Jan 2022 – Dec 2023 · 1 yr 11 mos · Bangalore Urban, Karnataka, India

• Roles And Responsibilities:
• Conducted Red Team Operations in cloud environments (AWS, Azure).
• Bypassed Defensives in Cloud Environment e.g. Guarduty, CloudTrail etc.
• AV and EDR evasions
• Map TTPs executed with MITRE Attack Framework using Vectr tool
• Created RED and PURPLE team Infrastructure on cloud and on premises. Like AD environment Lab, C2 servers, Attacking machines etc.
• Actively involved in External/Assume Breach Scenarios of multiple Red Teaming engagements.
• Developed meaningful executive and operational metrics for the Offensive Security program.
• Configured Red Team Infrastructure Setup
• Scaled Red Team Operations from 1- 100%.
• Initiated and Scaled Security Awareness Program from 1 – 100%
• Lead the iOS Security Assessment in Meesho.
• Performed deep architecture and security reviews on highly complex products to identify vulnerabilities.
• Map attack surfaces, assess threats, and prioritize issues across Meesho.
• Worked closely with internal stakeholders to identify, research, analyze, provide resolution, and fix complex vulnerability issues.
• Identified vulnerabilities that can be used as a part of operational objectives and improve our adversary emulation accuracy.
• Conducted Purple Team exercise to strengthen Blue Team resilience.

Feb 2021 – Dec 2021 · 10 mos · Bangalore Urban, Karnataka, India

• Role And Responsibilities:
• Developed meaningful executive and operational metrics for the Offensive Security program.
• Scaled Red Team Operations from 1- 100%.
• Performed deep architecture and security reviews on highly complex products to identify vulnerabilities.
• Map attack surfaces, assess threats, and prioritize issues across FICO.
• Worked closely with internal stakeholders to identify, research, analyze, provide resolution, and fix complex vulnerability issues.
• Identified vulnerabilities that can be used as a part of operational objectives and improve our adversary emulation accuracy
• Conducted Tabletop exercise to strengthen Blue Team resilience.
• Conducted Phishing scenarios to aid FICO’s security awareness program.
• Conducted Threat Hunts in FICO’s SIEM system.

Oct 2020 – Feb 2021 · 4 mos

• Roles and Responsibilities:
• Perform network penetration, web and mobile application testing, source code reviews,wireless
• network assessments, and social-engineering assessments
• Technical Assessments (Vulnerability Assessment & Penetration Testing of Web, Mobile, API,
• Network, Infrastructure)
• Vulnerability Management
• Integrating security process into CI/CD pipeline.
• Provide appropriate knowledge transfer to off-shore testers to assist in testing efforts Review all
• applicable threats, discover vulnerabilities and collaborate with remediation treatment owners to
• remediate identified vulnerabilities
• Due diligence (Both customers and suppliers)
• BAU (Cyber Security) Activities
• Liaison with Vendors (Defining scope, reports review)
• Implementing, running and maintaining tools and/or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, PenTesting, Security Unit Testing, etc.)
• Cyber Security Awareness programme: Conducting mandatory training on security process and risksvia security training program, which is being rolled out company wide. Made employees aware by conducting interactive programs. Providing guidelines on security best practices.
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences
• Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
• Recognize and safely utilize attacker tools, tactics, and procedures
• Assist with scoping prospective engagements, leading engagements from kickoff through
• remediation, and mentoring less experienced staff
• Tools Used : Qualysguard, Nessus, Acunetix, Burp Suite (Pro), OWASP ZAP, Burp Suite, Nmap, TestSSLServer, DirBuster,SQLMap, Mobsf, Dex2jar, APKTool,Postman,Gophish,Passionfruit,Appie Framework, Metasploit

Apr 2019 – Sep 2020 · 1 yr 5 mos

• Roles and Responsibilities:
• Technical Assessments (Vulnerability Assessment & Penetration Testing of Web, Mobile, API, Network, Infrastructure)
• Vulnerability Management
• BAU (Cyber Security) Activities
• Baseline Standards (Creation and Auditing)
• Liaison with Vendors (Defining scope, reports review)
• Managed Security Services (Client Site Project Management)
• Follow industry best practice, PCI recommended methodologies for penetration testing and be able to use tools for a basis level assessment.
• Perform penetration testing on internal application, cloud environments (Azure,AWS,Oracle) and internal environments.
• Collaborate with IT/Cloud Engineering team to ensure appropriate hardening of internal and cloud environments.
• Document findings for management and technical staff and recommend mitigating actions.
• Collaborate with Networking and Infrastructure teams for network hardening feedback.
• Interface with Security compliance team in response to internal and external audits.
• Tools Used : Qualysguard, Nessus, Acunetix,Burp Suite (Pro), OWASP ZAP, Burp Suite, Nmap, TestSSLServer, DirBuster,SQLMap, Mobsf, Dex2jar, APKTool, Postman

Apr 2017 – Mar 2019 · 1 yr 11 mos

• Roles and Responsibilities:
• Technical Assessments (Vulnerability Assessment & Penetration Testing of Web, Mobile, API, Network, Infrastructure)
• Carry out remote testing of a client's network or onsite testing of their infrastructure to expose weaknesses in security
• Collaborate with IT/Cloud Engineering team to ensure appropriate hardening of internal and cloud environments.
• Document findings for management and technical staff and recommend mitigating actions.
• Collaborate with Networking and Infrastructure teams for network hardening feedback.
• Plan and create penetration methods, scripts and tests advise on methods to fix or lower security risks to systems consider the impact your 'attack' will have on the business and its users
• Interface with Security compliance team in response to internal and external audits.
• Execute penetration test and compliance assessments of products and web applications.
• Develop, maintain and continuously optimize tools and templates for Security Testing with
• penetration testing tools, like Kali Linux, Nessus and others
• Tools Used : Tools Used : Qualysguard, Nessus, Acunetix, InsightVM, Burp Suite (Pro), OWASP ZAP, Burp Suite, Nmap, TestSSLServer, DirBuster,SQLMap, Mobsf, Dex2jar, APKTool, Postman

Nov 2016 – Mar 2017 · 4 mos

• Roles And Responsibilites :
• Perform internal, external and web application vulnerability tests
• Vulnerability identification and analysis
• Pentesting report preparation