan 2023 - now

  Global Services Security Global Services Security

  • Security Consultant

    Apr 2024 - now

  • Associate Security Consultant

    Jan 2023 - Apr 2024