Oct 2022 – May 2023 · 7 mos · Hong Kong SAR · On-site

• Conducted security audits and penetration testing on FDUSD cloud infrastructure.
• Designed and implemented cloud security architecture for AWS (Not Limited to AWS).
• Worked closely with product teams to design, develop, and implement security measures for products.
• Implemented security controls and measures to mitigate vulnerabilities and threats.
• Collaborated with cross-functional teams to ensure the security of the entire product and cloud ecosystem.
• Implemented cloud security monitoring and centralised logging solutions using AWS CloudTrail, Cloud watch.

Jan 2022 – Jul 2022 · 6 mos

• Conducted security reviews of Crypto.com's applications Including Mobile application, Exchange, NFT,
• Tax ,Non-custodial NFT, Non-custodial wallet and Dapps.
• Building security-focused features into existing web and mobile applications.
• Supported Crypto.com’s PCI/DSS , ISO 270001, GDPR and other internal compliance auditing.
• Member of Crypto.com's Security Incident Response Team. Responded to security incidents, coordinated security fixes across engineering disciplines conducted incident log analyses, held joint root cause investigation meetings, and managed action item follow-ups.
• First line defence of monitoring and managing Crypto.com's HackerOne bug bounty program from day one and contributor to Crypto.com's bug bounty program, managing lifecycle of vulnerability reports.
• First line defence of monitoring and managing Crypto.com's HackerOne bug bounty program from day one and contributor to Crypto.com's bug bounty program, managing lifecycle of vulnerability reports.
• Led redevelopment of a bug bounty program to attack more top-tier hackers, including developing H1
• API/Slack integration, implementing new communication SLAs.
• Managed HackerOne vulnerability report life cycle, including shipping security fixes for triaged reports
• where applicable.
• Led continued improvements to Crypto.com's bug bounty program, including migrating from CWE to
• CVSS bounty payments, developed an open-source bounty calculator for objective/reliable bounty
• payments, negotiated Crypto.com/HackerOne service agreement renewal.
• Mentor Crypto.com's engineers via internal security awareness programs.

Apr 2018 – Jan 2022 · 3 yrs 9 mos

Jul 2017 – Mar 2018 · 8 mos · Hong Kong

• Engaged in Penetration Testing, Vulnerability Assessment, Web Application Security (OWASP, WASC),
• Network Traffic Analysis and Anti-Malware Operations.
• Performing real-time monitoring, investigation, analysis, reporting and escalations of security events from
• multiple sources including Network intrusion detection, Firewall logs, Proxy Logs, System logs applications
• and databases with the help of Splunk.
• Investigate and identify events, qualify potential security breaches, raise security incident alerts and perform technical & management escalation.
• Investigate Malicious, Phishing and SPAM email manually and the help of Iron port.

Aug 2016 – May 2017 · 9 mos · Macao

• Executed advanced scenario-based red team assessments designed to evaluate the organization’s ability to prevent, detect, and respond to sophisticated adversaries.
• Conducted manual security assessments web applications, perimeter networks, and internal networks.
• Identified critical vulnerabilities and developed proof-of-concept exploits that allowed the business to
• understand the risk, resulting in speedy remediation.
• Research and simulation of generic applications on the Test Bed to safely execute various attack scenarios
• before attempting tests on live systems execute various attack scenarios before attempting tests on live
• systems.

Nov 2014 – May 2016 · 1 yr 6 mos · Bengaluru Area, India

• Conducted technical security assessments with penetration testing of business applications (OWASP, WASC, OSSTMM), technology infrastructures, perimeters, mobility solutions, configuration review and source code audits for global clients across a wide range of industry verticals.
• Provided remediation consulting service to client’s risk treatment plans on security issues identified during adoption of new technology, internal & external assessment findings, security incidents investigation and regulatory updates by collaborating with developers, business, and system owners.
• Hardening of devices including Switches, Routers, Firewalls, Operating Systems and Databases based
• on standards such as CIS benchmark.
• Delivered specialized training for the team mates on Network Security and Application security using various tools as well as the manual penetration testing. Delivered information security awareness sessions covering both the process and system component security.
• Manual Infrastructure and Web application Penetration Testing experience beyond running automated tools.
• Performing investigation, analysis, reporting and escalations of security events from multiple sources including events like intrusion detection, Firewall logs, Proxy Logs, Web servers.

Jul 2014 – Oct 2014 · 3 mos · Pune Area, India

• Monitored the malicious domains and DNS blocking them appropriately and analyze network
• behavior including host, domains and IP address.
• Conduct advanced penetration testing and security audits for applications, databases, systems, and
• perimeter networks for various business units across the organization.
• Created the knowledge base with all the observations & findings which will act as a central technical repository that can be referred for use by the various wings of the organization.

Sep 2013 – Jun 2014 · 9 mos · Bengaluru Area, India

• Working both as an in-charge of research and development, have acquired an extensive knowledge and skill-set in this domain. Also have learned and honed valuable collaboration and team management skills that have allowed myself to manage and work constructively and innovatively in group-based environments.
• Key Responsibilities:
• Developed the web application vulnerability testing program to test security and privacy posture of web applications and managed process activities with industry service to identify vulnerability and privacy issues and solutions through automated and ethical hack tests.
• Evaluate tools for operating systems, database management systems, and network security testing as well as data analysis, incident tracking, and reporting.
• Manage processes and act in the lead role for computer security incident response team. Perform and create procedures for system security audits and PC audits, and vulnerability assessments.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Conduct network vulnerability assessments using tools to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures, Monitored events responded to incidents and reported findings.
• Monitor the security of critical systems and changes to highly sensitive computer security controls to ensure appropriate system administrative actions, investigate and report on noted irregularities.
• Developed, implemented, and documented formal security programs and policies.
• Performed security research, analysis and design for all client computing systems and the network infrastructure.