Sahil Sharma

Product Manager

Bengaluru, Karnataka, India11 yrs 7 mos experience
Most Likely To SwitchHighly Stable

Key Highlights

  • 7+ years of experience in Information Security.
  • Expert in Application Security Assessments and Penetration Testing.
  • Trained teams in secure development practices.
Stackforce AI infers this person is a skilled Information Security Specialist with a focus on Application Security and Risk Management.

Contact

LinkedIn

Skills

Core Skills

Information SecurityPenetration TestingApplication Security

Other Skills

Application SecApplication Security ArchitectureApplication Security AssessmentsArchitecture ReviewsAuthenticationAuthorizationBug BountyBurp SuiteDynamic Application Security TestingEthical HackingHTMLIT Security AssessmentsInformation GatheringInformation Security ManagementInjections

About

● 7+ years of experience in the domain of Information Security where I have worked in diverse environments. Graduated in Bachelor’s of Technology in Computer Science And Engineering. ● Experience in working on Application Security Assessments like Penetration Testing (PT) and Dynamic Application Security Testing (DAST) based on OWASP Top 10 project. ● Experience in working on Threat Modelling (TM) and Architecture Review (AR) based on Microsoft STRIDE methodology. ● Practicing on PortSwigger Web Security Academy for web application vulnerabilities. ● Experience in working on Third Party Risk Management based on ISO 27001 framework. ● Have internship experience in developing an ASP.NET based web application using C#, SQL, HTML, JavaScript. ● Good at understanding & adopting emerging trends & techniques, addressing industry requirements to achieve organizational objectives. ● Adept at working in high pressure environments with strict deadlines and multiple deliverables. ● Passionate to update knowledge and skills through continuous self-learning. Skills - Application Security ( Penetration Testing, Dynamic Application Security Testing, Threat Modelling, Architecture Review ), Third Party Risk Management, Risk Assessment. Tools - Burp Suite, HCL AppScan (formerly IBM AppScan ), SSL Scan / Qualys SSL labs, Microsoft Threat Modelling tool, NMap, BitSight, Hiperos, Archer eGRC & JIRA for tracking. Frameworks - OWASP Top 10, Microsoft STRIDE, ISO 27001, GDPR. You can contact me on sahil4814@yahoo.com .

Experience

Sap labs india

Product Security Specialist

Sep 2022Present · 3 yrs 6 mos

Information SecurityPenetration TestingApplication SecurityApplication Security AssessmentsSecurity Patch ManagementVulnerability Assessment+3

Hcl technologies

Senior Information Security Analyst

May 2021Sep 2022 · 1 yr 4 mos

  • ● Performed Application Security assessments like Vulnerability Assessment, Penetration
  • testing, Dynamic Application Security Testing.
  • ● Have got a chance to work in different industries like E-commerce, semiconductor &
  • infrastructure, healthcare etc.
  • ● Engaged with application/developments teams to understand functioning of applications and
  • decide the scope of security tests/controls to be reviewed.
  • ● Performed Penetration testing and Dynamic Application Security Testing (Web
  • Application, API, microservices) in line with OWASP Top 10 project with Burp Suite and
  • AppScan on Cloud. Other tools used are NMap, SSL Scan / Qualys SSL labs.
  • ● Experience in performing manual application security tests like SQL Injection, Cross Site
  • Scripting, CSRF, Privilege escalation, Authentication & Authorization, Business logic,
  • File-upload, Information gathering.
  • ● Reported the assessment results (documented findings) to client senior management,
  • development teams & stakeholders. Recommended remediation actions and worked
  • with development teams to track the findings till closure.
  • ● As part of Agile, worked with application teams to train them in secure practices while
  • development and configuration to achieve secure SDLC.
  • ● Trained new resources in performing the application security assessments.
Information SecurityPenetration TestingApplication SecurityVulnerability AssessmentOWASP

Ey

Senior Security Analyst

Feb 2020Apr 2021 · 1 yr 2 mos

  • ● Performed Application Security assessments like Penetration testing, Dynamic Application
  • Security Testing and Threat Modelling / Architecture Review.
  • ● Engaged with application/developments teams to understand functioning of applications and
  • decide the scope of security tests/controls to be reviewed.
  • ● Performed Penetration testing and Dynamic Application Security Testing (Web
  • Application, API, Chatbot) in line with OWASP Top 10 project with Burp Suite and HCL
  • AppScan. Other tools used are NMap, SSL Scan / Qualys SSL labs.
  • ● Experience in performing manual application security tests like SQL Injection, Cross Site
  • Scripting, CSRF, Privilege escalation, Authentication & Authorization, Business logic,
  • File-upload, Information gathering.
  • ● Performed Threat Modelling / Architecture Review (Web Application and the related
  • Server & Database, SAP applications, Salesforce applications) as part of Secure SDLC
  • based on Microsoft STRIDE methodology.
  • ● As part of Threat Modelling / Architecture Review, reviewed application security controls like
  • Authentication, Authorization, Data at rest and in transit encryption, Input validation, Session
  • management, Audit logging & auditing, Error handling, API security and operational controls like
  • Deployment controls, Backup, Recovery, Business Continuity Management, Vulnerability and
  • Patch Management. SAP and Salesforce security specific controls are also reviewed, when
  • required.
  • ● Created and validated Data flow diagram (DFD) using Microsoft Threat Modelling tool.
  • ● Reported the assessment results (documented findings) to client senior management,
  • development teams & stakeholders. Recommended remediation actions and worked
  • with development teams to track the findings till closure.
  • ● Trained junior resources in performing the application security assessments.

Royal bank of scotland business

Senior Security Analyst

Nov 2019Feb 2020 · 3 mos · Bangalore

Accenture

Information Security Analyst

Nov 2014Nov 2019 · 5 yrs

  • ● Performed Application Security assessments like Penetration testing & Dynamic
  • Application Security Testing and Third Party Risk Management.
  • ● Engaged with application/developments teams to understand functioning of applications and
  • decide the scope of security tests/controls to be reviewed.
  • ● Performed Penetration testing and Dynamic Application Security Testing (Web
  • Application, API, Chatbot) in line with OWASP Top 10 project with Burp Suite and HCL
  • AppScan. Other tools used are NMap, SSL Scan / Qualys SSL labs.
  • ● Experience in performing manual application security tests like SQL Injection, Cross Site
  • Scripting, CSRF, Privilege escalation, Authentication & Authorization, Business logic,
  • File-upload, Information gathering.
  • ● Performed third party risk assessments based on ISO 27001 framework to evaluate the
  • operating effectiveness of security controls.
  • ● Reviewed Information security policies, Access control, Cryptography, Mobile Device
  • Management, Vulnerability Management, Human Resource security, Supplier security, Incident
  • management, Business continuity management, Compliance and legal requirements etc. at
  • organizational level.
  • ● Reported the risk assessment results to internal senior management and service
  • providers and recommended remediation actions.

Cs soft solutions pvt. ltd.

Intern

Jan 2014May 2014 · 4 mos · Mohali , Punjab

Education

Punjab Technical University

Beant College Of Engineering And Technology ,Gurdaspur

Bachelor of Technology (B.Tech.) — Computer Science and Engineering

Jan 2010Jan 2014

Stackforce found 100+ more professionals with Information Security & Penetration Testing

Explore similar profiles based on matching skills and experience

Ashok Karki

Ashok Karki

Senior Cybersecurity Engineer

at Vairav Technology

Kathmandu, Nepal6 yrs 3 mos exp
Web Application FirewallShell Scripting
Nico Waisman

Nico Waisman

Chief Information Security Officer

at XBOW

Argentina23 yrs 11 mos exp
Riyaz Walikar

Riyaz Walikar

Co-Founder

at Kloudle

San Mateo, United States18 yrs 6 mos exp
Cloud Security
Gaurav Rawool

Gaurav Rawool

Application Security Analyst

at Indusface

Thane, India4 yrs 7 mos exp
Application SecurityCyber-security
SM

Shafaz M J

Lead Security Specialist - Vulnerability Management

at LTIMindtree (Saudi Arabia)

Bengaluru, India9 yrs 6 mos exp
Vulnerability Management
Viraj Nayak

Viraj Nayak

Security Engineer

at Flipkart

Mumbai, India5 yrs 2 mos exp
CybersecurityInformation Security
Gaurav Shet

Gaurav Shet

Principal Security Engineer

at Atlassian

Bengaluru, India17 yrs 3 mos exp
Application SecurityNetwork SecurityVulnerability Assessment
Mihir Kotak

Mihir Kotak

Senior Security Engineer

at Amazon Web Services (AWS)

Canada13 yrs 2 mos exp
Application SecurityCloud Security