📍 Naihati, West Bengal, India | 📧 niladri.assurance@gmail.com | 🔗 LinkedIn
Information Security M.Tech student at West Bengal University of Technology (MAKAUT), focused on Governance, Risk, and Compliance (GRC). Hands-on project experience in vulnerability risk assessment, web application risk analysis, social engineering risk assessment, security control monitoring, and audit evidence collection — each project producing professional deliverables with CVSS-scored findings, business impact analysis, and remediation recommendations.
Work grounded in ISO 27001 principles, NIST CSF, and MITRE ATT&CK — with a documentation-first approach that reflects how GRC functions operate in practice.
Open to GRC Analyst Intern roles. Available from June 2026.
| GRC & Risk | Security & Technical |
|---|---|
| Risk Assessment & Prioritisation (CVSS v3.0, EPSS) | Vulnerability Scanning — Nessus Essentials |
| ISO 27001 Principles & NIST CSF | SIEM Monitoring & Log Analysis — Splunk |
| Security Policy & Control Evaluation | Web Application Testing — Burp Suite, OWASP |
| Vulnerability Assessment & Risk Reporting | Network Traffic Analysis — Wireshark, Suricata |
| Incident Documentation & Escalation Workflows | Phishing Investigation & IOC Extraction |
| Audit Support & Evidence Collection | MITRE ATT&CK Mapping |
| Business Impact Analysis | Linux CLI & Windows Event Logs |
| Technical Report Writing for Non-Technical Stakeholders | Python (scripting) |
All five projects produce audit-grade deliverables — risk reports with CVSS-scored findings, business impact analysis, ISO 27001 / NIST CSF control mapping, and remediation recommendations. Not just technical writeups.
Conducted a structured vulnerability risk assessment against Metasploitable2 in an isolated lab environment. Discovered 69 vulnerabilities including 6 Criticals (CVSS 9.8–10.0): Bind Shell Backdoor, VNC Default Password, SSL v2/v3, CVE-2008-0166. Applied CVSS v3.0 + EPSS scoring to produce a P1–P4 risk priority matrix with business impact analysis — directly mirroring GRC risk register and treatment planning practice. All findings mapped to ISO 27001 Annex A controls and NIST CSF.
Nessus Essentials 10.11.2 Nmap CVSS v3.0 EPSS Metasploitable2 ISO 27001 NIST CSF Kali Linux
Assessed DVWA against OWASP Top 10. Identified 4 High/Critical vulnerabilities — SQLi (CVSS 9.8), Brute Force (7.5), XSS (7.3), CSRF (6.5). Analysed HTTP traffic via Burp Suite proxy interception. Delivered a professional risk report with CVSS-scored findings, business impact analysis, remediation guidance, and MITRE ATT&CK mapping — format directly replicable as an internal audit deliverable.
Burp Suite CE DVWA CVSS v3.0 OWASP Testing Methodology MITRE ATT&CK Kali Linux
Investigated a live phishing email. Performed manual header analysis, SPF/DKIM/DMARC authentication checks, and IOC extraction. Enriched indicators via VirusTotal, AbuseIPDB, and WHOIS. Classified attack as Advance Fee Fraud (T1566 – Phishing) and produced a structured incident report with business impact analysis and control recommendations — demonstrating third-party risk and human-risk assessment skills directly applicable to GRC.
Email Header Analysis VirusTotal AbuseIPDB WHOIS MITRE ATT&CK T1566
Deployed Splunk Enterprise to ingest Windows Security logs. Identified unauthorised access attempts via EventID 4625 analysis and SPL-based detection rules. Established threshold-based alerting aligned with access control monitoring — supporting continuous compliance oversight. Produced a structured incident report with risk impact and remediation recommendations mapped to MITRE ATT&CK (T1110, TA0006).
Splunk Enterprise Splunk Universal Forwarder Windows Event Logs SPL MITRE ATT&CK Kali Linux
Configured Suricata IDS with 48,701 ET detection rules. Triaged 249 real alerts across four attack types — Nmap SYN Scan, SSH Brute Force, ICMP Recon, TCP Flood. Correlated IDS alerts to packet-level evidence in Wireshark (8,344 packets, 3,130 TCP conversations). Produced a structured incident report mapped to the cyber kill chain — replicating the audit evidence and control-testing documentation expected in a GRC function.
Suricata 8.0.3 Wireshark Nmap Kali Linux
| Certification | Issuer |
|---|---|
| Certified in Cybersecurity (CC) | ISC2 |
| Security, Compliance & Identity Fundamentals (SC-900) | Microsoft |
| National Workshop on Cryptology 2025 (3-day on-site, hands-on) | IIT Bhilai |
| Cyber Security Awareness Workshop | NCIIPC — National Critical Information Infrastructure Protection Centre |
| Ethical Hacker · Introduction to Cybersecurity · Networking Essentials | Cisco |
| Cloud Computing | NPTEL — IIT Kharagpur |
| Cloud Security and Emerging Technologies | Cloud Security Alliance |
| DevOps & Software Engineering Specialization | IBM |
M.Tech — Information Security | West Bengal University of Technology (MAKAUT) | 2024 – June 2026
B.Tech — Computer Science & Engineering | Regent Education & Research Foundation Group of Institutions | 2021 – 2024 | CGPA: 8.68
Diploma — Electrical Engineering | Regent Institute of Science & Technology | 2017 – 2020 | OGPA: 8.2