Mar 2025 – Nov 2025 · 8 mos · Gurugram, Haryana, India · Hybrid

• Conducted comprehensive vulnerability assessments across 35+ products, including web, mobile, API, and thick client applications.
• Managed vulnerability operations workflows by triaging vulnerabilities based on risk severity, exploitability, and business impact, utilizing CVSS scoring to prioritize remediation efforts effectively
• Led remediation efforts for critical industry-wide vulnerabilities, including Log4j, Spring4Shell, and OpenSSL issues.
• Developed security dashboards to track vulnerability trends, remediation progress, and risk metrics for leadership reporting.
• Automated security processes using Python, Bash, and Jenkins, improving efficiency in vulnerability scanning and pentesting workflows.
• Conducted secure SDLC assessments and threat modeling workshops, improving proactive security integration.
• Provided guidance on API security best practices, ensuring secure authentication, rate limiting, and data protection mechanisms.

Apr 2024 – Mar 2025 · 11 mos · Gurugram, Haryana, India · Hybrid

• Conducted manual and automated penetration testing on web applications, APIs, and cloud environments.
• Developed custom exploits and attack payloads, improving security test coverage beyond standard scanners.
• Performed Active Directory security assessments, identifying privilege escalation risks and configuration weaknesses.
• Assisted in cloud security testing, identifying misconfigured IAM policies, insecure storage permissions, and weak encryption practices.
• Researched and presented findings on zero-day vulnerabilities and advanced attack techniques.

Aug 2023 – Apr 2024 · 8 mos

• Led penetration testing engagements, simulating real-world attack scenarios on web, network, and cloud environments.
• Conducted secure design reviews and cloud security assessments (AWS, Azure, GCP), identifying misconfigurations and enforcing security best practices.
• Developed security automation scripts (Python, Bash, Jenkins) to streamline vulnerability detection, reducing manual effort by 50%.
• Integrated SAST (Semgrep, SonarQube) and DAST (BurpSuite, Nessus) tools into CI/CD pipelines, improving security coverage.
• Led threat modeling workshops using STRIDE & MITRE ATT&CK, enabling teams to proactively identify and mitigate risks.
• Collaborated with engineering teams to implement secure authentication mechanisms (OAuth, SAML, JWT) and data protection policies.

Sep 2021 – Aug 2023 · 1 yr 11 mos

• Conducted penetration testing on web applications, APIs, mobile apps, and thick clients, identifying vulnerabilities and providing remediation guidance.
• Assisted in network vulnerability assessments, evaluating firewall configurations, segmentation, and Active Directory security controls.
• Performed secure code reviews, identifying authentication and authorization issues in application logic.
• Supported incident response and forensic analysis, investigating security breaches and improving detection mechanisms.
• Provided security awareness training for development teams, helping them understand and mitigate common security risks.

Apr 2021 – Sep 2021 · 5 mos

• Assisted in network vulnerability assessments, identifying security misconfigurations and analyzing risk factors.
• Conducted basic web application security testing, learning OWASP Top 10 vulnerabilities and secure coding practices.
• Supported security teams by analyzing SIEM logs, assisting in threat detection and initial triage.
• Gained hands-on experience in automated vulnerability scanning (Nessus, OpenVAS) and manual testing (BurpSuite, Nmap, Wireshark).
• Worked on a university cybersecurity project, conducting vulnerability assessments for web applications and network infrastructure.

Jun 2021 – Sep 2021 · 3 mos

Jun 2021 – Sep 2021 · 3 mos · Haryana, India

Jan 2021 – Jun 2021 · 5 mos

May 2020 – Jul 2020 · 2 mos