Jun 2023 – Aug 2024 · 1 yr 2 mos

• As a Manager in Deloitte’s Cyber Risk Advisory practice, I led security initiatives for
• multiple clients across technical and managerial domains.
• Technical
• Defined and optimized Secure Architecture Review processes, identifying
• opportunities for automation.
• Developed API security standards to improve consistency and coverage across
• services.
• Created and maintained Threat Modeling standards; integrated tooling into CI/CD
• pipelines.
• Performed SAST, DAST, and SCA to detect and address application security issues.
• Conducted penetration testing of applications, networks, and infrastructure to
• uncover vulnerabilities
• Managerial
• Oversaw quality assurance processes to ensure accuracy and completeness of
• deliverables.
• Led project teams, handled resource planning, risk tracking, and progress reporting.
• Managed project budgets and ensured alignment with delivery goals.

May 2021 – Jun 2023 · 2 yrs 1 mo

• Advising clients to secure their applications and infrastructure through the following:
• Secure by design implementations
• Application Security Program maturity assessments
• Threat Modeling
• SAST/DAST
• Software Composition Analysis
• Vulnerability Assessment
• Penetration testing

Mar 2020 – Mar 2021 · 1 yr · Gurugram, Haryana, India

• As a Product Security Champion, I led a team of analysts to help product teams by:
• Driving product security awareness and training initiatives across engineering teams.
• Facilitating threat modeling sessions to identify design-stage risks and recommend
• mitigations.
• Executing regular SAST and DAST scans to uncover and resolve security issues.
• Performing SCA to assess risks from third-party libraries and dependencies.
• Auditing OS-level configurations against CIS benchmarks and recommending
• improvements.
• Scanning and reviewing OS images to ensure security readiness prior to
• deployment.

Dec 2017 – Feb 2020 · 2 yrs 2 mos · Gurgaon, Haryana, India

• I contributed to application security initiatives by:
• Performing manual and automated security testing to identify vulnerabilities and recommend mitigations.
• Driving process improvements and developing proof-of-concept solutions to enhance testing capabilities and delivery quality.

Apr 2016 – Dec 2017 · 1 yr 8 mos · Gurgaon, India

• I provided Application and Infrastructure Security services for multiple clients by:
• Conducting end-to-end Application Security assessments, including architecture reviews, configuration hardening, and both manual and automated testing.
• Performing penetration tests on external-facing applications and APIs to identify potential attack vectors.
• Leading vulnerability assessments of network infrastructure and supporting timely remediation efforts.
• Evaluating and enhancing vulnerability management processes based on existing tooling and practices.
• Testing newly deployed applications to uncover and address critical security weaknesses before go-live.

Apr 2015 – Apr 2016 · 1 yr · Gurgaon

• I supported multiple clients by:
• Conducting comprehensive application security assessments, including architecture reviews, configuration audits, and manual/automated testing.
• Leading network vulnerability assessments and coordinating with stakeholders to ensure timely remediation

Mar 2014 – Apr 2015 · 1 yr 1 mo · Gurugram, Haryana, India

• Key responsibilities included:
• Designing, implementing, and maintaining the vulnerability management solution to improve risk visibility.
• Performing vulnerability scans, managing dashboards, and coordinating remediation with asset owners.
• Hardening systems to ensure they met security requirements prior to production deployment.

Aug 2012 – Mar 2014 · 1 yr 7 mos · Greater Delhi Area

• Key responsibilities included:
• Delivering cybersecurity and digital forensics training to government agencies to enhance cybercrime response capabilities.
• Conducting security audits of internal networks and applications to identify and address security gaps.