Apr 2025 – Sep 2025 · 5 mos

Apr 2025 – Sep 2025 · 5 mos

Jun 2024 – Present · 1 yr 9 mos · Remote

• This project aims to develop an OWASP Top 10 list specifically tailored to the maritime industry. Currently, maritime cybersecurity lacks well-defined standards, and this project leverages the OWASP framework to address this gap.
• The project will identify the ten most critical security vulnerabilities facing the maritime sector:
• Gathering and analyzing existing maritime vulnerability data.
• Prioritizing the most frequent and impactful threats.
• Developing detailed descriptions for each vulnerability in the OWASP Top 10 for Maritime list.
• https://owasp.org/www-project-top-10-for-maritime-security/

Nov 2023 – Sep 2025 · 1 yr 10 mos

Nov 2023 – Apr 2025 · 1 yr 5 mos

May 2022 – Oct 2023 · 1 yr 5 mos

Jun 2021 – May 2022 · 11 mos · India

•  Worked on end-to-end implementation of AWS-managed web application firewall for dev and prod environment, including researching, testing, and patching WAF loopholes.
•  Worked on Summologic SIEM solution, created dynamic dashboards and alerts for multiple log volumes, including AWS Cloudtrail, AWS WAF, Okta auth, and production machines
•  Handled companywide security awareness training, secure coding training and monthly security newsletters
•  Handled security incidents and Microsoft device compliance management.

Dec 2019 – May 2021 · 1 yr 5 mos · Greater Bengaluru Area

•  Worked on RASP (Runtime application self-protection) based application security product’s (Colortokens XSecure) capabilities and improved signatures and behavioral methods for detecting security vulnerabilities.
•  Worked on Docker security and Kubernetes security tools like Clair, docker-bench, kube-bench, kube-hunter, anchore-cli, cilium, etc
•  Worked on serverless security penetration testing (OWASP top 10 for serverless)
•  Worked as a security engineer to perform web application penetration testing on multiple clients
• locations and found critical vulnerabilities, including Privilege escalation, SQL injection, Insecure
• direct object reference, XSS, CSRF, File upload, Remote command injection, etc.
•  Worked on multiple open-source applications for increasing application security coverage and
• reported multiple vulnerabilities, including SSRF, CSRF, Host header injection, Clickjacking, and XSS. (CVE-2019-12425 (Apache Ofbiz),

Feb 2019 – Dec 2019 · 10 mos · Gurgaon, India

•  Delivered information security projects as part of an integrated team of Advisory professionals.
•  Defined technical and business requirements for information security solutions.
•  Defined information security processes and policies which secure and enable the business.
•  Enforced business, privacy, and security policies.
•  Implemented IT and information security-related technology products.
•  Review, assess, benchmark, and develop issue remediation action plans for all aspects of
• information security programs and technologies.
•  Developed information security strategies, architectures, and implementation plans.
•  Performed essential supervisory duties to mentor and coach junior staff.
•  Developed people through effectively delegating tasks and guiding staff.
•  Assign and review the work of more junior employees and assist in preparing the final work
• products to confirm that the work is performed with the highest quality standards.
•  Received PwC Above and Beyond Award.

Feb 2017 – Feb 2019 · 2 yrs

•  Managed the cycle of project continuity, reviewed the team’s technical work, and ensured the quality of service deliverables.
•  Participate in the hiring process (conducting technical cybersecurity interview rounds).
•  Perform infrastructure and application penetration tests and physical security reviews for our global clients.
•  Perform application penetration tests across public and private networks.
•  Develop testing scripts and procedures.
•  Develop and leverage custom exploits.
•  Have worked on OSSEC
•  Work on improvements for provided security services, including continuously enhancing existing methodology material and supporting assets.
•  Perform web application, mobile application, and network penetration tests.
•  Develop processes and implement tools and techniques to perform ongoing security assessments
• of the environment.
•  Providing technical consultation on Security Tools and Technical Controls.
•  Experience performing application security assessments, including web applications, mobile
• applications, and web services.
•  Examine assets to determine if vulnerabilities exist and, if vulnerabilities are found, propose
• remediation strategies that can be applied to mitigate them.

Jul 2016 – Jan 2017 · 6 mos

• I worked as a Security Researcher and found various bugs in various applications.