Dec 2023 – May 2025 · 1 yr 5 mos · Coimbatore, Tamil Nadu, India · Hybrid

• ● Leading vulnerability management & SCA teams, responsible for ensuring the product is free from security risks associated with the software supply chain, and end-of-life components, reviewing user stories, and ensuring security controls are implemented in them.
• ● Automate the end to end vulnerability management process via Jenkins pipelines such that vulnerability scan/component upgrade recommendations can be generated ondemand with minimum effort.
• ● Evaluating compliance of new as well as existing components (images/libraries/binaries etc) being added to the product. Compliance evaluation also includes generating SBOMs(maven, CycloneDX), and evaluating their vulnerability posture, operational risk, and license compatibility with the product.
• ● Hands-on experience with Docker and Kubernetes (K8s & K3s) from both security and developer perspectives.
• ● Responsible for conducting compliance scans (CIS) of OVAs, and Kubernetes clusters using various tools including Rapid7, trivy, kubebench, Nessus, CISCAT, etc.
• ● Triaging critical supply chain vulnerabilities such as the xz supply chain incident (2024), leaked access tokens from Python, PyPI’s (2024).

Sep 2022 – Dec 2023 · 1 yr 3 mos

• ● Proficient in engaging with clients to propose and execute penetration testing assessments, involving the preparation of proposal decks/RFPs, effort estimation, resource allocation, and scoping.
• ● Served as a Subject Matter Expert, providing guidance and support to the penetration testing team, ensuring Quality Assurance for application security assessments.
• ● Collaborated with stakeholders across diverse sectors, including Life Sciences, Manufacturing, Banking, Insurance, etc., spanning regions such as APAC, EMEIA, and the Americas.
• ● Led blockchain security assessments and audits for public, private, and proprietary blockchain platforms.
• ● Spearheaded the identification of automation opportunities, guiding the development team in implementing identified automation scenarios.
• ● Utilized Azure serverless functions to fulfill on-demand user requirements related to various aspects of penetration testing.
• ● Conducted in-house training sessions on penetration testing and blockchain security assessments, contributing to the development and mentoring of new talent.

Jun 2018 – Aug 2022 · 4 yrs 2 mos

• ● Conducted penetration testing for a range of web applications, encompassing Single Sign-On (SSO) and Kerberos integrated apps, API's, thick clients (including Electron JS applications), network assessments (internal and external), SAP applications, Salesforce, and iOS applications.
• ● Generated comprehensive penetration testing reports.
• ● Engaged actively in online security platforms, notably Hack The Box (HTB).
• ● Developed internal automations, including scripts and GUIs, to streamline various activities related to penetration testing.
• ● Conducted extensive research on performing blockchain security assessments using a combination of open-source and proprietary tools

Dec 2017 – Apr 2018 · 4 mos · Thiruvananthapuram, Kerala, India

• ● Engineered a Proof of Concept (POC) for a decentralized power grid utilizing Hyperledger Fabric. The project drew inspiration from the innovative solutions presented at https://www.brooklyn.energy.

Jan 2018 – Jan 2019 · 1 yr · India

• ● Contributed as a member of the victorious team during the IIT Delhi Open Innovation Blockchain Hackathon organized by Best of Block Inc (http://mdniche.in/viewClipping/234269ce-7d99-4a04-865d-1a520988d59f).

Aug 2017 – Dec 2017 · 4 mos · Techno park Trivandram

• ● Created a Proof of Concept (POC) for smart locks that were governed by smart contracts deployed on the Ethereum blockchain, drawing inspiration from the insights shared on https://blog.slock.it/.