Sep 2022 – Oct 2022 · 1 mo · Abu Dhabi Emirate, United Arab Emirates

• Confidential

Oct 2021 – Sep 2022 · 11 mos · Abu Dhabi Emirate, United Arab Emirates

• Handling Multiple projects simultaneously
• Coordinate medium/large security testing projects
• Review scope and findings of other team members
• Helping other team members to bypass in place security controls whenever required
• Analyze applications to understand how they work, where they have weaknesses and demonstrate how identified vulnerabilities can be exploited by developing Proof-of-Concepts
• Make a difference by conducting research on new techniques, security mitigations and identifying zero-day vulnerabilities
• Assist management with certain requests
• Perform peer-review
• Perform Threat Modeling and Arch review
• Develop custom scripts for vulnerability discovery during projects
• Write comprehensive security assessment reports for developers and upper management
• Collaborate with a great team of security experts and work in a lab environment
• Propose mitigations for the security vulnerabilities identified in the Digital14 products
• Perform security reviews of requirements, design specifications, and code
• Raise awareness of our developers to security best practices
• Work closely with our Engineering teams to gain in-depth knowledge of our systems
• Offer support to engineering team to fix the identified security defects and/or security incidents.
• Consistently deliver on commitments on time and with quality

Aug 2020 – Present · 5 yrs 7 mos

• Performed Security testing on Web Application, API Application, Mobile Application, Host System.
• Making a quality report about the discovered issues which consists of whole descriptions, remediation, steps to reproduce and proper PoC.
• Report issues to client and validate the patched issues by retesting/bypassing

Jul 2019 – Oct 2021 · 2 yrs 3 mos · Greater Hyderabad Area

• Interacting with stakeholders in defining scope, gathering the tech stack and requirements of the application.
• Performed Cloud, Web/API, Mobile and Thick Client application security testing.
• Preparing comprehensive reports detailing identified findings and recommendations.
• Assisting project team in understanding risk & threat level associated with reported vulnerabilities according to business criticality.
• Guiding the development teams to mitigate all the identified vulnerabilities.
• Retesting the fixed vulnerabilities.
• CyberArk:
• Creating Vault, Managing Safes, Platforms and Owners using PVWA and private ark client.
• Central Policy Manager (CPM) policies management or redistribution.
• Perform health check monitoring on all CyberArk severs to ensure consistent availability of system to end user.
• AWS Security:
• Performed AWS security assessments for internal applications.
• Identifying and help in fixing the security issues in AWS infrastructure.
• Assessing the IAM, S3 policies, NACL, Security group rules.
• Log Assessments using Cloud Watch, Cloud Trail, GuardDuty.

Mar 2014 – Jun 2017 · 3 yrs 3 mos · India

• Perform Web Application Penetration Tests manually using Burpsuite on their applications.
• Managed Hackerone program to triage and validate issues reported by other security researchers.
• Perform API / Mobile App Penetration Testing.
• Analyze the vulnerabilities identified by the automated tools such as Acunetix and Nessus to avoid false positives.
• Assisting clients in understanding risk & threat level associated with vulnerability with respect to business criticality.
• Guiding the development teams to address all identified vulnerabilities.