Vikas Pal

DevOps Engineer

Bengaluru, Karnataka, India11 yrs 9 mos experience

Most Likely To SwitchHighly Stable

Key Highlights

Over 11 years of experience in application security.
Expert in vulnerability assessments and penetration testing.
Certified in multiple security domains, including AWS and eWPT.

Stackforce AI infers this person is a seasoned Application Security Analyst specializing in vulnerability management and secure software development.

Contact

vickypal88@gmail.com LinkedIn

Skills

Core Skills

Application SecurityVulnerability Assessment

Other Skills

ASP.NETAmazon Web Services (AWS)Analytical SkillsAppScanApplication Penetration TestingApplication Security TestingAssessment MethodologiesAutomation Script WritingBurp SuiteBypass Advanced XSSCC++CheckmarxCloud SecurityCode Review

About

As a Lead Application Security Analyst at Algonomy, I bring over 11 years of experience in identifying and mitigating security vulnerabilities across web, API, and mobile applications. My work focuses on performing detailed vulnerability assessments, penetration testing, and secure code reviews, Threat Modeling leveraging both manual techniques and advanced tools. I actively contribute to integrating security into the software development lifecycle, ensuring robust application security measures are in place. Previously, at First American and Synopsys Inc., I provided impactful solutions to enhance security postures by conducting threat modeling, dynamic and static application testing, and manual secure code reviews. My certifications, including eWPTxv2, eJPT, AWS Cloud Practitioner, and ICCA, highlight my commitment to staying at the forefront of security practices. Dedicated to fostering resilient applications, I aim to empower teams with the tools and knowledge to address evolving security challenges effectively.

Experience

Algonomy

Lead Application Security Analyst

Dec 2021 – Present · 4 yrs 3 mos · Bengaluru, Karnataka, India

➤ Identifying security vulnerabilities in source code using manual static analysis tools and techniques.
➤ Conducting vulnerability assessments, and penetration testing using tools and as well as manual to evaluate attack vectors, identifying Application/System vulnerabilities.
➤ Assisting in preparation of plans to review software components through source code review or application security review.
➤ Providing support to the application development process group and the SDLC processes related to identifying security vulnerabilities within the application development process.

SecurityVulnerability AssessmentPenetration TestingSecure Code ReviewThreat ModelingApplication Security

First american

Principal Analyst

Jun 2020 – Dec 2021 · 1 yr 6 mos · Bengaluru, Karnataka, India

➤ Identified security vulnerabilities in source code using manual static analysis tools and techniques; executing threat modeling of different types of applications and networks.
➤ Conducted vulnerability assessments and penetration testing using tools as well as manual to evaluate attack vectors and identified Application/System vulnerabilities.
➤ Provided appropriate remediation plans for mitigation of the identified vulnerabilities.
➤ Performed security reviews of application designs, source code, and deployments as required, covering all types of applications like web applications, web services, mobile applications, etc.
➤ Assisted in preparation of plans to review software components through source code review or application security review.
➤ Provided support to the application development process group and the SDLC processes related to identify security vulnerabilities within the application development process.

Threat ModelingVulnerability AssessmentPenetration TestingSecure Code ReviewApplication Security

Synopsys inc

Security Consultant

Jan 2019 – Jun 2020 · 1 yr 5 mos · Bengaluru, Karnataka, India

➤ Performed manual secure code review for multiple programming languages.
➤ Carried out periodically system and application VAPT (vulnerability assessment and penetration testing) using a manual approach.
➤ Managed multiple teams and performed automation script writing.
➤ Conducted Dynamic, Static, Mobile and Manual Application Security Testing using Netsparker, IBM Appscan, BurpSuite Professional, Acunetix, Coverity, Blackduck.
➤ Focused on penetration testing of both internal and external networks as per standards.
➤ Monitored security vulnerability reports for applications and databases and worked extensively with the development teams for the implementation of mitigating controls.
➤ Collaborated with development teams to prioritize and remediate vulnerabilities throughout the software development lifecycle and to improve security program.

Manual Secure Code ReviewVulnerability AssessmentPenetration TestingDynamic Application Security TestingStatic Application Security TestingApplication Security

Loginsoft

Senior Security Analyst

Nov 2016 – Dec 2018 · 2 yrs 1 mo · Hyderabad, Telangana, India

➤ Monitored open-source repositories like GitHub to identify the vulnerabilities in open-source components.
➤ Completed application penetration testing, vulnerability assessments, source code review, identified threats, and developed test cases to target identified threats.

Application Penetration TestingVulnerability AssessmentSource Code ReviewApplication Security

Center for development of advanced computing

Project Engineer

May 2014 – Oct 2016 · 2 yrs 5 mos · Hyderabad, Telangana, India

➤ Completed application penetration testing, vulnerability assessments, and source code review; identified threats, and developed test cases to target identified threats.
➤ Managed web application development; administered training and workshops.

Application Penetration TestingVulnerability AssessmentSource Code ReviewApplication Security