Krishna Raja

Product Engineer

Bengaluru, Karnataka, India9 yrs 8 mos experience

Most Likely To SwitchHighly Stable

Key Highlights

Expert in application security and vulnerability assessment.
Proficient in Python and Bash scripting for automation.
Strong experience with security tools like Kali Linux and Metasploit.

Stackforce AI infers this person is a Cybersecurity professional with expertise in application security and vulnerability management.

Contact

Skills

Core Skills

Application SecurityPenetration TestingVulnerability AssessmentSystem Administration

Other Skills

API Security TestingApplication Security TestingBashBurp Suite ProCyber-securityDynamic Application Security TestingEthical HackingFirewallsIBM AppscanKali LinuxLinux AdministrationLinux System AdministrationMetasploitNetwork SecurityPython

About

Cybersecurity professional with a strong interest in ethical hacking, penetration testing, vulnerability analysis, and network security. Hard-working, energetic, personable, and technical-minded individual. Possess exceptional customer service and communication skills with a strong ability to multitask and resolve issues quickly. Currently in a cybersecurity role where I continue to develop and learn new abilities while contributing to the overall success of the organization. I also possess: ● Experience in scripting languages including Python and Bash ● Excellent task management. Ability to handle multiple projects simultaneously ● Experience with security toolkits such as Kali Linux, Metasploit, and Burp Suite Pro. ● Proficient in translating information from technical to executive/management terminology

Experience

Raisin

Product Security Engineer

Feb 2022 – Present · 4 yrs 1 mo · Berlin, Germany · On-site

Defining application security guidelines and standards for developer teams, and embed those
standards within the development lifecycle (SSDLC)
Implement threat modelling and design review for every new features
Engage with product leads and developers to conduct security reviews and define security requirements
Implement new security tools for SAST/SCA and IaC scans in the CI/CD pipeline
Implement security dashboard(Defect Dojo) for establishing metrics and tracking the vulnerabilities from all sources
Continuously monitor the security tools (DAST, OffSec tools) running in the production for security vulnerabilities
Helping engineering teams to mitigate the vulnerability as soon as possible based on the severity
Reviewing the security of micro-services through vulnerability assessment and penetration testing
Engaging with 3rd party for penetrating testing activities which is needed for audit purpose
Automating the stuff (Integration, Security test cases, etc) with python
Mentor and train the development team following the shift-left approach through Security
Champion program
Collaborating with DevOps and SRE team whenever the support is required for implementing certain security tools

Application SecurityThreat ModellingSecurity ToolsVulnerability AssessmentPenetration TestingPython

Visa

Cyber Security Engineer (AppSec)

Sep 2021 – Jan 2022 · 4 mos · Bengaluru, Karnataka, India

Participate in every stage of feature development from design and brainstorming through feature implementation
Perform threat modelling and identify the issue in the early stage of SDLC
Perform code reviews, use SAST for Static Code Analysis and fix all security issues

Threat ModellingStatic Code AnalysisSASTApplication Security

Micro focus

Product Security Engineer

Jun 2019 – Oct 2021 · 2 yrs 4 mos · Bangalore

SME in Fortify on Demand(FoD).
Conducted DAST and manual application security assessments for numerous organisation.
Work closely with the product development team to help with the Application Security Testing
including Static and Dynamic Code scans (SAST/DAST/)
Extensive experience in Top 10 OWASP methodology
Conduct API and Web service security testing
Engage with developers to provide remediation support.
Demonstrate security testing process and skills to internal team and train.

Application Security TestingStatic Code AnalysisDynamic Application Security TestingAPI Security TestingApplication Security

Microgenesis techsoft pvt. ltd.

Application Security Engineer

Aug 2017 – May 2019 · 1 yr 9 mos · Bengaluru, Karnataka, India

Perform external, internal, SAST, DAST, mobile, and cloud security assessments on
Fortune 500 companies
Utilize platforms and tools such as Kali Linux, Metasploit Framework, Burp Suite Pro, and IBM
Appscan, HP WebInspect.
Interact with clients on high and technical levels to discuss findings and resolutions.
Involved in internal team tool and script development, utilizing Bash and Python.
Work with development teams to own design and implementation of security-related components and services.
Develop training materials for developers and specific security technology training
Experience in implementing security within a DevOps/CI/CD environment
Experience of having worked with GitHub, Jenkins

Security AssessmentsKali LinuxMetasploitBurp Suite ProApplication Security

Eastern shepherd international

Cyber Security Intern

Apr 2017 – Jul 2017 · 3 mos · Chennai, Tamil Nadu, India

Miramed ajuba - a global services company

System Administrator

Jan 2016 – Apr 2017 · 1 yr 3 mos · Chennai Area, India

Assessed system problems with the network, software, or hardware components by running
diagnostics, trying solutions, and upgrading devices when necessary.
Perform server administration tasks, including user/group administration, security
permissions, group policies, print services, research event log warnings and errors, and
resource monitoring, ensuring system architecture components work together seamlessly.
Performed as a Linux system administrator (Red Hat/CentOS) for an internal classified system
providing Nessus vulnerability scans and patching.
Build and configure new servers and services.
Linux and Windows: install, configure, and update packages/applications.

System AdministrationNetwork SecurityLinux Administration