Dec 2021 – Jan 2024 · 2 yrs 1 mo · India · Remote

• Strategic planning of end-to-end Penetration testing projects from scoping till delivery
• Implementing risk based methodology to assess findings and coordinating their remediation with business-units spread across UK and APAC regions
• Evaluation of tools related to Cloud Infrastructure Security and Penetration Testing
• Mentoring and managing a team of pen-testers
• Penetration testing of various platforms to find security vulnerabilities and recommend effective mitigation controls in - Azure and AWS cloud infrastructure, Kubernetes, Web applications, Android and iOS applications, Thick client applications, Network infrastructure

Sep 2020 – Dec 2021 · 1 yr 3 mos · India · Remote

• Risk Management - identifying the risk associated with each vulnerability using various risk-based formulas and suggesting suitable actions
• Security Operations - monitoring the overall corporate environment using tools like XDR, SIEM, EDR and fine-tuning various log sources for optimal security
• Automotive Security
• Vulnerability Management for on-prem servers, workstations, cloud and containerized applications
• Security Automation
• AWS Cloud and Container Security
• ISO 27001 Audits

Apr 2020 – Aug 2020 · 4 mos · India · Remote

• Managing end-to-end security of internal and public-facing applications, including Web apps, APIs, Portals, Android and iOS apps
• PoC of various security tools and devices
• Setting up overall security management process for the organization
• Guiding on Infosec hygiene practices to help secure the company's assets, data and employees

Dec 2018 – Mar 2020 · 1 yr 3 mos · Gandhinagar, Gujarat, India

• Testing of PAS tools and products for security vulnerabilities
• Dynamic/Static Testing and Reverse Engineering of Source-code
• Vulnerability Testing, Tracking and Management - related to ICS products and IT assets
• Patch Management related to third party software and libraries affecting PAS products

Apr 2016 – Nov 2018 · 2 yrs 7 mos · Mumbai, Maharashtra, India

• Security analysis of Desktop, Web and Mobile based applications
• Penetration testing at Network and Application level
• Hands-on experience with manual and automated security testing
• Reverse engineering of code for understanding the logic and to bypass security checks
• Security assessment of internal as well as third party applications based on different platforms, including Android& iOSMobiles, IOT devices, Thick-client and Thin-client applications for Windows and macOS, Feature phones, STB devices

Apr 2014 – Mar 2016 · 1 yr 11 mos · Mumbai, Maharashtra, India

• Working as a part of Information Security Operations Center (ISOC), handling the integration and monitoring of SIEM and managing other security solutions.
• Setup of SIEM solution from scratch to analyze logs with over 30k EPS -- monitor and manage world's largest mobile data platform's security alerts
• Performing Real-Time Monitoring, Investigation, Analysis, Reporting and Escalations of Security Events from Multiple log sources
• Monitoring the IDS alerts, mitigating the alerts for resolving the problems
• Doing analysis of malwares captured in the network
• Configuring syslog, rsyslog, SIEM collector-agents for log forwarding and device integration
• Working with logs from devices/servers like DB, Web, ASA, CDN, NIPS, HIPS, PIM, IDAM, UAG, ACS, DLP, CPI
• Writing and deploying parsers for logs from various devices
• Validating and triggering use-cases for Telecom, Cloud and Infra environments
• Monitoring the vulnerabilities and patches on regular basis
• Performing Forensic analysis of security incidents inside the environment
• Scanning the environment for any vulnerabilities as part of Vulnerability Management team
• Preparing security bulletins and advisories for internal circulation
• Developing and managing a portal - knowledge base for the InfoSec team

Aug 2013 – May 2014 · 9 mos · Pune, Maharashtra, India

• Internship as a part of Masters degree dissertation and thesis, performing research on project title - An Improvised Honeypot system using Honeytokens for trapping Cyber Attackers.
• The project included Malware capture, Intrusion detection, OWASP concepts, Honeypots, FTP/Web/DB servers and Python scripting.