Sharana Basava M S

Product Manager

Bengaluru, Karnataka, India6 yrs 8 mos experience

Highly Stable

Key Highlights

Expert in end-to-end penetration testing and security assessments.
Led initiatives to automate security checks, enhancing operational efficiency.
Delivered impactful tech talks on secure coding practices.

Stackforce AI infers this person is a Product Security Expert specializing in SaaS and Cybersecurity.

Contact

Skills

Core Skills

Product SecurityCyber-securityPenetration TestingApplication SecurityRed TeamAndroid Security

Other Skills

AWS SecurityAWS cloudAcunetixAmazon Web Services (AWS)Android malware analysisApexApex ProgrammingArchitectural ReviewAzure cloudBurp SuiteCSRFCloud InfrastructureCloud SecurityCode ReviewCommunication Protocols

About

As a Product Security Leader, I bring a wealth of expertise to the table. My specialization includes extensive end-to-end penetration testing, intricate networking protocols, and the development of cutting-edge tools. With proficiency in Web Security Testing, Mobile Security, Network Security, Protocol Security, and Android Malware Analysis, I ensure a comprehensive approach to security. I am actively engaged in cloud security assessments and Kubernetes assessments, proactively working to enhance the organization's AppSec practices. Additionally, I am committed to delivering tech talks and training sessions on secure practices, contributing to organizational growth and ensuring robust software security. Love for automating boring stuffs via python. Github: https://github.com/themalwarenews/ THM : https://tryhackme.com/r/p/iammirror Hackthebox : https://app.hackthebox.com/profile/322301 solves android technical issues in https://youtube.com/c/ByteTheories

Experience

Vimeo

Senior Product Security Engineer

Mar 2025 – Present · 1 yr · India · Remote

Conducting security assessments and implementing secure coding best practices, while actively collaborate with development teams to embed security measures throughout the software development lifecycle. Driving initiatives to automate security checks and optimize vulnerability scanning processes. Providing ongoing expertise in threat modeling and developing tailored risk mitigation strategies to address emerging security challenges in our applications.

Security assessmentsSecure coding best practicesVulnerability scanningThreat modelingProduct SecurityCyber-security

Infoblox

Senior Product Security Engineer

Sep 2022 – Mar 2025 · 2 yrs 6 mos · India

Led extensive end-to-end penetration testing, successfully completing over 20 Pentests on core product functionalities.
Conducted thorough penetration tests on DNS, DHCP, and VPN, showcasing a proficient understanding of intricate networking protocols, including VPN, Firewall, BGP, and Anycast.
Pioneered the establishment and leadership of the AppSec service, meticulously implementing Threat Modeling (STRIDE) across all SaaS and On-Prem Applications.
Engineered cutting-edge tools, resulting in a remarkable 35% surge in assessment automation, marking a significant milestone in operational efficiency.
Actively engaged at the forefront of Incident Response, demonstrating hands-on mastery of reconnaissance tools such as Shodan, Censys, WHOIS, Virustotal, and URLscan, along with manual analysis of malwares and complex exploits.
Played a pivotal role in Incident Response, skillfully triaging and monitoring over 15+ critical incidents with precision and diligence.
Developed in-house Incident Response Playbooks to effectively address complex security incidents at the product level.
Delivered organization-wide tech talks and training on secure Owasp Top 10 and the Impact of RedTeam in an organization, emphasizing the implementation of best security practices for robust software security.
Spearheaded two comprehensive RedTeam engagements, addressing complex vulnerabilities with the chaining of multiple vulnerabilities to take over the entire Production service.
Orchestrated the seamless integration of AWS services with Panther SIEM, optimizing log management by an impressive 40%, and crafted bespoke detection rules and scripts to enhance our Incident Response capabilities.
Collaborated closely with stakeholders of the products to implement the best Vulnerability Management (VM) methodologies. This initiative resulted in a 40% reduction in vulnerabilities related to open source dependencies across the organization.

Penetration testingNetworking protocolsThreat modelingIncident responseVulnerability managementProduct Security+1

Cognizant

Application Security Engineer (Subject Matter Expert)

Jun 2019 – Aug 2022 · 3 yrs 2 mos · Banglore

Subject Matter Expert (SME) and Team Leader for the Google Play Protect Project.
Guided reverse engineering and conducted in-depth analyses of Android applications, effectively addressing threats and producing detailed reports.
Played a pivotal role in mentoring team members, assisting them in mastering advanced techniques for analyzing Android applications, including React Native, Cordova, Java, and Kotlin.
Conducted research and formulated rules(NSR) to identify harmful applications with similar patterns, successfully preventing billions of installations.
Executed Vulnerability Assessment and Penetration Testing (VAPT) on web, mobile, and API platforms, - successfully detecting and mitigating vulnerabilities while adhering to the Owasp Top 10 and Sans 25 references.
Provided Android Malware analysis training for the L0 and L1 levels, significantly enhancing peers' skills and increasing team productivity, leading to a decrease in the error rate.

Reverse engineeringVulnerability assessmentAndroid malware analysisMentoringApplication SecurityAndroid Security