Jun 2022 – Dec 2022 · 6 mos · Amsterdam, North Holland, Netherlands

Nov 2021 – Mar 2022 · 4 mos · Bangalore Urban, Karnataka, India

Jul 2021 – Nov 2021 · 4 mos

Oct 2019 – Jul 2021 · 1 yr 9 mos

• Working on Cloud Security (Azure). Identify opportunities for improvement and then driving those improvements through the enterprise.
• Provide thought leadership on monitoring, alerting, reporting, and blocking.
• Examine current cloud security practices and identify risks, then execute programs to address them.
• Weigh business needs against security concerns and provide risk-based recommendations to enhance cloud security, which is practical and achievable, thereby allowing the Line of Business to make informed risk decisions to a cloud platform.
• Design, develop and report key security metrics dashboard to the senior leadership team. Serve as a subject matter expert for vendor security questionnaire.
• Manage endpoint protection single handedly.

Apr 2017 – Oct 2019 · 2 yrs 6 mos

• Responsible for SAST and manual pen-testing (DAST) of web Applications, mobile, Web APIs (Rest & SOAP) as per standards. Automated the process of checking SSL cert expiry for all internet-facing apps.
• Developed the script to implement rate limiting on Nginx.
• Automated the process of Ubuntu 18.04 image hardening.
• Conduct Training for developers for OWASP Web Top 10.
• Coordinating with the application team about the best fix possible for the vulnerabilities found.

Jun 2015 – Oct 2016 · 1 yr 4 mos · Greater Vadodara Area

• As part of the Information Security Analyst at Mastercard, I was responsible for conducting in-depth security assessments and ensuring vulnerabilities were identified, communicated, and remediated effectively throughout the secure SDLC process.
• ✅ Key Responsibilities & Contributions:
• Performed comprehensive Application Security Assessments across internal and third-party applications to detect and mitigate security vulnerabilities.
• Participated in SDLC security reviews, providing actionable recommendations to development teams based on architecture, tech stack, and project-specific risks.
• Identified, triaged, and prioritized security issues based on severity and business impact, ensuring timely tracking and remediation with engineering and product teams.
• Created detailed security assessment reports outlining technical findings, risk levels, and remediation guidance tailored to developers.
• Collaborated with cross-functional teams to strengthen application security posture and integrate security best practices early in the development lifecycle.

Dec 2013 – Jun 2015 · 1 yr 6 mos

• As an Information Security Analyst at Net-Square, I conducted comprehensive security assessments across a range of environments including web, mobile, infrastructure, and source code using a fully manual, in-depth approach to identify, test, and validate vulnerabilities.
• ✅ Key Responsibilities & Achievements:
• Performed end-to-end Application Security Assessments including web application penetration testing, source code reviews, and thick/thin client testing, following OWASP and industry best practices.
• Led the Vulnerability Management Process:
• Scheduled and monitored infrastructure and application scans.
• Analyzed scan results and categorized vulnerabilities based on severity and risk.
• Ensured remediation efforts were tracked and closed in line with the vulnerability management policy.
• Coordinated with cross-functional teams to manage open issues and ensure timely resolution.
• Conducted manual mobile application penetration testing (Android) to identify and exploit critical security flaws.
• Performed server hardening reviews to verify compliance with security baselines, access controls, and configuration standards.
• Delivered detailed technical reports and remediation recommendations to both technical and non-technical stakeholders.
• Conducted network and infrastructure vulnerability assessments, applying layered testing methodologies for comprehensive risk exposure analysis.
• 🛠️ Tools & Technologies:
• Burp Suite · OWASP ZAP · Nessus · Nmap · Android Debug Bridge (ADB) · Custom scripts · Manual testing techniques

Sep 2013 – Nov 2013 · 2 mos

• Main responsibility is to perform Application Security Assessment for Vulnerabilities

Jan 2013 – May 2013 · 4 mos · Greater Ahmedabad Area

• Main responsibility was to develop Burp Suite Extension (for internal purpose)

Feb 2012 – Feb 2013 · 1 yr · Greater Jaipur Area

• DEFCON Rajasthan (DC91141) was founded in 2011. It is located in Jaipur (India). Its aim is to give users (experienced and others) a platform to exchange thoughts and ideas about information security. The exchange of information has two goals:
• 1.Transfer knowledge in the information security domain,
• 2.To sensitize users to information security.
• Defcon Rajasthan (DC91141) is a Defcon Registered group of people interested in exploring technology and it implications in security. It mostly consists of information assurance professionals and enthusiasts.