Jan 2023 – Present · 3 yrs 2 mos · Bengaluru, Karnataka, India · On-site

Nov 2021 – Jan 2023 · 1 yr 2 mos · Bengaluru, Karnataka, India

• My responsibility as a BISO for Cleartrip I am responsible to lead the entire security charter for the company.
• Here are few functional areas I lead as a BISO :
• Drive strategic security programs to enhance the security maturity across the organisation. Conduct periodic information security council meetings in the respective business units involving senior leadership and other relevant stakeholders.
• Develop an in-depth understanding of business processes, systems, technologies, data, customers, and vendor partners.
• Design, implement and sustain the Information Security Policies and Standards across Cleartrip
• Act as the primary security contact/ adviser for the business, leadership, engineering, product, IT, HR, Finance, and Legal.
• Partner with compliance, legal and other stakeholders to achieve the objectives of the information security program and be compliant with required regulatory and statutory requirements.
• Own and oversee cyber security program implementation required to meet business objectives.
• Proactively identify information security non-compliance and areas of potential improvement, and facilitate the development and deployment of remediation solutions.

Jul 2021 – Jan 2023 · 1 yr 6 mos

• Taking care of Flipkart production security consisting of 300+ internet facing assets, hybrid cloud infra, secure CI-CD, and anything and everything touching flipkart online customers.
• I also play the head of security role for Flipkart acquired Cleartrip. Drafting, executing and spearheading the strategic security projects for the organisation.

Jul 2018 – Jun 2021 · 2 yrs 11 mos

• At Flipkart, I have been the founding member of the nascent AppSec team and has helped it grow and cater to the growing complexity of micro-services / applications.
• Over the years, I have introduced several working streams inside the team to further strengthen the security practices and offerings for the rest of the developer community within the Org. I have spearheaded the effort to move the security awareness in the org, through various evangelization initiatives like Braindead - Capture The Flag events as well as Secure Coding best practices, developer training sessions.
• Ideated several red-team tooling which has strengthened the attack arsenal engine responsible to detect any security anomalies in Flipkart's internet facing endpoints.
• Mentored my team in developing and open-sourcing security toolkits (Astra, Red Team Arsenal - RTA, WatchDog, and Kurukshetra) which have received very good uptake in the open-source / security community.

Jul 2017 – Jul 2018 · 1 yr

Jan 2016 – Jul 2017 · 1 yr 6 mos

May 2014 – Jan 2016 · 1 yr 8 mos

• Web application Security, Vulnerability Assessments, Penetration Testing, Designing Attack Monitoring Solutions, ElasticSearch Logstash kibana (ELK), threat modeling.

Oct 2013 – Apr 2014 · 6 mos · Bangalore

• Was leading PayPal's public bug bounty project consisting of all PayPal's internet facing endpoints and it's of subsidiaries. Handled internal security assessment projects and penetration testing efforts. Conducted several developer training session on secure code and Secure SDLC practices.
• Delivered a training session at GraceHopper 2014 Bangalore on "Hacking Demystified" which touched upon real-world attack scenarios and underground dark web information trading techniques.
• Also delivered a technical presentation at Confidence 2014 Poland, on a research topic related to WordPress Security.

Jan 2013 – Oct 2013 · 9 mos · Bangalore

• Was part of the core security team at PWC-SDC India, handling security projects for SDC clients.
• Also conducted security training sessions for developers on secure code, wireless security, mobile pentesting and secure SDLC.

Jan 2012 – Nov 2012 · 10 mos · Bangalore

Oct 2010 – Dec 2011 · 1 yr 2 mos · Bangalore

• Was part of the Microland's Red-team which carried out multiple security red-team projects across the globe. Was responsible to carry out pen-testing projects related to network,web-applications, mobile-apps and wireless networks. Handled client engagement for many offshore and onshore projects from the very initial stage of requirements gathering to end execution of projects.
• Designed and implemented a network of Intrusion Detection Systems and reporting utilities.