Apr 2022 – Feb 2024 · 1 yr 10 mos · Bengaluru, Karnataka, India · On-site

• Improved overall platform security by implementing best practices for mobile application, gateway and cloud infra.
• Implemented various security automation in application and cloud.
• API Visbility, Discovery, Monitoring and Security.
• Built a security team from the ground up.
• Security awareness sessions for the developers.
• Organized CTF(capture the flag) events for improving security skills and awareness among developers.
• Automated revalidation/regression of security issues.
• Attack surface reduction and continuous monitoring.
• Cloud security posture management(CSPM)
• Security hardening and continuous audits/monitoring of cloud accounts
• IT Infrastructure security

Jun 2021 – Apr 2022 · 10 mos · Gurugram, Haryana, India · On-site

• DevSecOps, AWS Security, WAF, Security Hardening, Patching, Security Automation
• Security hardening of cloud and SaaS applications.
• Web and mobile application pentesting.
• Incident handling and monitoring using WAF(Cloudflare).
• Security injection in the release process.
• DevSecOps, Security integration in CI/CD pipeline(Gitlab, Jenkins)
• SAST and Software composition analysis (SCA) - Sonarqube, OWASP Dependency Check
• Implemented Forcepoint DLP
• Application Security in Microservices architecture

Nov 2019 – Jun 2021 · 1 yr 7 mos

• Secure SDLC | Solutioning | Penetration Testing | Vulnerability management| Brand abuse prevention
• Security awareness/Secure coding training to employees
• Web, Mobile, Network, cloud (AWS), Source code review
• Tech compliances
• Security Hardening of entire on-prem and cloud infra
• Akamai Web Application Protector to set
• up policies and tweaking/creating WAF/WAP policies to protect against popular cyber attacks
• Automated the entire change management process using Jira and Ansible
• Brand Abuse Protection, Incident Response, Threat Monitoring

May 2018 – Nov 2019 · 1 yr 6 mos

• Pentested various product dimensions like Ecommerce, Travel, Prepaid cards, Wallets, DMT, BBPS, AEPS, Loans, etc.
• Set up Secure SDLC processes twice
• Security Training for developers

Mar 2017 – May 2018 · 1 yr 2 mos

Nov 2015 – Feb 2017 · 1 yr 3 mos · Vishakhapatnam, Andhra Pradesh, India · Remote

• Penetration testing of CMS based websites, wordpress, joomla, drupal, etc.
• Network penetration testing
• Blackbox penetration testing
• Linux Hardening
• Scripting

Oct 2014 – Oct 2015 · 1 yr · Chandigarh, India · On-site

Nov 2011 – Nov 2015 · 4 yrs

• learned hacking and cybersecurity fundamentals
• did a bunch of freelance projects
• pwned a bunch of servers for fun