Aug 2024 – Jun 2025 · 10 mos · Bengaluru, Karnataka, India · Hybrid

• Conducted Vulnerability Assessment and Penetration Testing (VAPT) on LeadSquared's core platform, identifying and mitigating security vulnerabilities to enhance platform security.
• Conducted detailed source code reviews in Java, Python, Node.js, and React.js, pinpointing over 150 critical security flaws.
• Configured and managed SonarQube for continuous code quality and security analysis, enabling automated static code analysis for early vulnerability detection.
• Worked closely with development teams to integrate security checks into the CI/CD pipeline, facilitating secure coding practices.
• DevSecOps Security Integration for Project.
• Integrated a security-focused CI/CD pipeline for a backend project built with Spring Boot and Gradle to enhance application security and automate vulnerability management.
• Responsibilities:
• ● Static Application Security Testing (SAST): Integrated SonarCloud into the CI/CD pipeline to perform static code analysis, identifying vulnerabilities and enforcing secure coding practices.
• ●Configured automated scans to trigger on every code commit, ensuring real-time feedback to developers on security issues.
• ●Software Composition Analysis (SCA): Implemented Snyk to scan for known vulnerabilities in
• third-party libraries and dependencies.
• ●Developed custom rules to align dependency management with organization standards and mitigate supply chain risks.
• ● Dynamic Application Security Testing (DAST): Set up OWASP ZAP for real-time dynamic scanning.
• ○ Configured ZAP to scan the production-like environment, providing a comprehensive report on application vulnerabilities.
• ○ Automated ZAP report generation and stored reports as artifacts in an AWS S3 bucket for further analysis. Technologies Used:
• ● Tools: Sonarqube, Snyk, OWASP ZAP
• ● Languages/Frameworks: Java, Spring Boot
• ● CI/CD: YAML pipeline with AWS CodePipeline
• ● Cloud/Infrastructure: AWS Secrets Manager, S3, EC2

Dec 2023 – Present · 2 yrs 3 mos · Bangalore Urban, Karnataka, India · Remote

Jan 2023 – Aug 2024 · 1 yr 7 mos · Bengaluru, Karnataka, India

• ○ Successfully conducted over 75 security assessments on various web,API and mobile applications.
• ○ Identified and reported 150+ security vulnerabilities, allowing for preemptive risk mitigation and enhanced security.
• ○ Ensured robust data security through Spring Security, resulting in a notable 50% reduction in data breaches.
• ○ Reduced the average remediation time for identified vulnerabilities by 30% through effective collaboration with
• development and IT teams..
• ○ Enhanced overall security posture by achieving a 88% vulnerability resolution rate in tested applications.
• ○ Conducted detailed source code reviews in Java, Python, Node.js, and React.js, pinpointing over 150 critical
• security flaws.
• ○ Fostered a security-conscious culture within the organization, resulting in a 25% decrease in security incidents and a 15% increase in security awareness among employees.
• ○ Proficiently created and optimized scripts in Python, Bash, and Perl, resulting in 30% more streamlined security systems and processes.
• ○ Utilized a diverse toolkit of commercial and open-source tools and manual testing to perform penetration testing, yielding comprehensive security assessments with a 95% average vulnerability detection rate.
• ● Cloud Security
• ○ Implemented and configured AWS WAF and Shield to protect web applications from common web exploits
• and distributed denial of service (DDoS) attacks."
• ○ Managed AWS IAM policies and roles to ensure least privilege access and enforce security best practices across the organization's cloud infrastructure."
• ○ Utilized AWS GuardDuty and Detective to continuously monitor AWS environments for security threats and anomalies, reducing incident response time by 30%

Jan 2023 – Aug 2024 · 1 yr 7 mos · Bengaluru, Karnataka, India

• Responsibilities and Achievements:
• Implemented Security Measures:
• Static Application Security Testing (SAST): Integrated SonarQube into the CI/CD pipeline, automatically scanning the codebase for vulnerabilities with each code commit. Successfully identified and remediated issues such as SQL injection and cross-site scripting (XSS) early in the development cycle.
• Dynamic Application Security Testing (DAST): Utilized OWASP ZAP and Burp Suite to conduct automated security testing on web applications before deployment. Identified and fixed vulnerabilities including SQL injection, XSS, and insecure server configurations.

Mar 2022 – Dec 2022 · 9 mos · Bengaluru, Karnataka, India

Mar 2022 – Nov 2022 · 8 mos · Mumbai, Maharashtra, India · Remote

Jan 2022 – Aug 2024 · 2 yrs 7 mos · Remote