Arpit Mittal — Product Manager

With over 10+ years of experience in the Information Security domain, specializing in Product Security, I excel in implementing application security strategies across diverse industries. As the Product Security Specialist, I establish security goals, objectives, and strategies to effectively address and prioritize security risks. Proficient in conducting security testing and ensuring compliance with regulations and best practices, I develop and enforce security policies, standards, and procedures. Collaborating closely with risk owners, I orchestrate the integration of DevSecOps pipelines and oversee cloud security measures. I foster team growth through mentorship and guidance, enhancing understanding and proficiency in security practices. My expertise extends to providing security expertise for threat modeling, technical security assessments, and custom security solutions. Continuously monitoring emerging threats, I evaluate new technologies and methodologies to stay ahead of risks. With a data-driven approach, I monitor and analyze application security metrics, ensuring continuous enhancement. Strengthening overall security posture, I implement automated workflows and conduct regular security audits to fortify defenses. • Application Security (Web and Mobile) • Web Services Security/API's • Network Security & Infrastructure Audit with CIS Benchmark • Source Code Review • Vulnerability and Threat Management • Threat Modeling / Architecture Review (SDLC) • Vendor Risk Assessment/Risk management • DevSecOps & Cloud Security (AWS) Certifications: • Certified Application Security Practionar (CAP) - 2023 • CompTIA Security+ - 2020 • Azure Security Engineer (AZ-500) - 2020 • Azure Security Fundamentals (AZ-900) - 2020 • Certified Ethical Hacker v9 – 2016 Key Achievements: • Received multiple appreciation certificates, Hall of Fame & bounties from several organizations for finding out severe vulnerabilities on their websites • “Facebook” for Information Disclosure • “intel” for XSS vulnerability • “cloudbuilders.intel.com” for Stored XSS Injection vulnerability • Edmodo” for found Documentation files or configuration files publicly accessible (Directory Listing) • “ESET” for found CMS configuration directory (Directory Listing) • “Heroku” (URL Redirection via Referrer Header) • SOPHOS (CORS Exploitation) • DELL (Sensitive Data Disclosure on GitHub) and from many private websites. Arpit is always interested to hear from colleagues, managers or interesting creative folk, so feel free to contact if you’d like to connect.

Stackforce AI infers this person is a Cybersecurity Specialist with a focus on Application Security and DevSecOps in various industries.

Experience: 10 yrs 3 mos