Mar 2024 – Jul 2024 · 4 mos · Bengaluru, Karnataka, India · On-site

• Identified RBI Master Directives applicable to NBFCs and prepared information security roadmap to comply to the regulation
• Identified frauds from Telegram groups, investigated user onboarding process and built business case to deprecate cKYC flow to mitigate the frauds
• Assisted with vendor identification, product evaluation and negotiation for cloud security product
• Conducted application pentest for Web & Mobile app with the help of 3rd party vendor
• Prioritised security initiatives within AOP planning for 2 quarters
• Evangelised Security at leadership level with continuous security reporting
• Audited code for secrets and security vulnerabilities using SAST tools, communicated findings to engineering team and help them prioritised
• Automated Employee account audits highlighting ex-employee active accounts across cloud, Google Workspace and other business applications
• Documented Information Security policies and conducted IR drill for cloud environment
• Managed to reserve 10% developer bandwidth for security work

Apr 2023 – May 2025 · 2 yrs 1 mo

Jun 2020 – Mar 2023 · 2 yrs 9 mos · Bengaluru, Karnataka, India

Apr 2018 – Jun 2020 · 2 yrs 2 mos

• Security Operations:
• Asset management
• Vulnerability management
• Attack alert & monitoring
• Bug bounty management
• Product Security:
• Mobile app/API/web application pentest
• Secure product design review
• Micro-service authentication
• 3rd party integration
• Security Automation:
• Cloud security (AWS & GCP)
• API scanners
• Credential management
• Server audits/hardening
• Secure code review
• Code Dependency Scanning
• Enterprise Security:
• Endpoint Protection
• Mobile Device Management
• GSuite Security configurations
• Threat Intelligence
• Other Relevant Experience:
• Preparing security team goals for each quarter
• Setting up OKRs & managing progress
• Timely updates to leadership team
• Participation in mitigation discussions with tech leads

Jul 2016 – Apr 2018 · 1 yr 9 mos

Mar 2016 – Jun 2016 · 3 mos · Bengaluru Area, India

Aug 2014 – Feb 2016 · 1 yr 6 mos · Bengaluru Area, India

Jun 2012 – Aug 2014 · 2 yrs 2 mos · Bengaluru Area, India

Jan 2011 – Jun 2012 · 1 yr 5 mos

• Involved in creation of techno-commercial proposal, customer interactions for requirement analysis.
• Team Managerment
• Independently executed Cert-In Empanelment offline & online tests
• Involved in setting “Network Penetration Testing” methodology
• Executing Proof of Concepts for various clients
• Ensuring high quality project deliverables
• Conducted internal presentations on Basic Networking concepts, Clickjacking, Detailed SQL injection, etc.
• Providing web application training to peers
• Execution of Web application security and network penetration testing assignments

Jul 2010 – Jan 2011 · 6 mos

Jan 2008 – Jul 2010 · 2 yrs 6 mos

• Application Penetration:
• As the Application Pen-tester was responsible to conduct detailed assessment of the application security posture of client as per Industry standards.
• External Penetration:
• As the Pen-tester was responsible to conduct detailed assessment of security posture of the internet facing Systems & Network of client as per Industry standards.
• Vulnerability Assessment:
• As a security consultant was responsible to conduct detailed assessment of security posture of the Internal Systems & Network Devices of client as per Industry standards.

Oct 2007 – Jan 2008 · 3 mos

Oct 2006 – Oct 2007 · 1 yr

• Management of firewalls, including Netscreen, Cisco PIX & CheckPoint.
• Configuration & troubleshooting of VPN
• Engineering and Administration of network and monitoring devices.
• Security Hardening of Solaris, Linux, and Windows servers.
• Incident logging/updating and daily system monitoring/maintenance.
• Backup/Restoration of Firewall config.

Jan 2005 – Jan 2006 · 1 yr

May 2003 – Oct 2005 · 2 yrs 5 mos