Apr 2023 – Dec 2023 · 8 mos

Oct 2021 – Jun 2023 · 1 yr 8 mos

• Automate SAST and managed the findings.
• Code Review, Pentest, Design Review.
• Automating complex stuffs.
• Effective cross team communication.
• Security Research to find critical and complex issues in bulk.

Oct 2020 – Oct 2021 · 1 yr

• Developed a scalable solution for Secrets Hunting/Management in the repositories.
• New features - pentesting, code review, design review.
• Automation for proactive actions.

Apr 2020 – Oct 2020 · 6 mos

• Payment Fraud Analysis
• Application Security

Sep 2018 – Apr 2020 · 1 yr 7 mos

• Application Security:
• Development of new security automation tools like red: Assassin, Subdomainizer (open source), AWS S3 Bucket Scanner, etc.
• Managing bug bounty program - Verification of reported issue, exploring the issue for more critical impact, assignment the issue to a developer with mitigation steps, and rewarding bounty to the reporter.
• Collaboration with teams over security considerations of new features being developed.
• Penetration testing and security assessment of new features, reporting security issues to teams, and collaborate with the corresponding team to fix them in a timely manner.
• Scanning public sources like GitHub, GitLab, etc. for any erroneous leakage of information, data, code, etc.
• Static Code Review of Go applications.
• Infrastructure/Network security:
• Regularly checking for AWS S3 buckets misconfiguration.
• Monitoring Akamai for different kinds of threats and acting accordingly.
• Monitoring public security sources to update systems instantly when new security patches available.
• Monitoring all domains/subdomains to secure them from getting exposed publicly if they're not intended to.
• Monitoring WiFi networks for weak password/open Access Points.