Jyoti B.

Consultant

Bengaluru, Karnataka, India15 yrs 10 mos experience

Highly Stable

Key Highlights

Over 8 years of expertise in cybersecurity.
Led a 10-member team in vulnerability assessments.
Specialized in OWASP-compliant web application security.

Stackforce AI infers this person is a Cybersecurity expert specializing in vulnerability assessments and penetration testing.

Contact

Skills

Core Skills

Vulnerability Assessment And Penetration Testing (vapt)Web Application SecurityWeb Application Penetration TestingNetwork Infra Penetration TestingInformation Security Risk Assessment

Other Skills

API TestingActive DirectoryActive Directory AttacksActive Information GatheringApplication SecurityArc Sight ESMBuffer Overflow ExploitsBurp SuiteClient Side AttacksComputer Forensic InvestigationComputer HardwareDFSDatabase AdministrationEnumerationEthical Hacking

About

With over 8 years of expertise in cybersecurity, I currently serve as Senior Security Lead Consultant at NuSummit, specializing in Vulnerability Assessment and Penetration Testing (VAPT) across web applications, APIs, and network infrastructures. My role involves leading a 10-member team, conducting black-box assessments, and implementing effective methodologies to uncover and mitigate vulnerabilities. Using tools like Nessus and Kali Linux, our team ensures robust security measures for diverse client environments. Committed to advancing secure systems, I collaborate with stakeholders to deliver actionable insights and risk-aligned remediations. My proficiency includes web application security following OWASP guidelines and API testing to identify critical flaws, ensuring compliance and resilience. Focused on fostering secure digital ecosystems, I aim to empower organizations with comprehensive security strategies tailored to their needs.

Experience

Nusummit

Senior Security Lead Consultant

Jul 2023 – Present · 2 yrs 8 mos · Bengaluru, Karnataka, India · Remote

Conducting Vulnerability Assessment & Penetration Testing of Web Applications, networking devices, thick client, Mobile Android & API using manual techniques and automated tools.
Providing recommendations for mitigating found vulnerabilities, perform different types of security testing, and creating testing methodologies and questionnaire documents before Penetration Testing.
Leading a 10-member VAPT Security Team, develop Black Box Security test environments, and exploit vulnerabilities while performing secondary exploitation.
Preparing and submitting comprehensive reports, engage Nessus and retina scans, and eliminate critical and high vulnerabilities.
Conducting Application walkthroughs, analyzing reports scanned by web application scanning tools, and perform Web Application Penetration Testing following OWASP guidelines.
Discovering Live IPs, demonstrating extensive knowledge of HTTP Methods and status codes, and utilize Kali Linux for security assessments.
Analyzing automated scanner reports, create POC exploits, and handle vulnerability reported by external security researchers.
Front facing to handle vulnerability reported by external security researcher from end-to-end life cycle, and utilize various automated tools like Netsparker Enterprise & Standard, Burp Suite Professional, Tenable Nessus Security Center & WAS, and IBM Appscan Standard.
Perform Vulnerability Scan and Web Application Scan using Tenable Nessus Security Center, deploy tenable virtual scanners in cloud and on premises, and configure the scanners for accurate scans.
Check if any Zero-day exploit test exists or reported during the client engagements.
Utilize various active directory penetration testing tools and actively participate in the Technical Interview Panel.
Allocate appropriate work & resource allocation to team members as per the skill & availability.
Technical lead for thick client penetration testing practice.

Vulnerability Assessment and Penetration Testing (VAPT)Web Application SecurityAPI TestingKali LinuxNessusBurp Suite

Ericsson

Specialist Security Analyst

Feb 2020 – Jul 2023 · 3 yrs 5 mos · Bengaluru, Karnataka

Perform Network Infra, Web Application Penetration testing, thick client and cloud assessments Security tests using various automatic tools.
Web Application Penetration Testing of different type of Clients by following OWASP guidelines and expertise in different type of web application security auditing tools like Burp Suite.
Thick client, cloud & network VAPT.
Discover Live IPs within the organization & perform vulnerability assessment
Having good knowledge in HTTP Methods and HTTP status code.
Extensive use of Kali Linux to assess the security of developed applications.
Analyzing the automated scanner’s report to avoid “False Positive” Vulnerabilities.
Creating POC exploit for observed vulnerability.
Follow up with stakeholders on remediation plan
Handling Source Code Review security assessments using Microfocus Fortify.
Front facing to handle vulnerability reported by external security researcher from end to end life cycle.
Well worse using various automated tools like Netsparker Enterprise & Standard, Burp Suite Professional, Tenable Nessus Security Center & WAS, IBM Appscan Standard etc.
Perform Vulnerability Scan and Web Application Scan using Tenable Nessus Security Center (SC)
Deploying the Tenable Nessus virtual scanners in cloud and on premises
Configuring the scanners and ensure they communicate with Tenable cloud
Setting up service accounts to perform authenticated scans.
Work on Microsoft Defender for Endpoint for identifying advanced threats if any in the enterprise network in coordination with relevant teams.
Testing the service account to ensure the scans are accurate
Perform Static Application Security Testing using various tools.

Network Infra Penetration TestingWeb Application Penetration TestingKali LinuxBurp SuiteTenable Nessus

Happiest minds technologies

Senior Engineer

Jul 2015 – Feb 2020 · 4 yrs 7 mos · Bangalore

Discover Live IPs within the organization
Perform Network Infra, and Web Application Penetration and Security tests using various automatic tools.
Web Application Penetration Testing of different type of Clients by following OWASP guidelines and expertise in different type of web application security auditing tools like Burp Suite.
Having good knowledge in HTTP Methods and HTTP status code.
Preparing report for the application security testing.
Extensive use of Kali Linux to assess the security of developed applications.
Analyzing the automated scanner’s report to avoid “False Positive” Vulnerabilities.
Creating POC exploit for observed vulnerability.
Well demonstrated knowledge of implementation of in premises of endpoint security tool Carbon Black(Bit9).
Create rules, dashboard, policies and all other informational content based on use cases in Carbon Black(Bit9) servers.
Perform performance maintenance and troubleshooting of Carbon Black(Bit9) endpoint server.
Perform all administration, management, configuration, testing, and integration tasks related to the Client Novell Sentinel (SIEM) & McAfee Nitro system focusing primarily on content development, reporting, and metrics.
Monitor Client events for malicious traffic and monitor alerts which are triggered for the client
Follow-up with the SOC Analyst for open tickets and follow-up with vendors for open issues.
Monitor dashboards of SIEM as well Security Devices to keep track of security incidents.
Ensuring health of SIEM ESM, Collectors and Connectors.
Integration of new event sources, collector managers with SIEM Solution
Create rules, filters, dashboard, queries, trends and all other informational content based on use cases
Develop, implement, maintain and execute standard content development practices for the Client Novell Sentinel system infrastructure.
Fine tune Novell Sentinel(SIEM) Solution to reduce false alerts, improve the performance.

Network Infra Penetration TestingWeb Application Penetration TestingKali LinuxBurp Suite

Tesco hsc

Team Lead- Information Security

Apr 2014 – Jun 2015 · 1 yr 2 mos · Bengaluru Area, India

Conduct the information security risk assessment program.
Coordinate with technical teams on the information security incidents.
Provide periodic reporting on information security issues.
Computer Forensic Investigation and other technical system related investigation.
And provide a consistent, standardized and repeatable method for the response to security alerts generated by DLP (Websense) solution.
Coordinate with the colleagues when alert is of HIGH Severity and understand the intension behind the act and recover the data. Steps mentioned below if alerted.
Extract alerts on weekly basis from Websense DLP tool.
Analyze alerts generated by the Websense DLP program.
Review BU SPOC response on the severity of the alert generated.
Fine tuning the Websense DLP Rules if the alert is false positive.
Notify Information Security Team for investigation.
Receive investigation results from Information Security Team.
Knowledge of Arc Sight ESM, logger, connector appliances.
Follow detailed operational process and procedures to appropriately analyze, escalate, and assist in remediation of critical information security incidents.
Experience with developing use cases, analyzing security event data, creating filters, event correlation and tuning Arc Sight SIEM.
Identify vulnerabilities, recommend corrective measures and ensure the adequacy of existing information security controls.