Harmeet Bawa

Associate Partner

Berlin, Berlin, Germany7 yrs 6 mos experience
Most Likely To Switch

Key Highlights

  • Led cybersecurity integration during M&A processes.
  • Developed and managed Purple Team initiatives.
  • Proven expertise in vulnerability management and threat hunting.
Stackforce AI infers this person is a Cybersecurity expert with extensive experience in threat management and security integration.

Contact

LinkedIn

Skills

Core Skills

Cyber DefenseProject ManagementVulnerability AssessmentApplication Security

Other Skills

API TestingAndroid DevelopmentApplication Security TestingApplication VAPTBack-End Web DevelopmentCI/CD Pipeline SecurityCloud SecurityContainer SecurityContent DevelopmentCybersecurity IntegrationCybersecurity StrategyDatabase DesignEDR Use Case DevelopmentExternal Attack Surface ManagementHardware Development

About

I am a proactive Cybersecurity citizen with 7+ years of experience driving offensive and proactive security at scale. At Deutsche Börse, I developed the concept of and led the Purple Team and Internal Red Team, Threat Hunting functions and External Attack Surface Management across 14 entities — aligning technical excellence with strategic goals. I am also leading the project management effort for a Group-wide initiative, after having completed a Merger & Acquisition project, managing the security integration of the acquired company. I enjoy shaping security strategy and roadmaps by identifying gaps, introducing the right tools and technologies, and building capabilities that reduce risk and enable resilience.

Experience

Deutsche börse

2 roles

Associate Vice President | Information Security Specialist

Promoted

Mar 2024Present · 2 yrs · Frankfurt am Main, Hesse, Germany

  • Leading Purple Teaming initiatives, establishing processes and enhancing cross-functional collaboration.
  • Leading External Attack Surface Management (EASM) across 14 legal entities, ensuring consistent vulnerability management.
  • Project Manager for the setup of security teams in Deutsche Börse India.
  • Realising vulnerability disclosure program.
  • Successfully managed the cybersecurity integration for Simcorp during the M&A process, as the project lead for cyber security to ensure smooth transitions and secure integrations.
  • Lead Threat Hunting for a team of 7 members.
  • Performing web application testing.
  • Performing red teaming exercises.
  • Researching Post-Quantum Cryptography adoption for DBG.
  • Delivered regular presentations to senior management and large audiences (~120) on key cybersecurity initiatives.
  • ADA Fellow – Driving leadership and diversity initiatives in cybersecurity.
Purple TeamingExternal Attack Surface ManagementVulnerability ManagementThreat HuntingCybersecurity IntegrationCyber Defense+1

Senior Information Security Specialist

Feb 2023Feb 2024 · 1 yr · Frankfurt am Main, Hesse, Germany

  • Leading Threat Hunting at DBG – Driving proactive threat detection and response strategies.
  • Heading External Attack Surface Management – Strengthening security across 14 legal entities.
  • Vulnerability Management & Penetration Testing – Identifying and mitigating security risks.
  • Enhancing EDR Use Case Development – Improving endpoint security defenses.
  • Applying MITRE ATT&CK & Cyber Kill Chain Frameworks – Strengthening detection and response capabilities.
  • Establishing and Leading Purple Teaming – Bridging offensive and defensive security.
  • Securing Mergers & Acquisitions – Assessing security risks in acquisitions (FundsDLT & Simcorp).
  • Implementing security.txt & Vulnerability Disclosure Programs – Enhancing responsible disclosure practices.
  • ADA Fellow – Driving leadership and diversity initiatives in cybersecurity.
Threat HuntingExternal Attack Surface ManagementVulnerability ManagementPenetration TestingEDR Use Case DevelopmentCyber Defense+1

Nuri

Cyber Security Engineer

Feb 2021Jan 2023 · 1 yr 11 mos · Berlin, Berlin, Germany

  • Led Application Security Testing – Conducted recon, black-box, and white-box testing of applications and APIs.
  • Directed Vulnerability Management – Identified, assessed, and remediated security risks.
  • Cloud Security (AWS) – Implemented security controls to protect cloud infrastructure.
  • Led Threat Modeling & Tech Design Reviews – Strengthened security architecture by identifying risks early.
  • Threat Hunting & Log Management – Proactively detected and mitigated security threats.
  • Managed Bug Bounty Program – Triaged and resolved reported vulnerabilities.
  • Internal Audit & Access Control Assessments – Ensured compliance with security policies.
  • Third-Party Integration Security – Evaluated and secured external partnerships.
  • Incident Response & RCA Analysis – Investigated security incidents and implemented corrective actions.
  • Conducted Security Awareness Workshops – Trained teams to improve security culture.
Application Security TestingVulnerability ManagementCloud SecurityThreat ModelingIncident ResponseCyber Defense+1

Paytm

Cyber Security Engineer

Jul 2019Jan 2021 · 1 yr 6 mos

  • Award - Paytm Star - planning, execution and delivery of SAST automated pipeline.
  • Skills applied in this job role:
  • Application VAPT
  • Cloud Security - AWS
  • Secure Code Review - SAST
  • CI/CD pipeline security
  • Threat hunting
  • Container Security - Docker & Kubernetes
  • Network VAPT
  • Training workshops for developers and devops
  • Received appreciation for implementing SAST throughout Paytm.
  • Tools used: SonarQube, Jenkins, Docker, Tenable SC, Metasploit, Nmap, Burp Suite, Nexpose, Aqua Security, Docker Bench, TFsec, Security Monkey, TruffleHog, Git-secrets, Cloudwatch, Cloudtrail, Dome9, IAM.
Application VAPTCloud SecuritySecure Code ReviewCI/CD Pipeline SecurityThreat HuntingCyber Defense+1

Ey

Cyber Security Analyst

Jun 2018Jul 2019 · 1 yr 1 mo

  • Award - Kudos for App Security at client.
  • Web application Vulnerability Assessment and Penetration Testing (VAPT).
  • Mobile application Vulnerability Assessment and Penetration Testing (VAPT).
  • API Testing.
  • Network & Infrastructure Vulnerability Assessment.
  • Analyse the risk posed by vulnerabilities and define their severity.
  • Minimum Baseline Security Standard (MBSS).
  • Static Code Analysis and Source Code Review.
  • Cloud-based Infrastructure Review (AWS).
  • Standards followed: OWASP, SANS, WASC, MITRE.
  • Worked in audit roles.
Web Application VAPTMobile Application VAPTAPI TestingNetwork VAPTCyber Defense

Ministry of commerce and industry, government of india

Engineer Intern

Jun 2017Aug 2017 · 2 mos · New Delhi, Delhi, India · On-site

Synack red team

Security Researcher

Jan 2017Jul 2021 · 4 yrs 6 mos

  • Web application security
  • Mobile application security
  • Infra security
Web Application SecurityMobile Application SecurityInfrastructure SecurityCyber Defense

Education

ESMT Berlin

Executive MBA

Oct 2025Apr 2027

Guru Gobind Singh Indraprastha University

Bachelor of Technology — Computer Science and Engineering

Aug 2014Jun 2018

Stackforce found 100+ more professionals with Cyber Defense & Project Management

Explore similar profiles based on matching skills and experience

Arthur Ottoni

Arthur Ottoni

Cyber Exploitation Analyst

at ISH Tecnologia

Barbacena, Brazil2 mos exp
pentestmobile hacking
Vinai Kumar

Vinai Kumar

Information Security Program Manager

at Sony India Software Centre

Bengaluru, India17 yrs 9 mos exp
Agile MethodologiesCybersecurity
Gaurav Batra

Gaurav Batra

Founder & CEO

at CyberFrat

Mumbai, India18 yrs 5 mos exp
Himanshu Kumar Das

Himanshu Kumar Das

Chief Information Security Officer

at CRED

Bengaluru, India17 yrs 3 mos exp
ComplianceCyber SecurityCyber Security LeadershipInformation SecurityRisk Management
Aishwarya Bajpai

Aishwarya Bajpai

Lead Penetration Tester

at Fidelity Investments

Bengaluru, India11 yrs 3 mos exp
Penetration TestingProduct Security
Prharsha G

Prharsha G

Founder

at Flare

Bengaluru, India5 yrs 3 mos exp
Conversion OptimizationE-CommerceManagementPython (Programming Language)
Tajinder Singh

Tajinder Singh

Group Head Product Security

at Global Fashion Group

Germany11 yrs 6 mos exp
AI & ML SecurityCloud SecurityApplication SecurityDevSecOpsAPI Security
Assaf Keren

Assaf Keren

Member - Wall Street Journal Technology Council

at The Wall Street Journal

Draper, United States28 yrs exp
Cyber SecurityInformation SecurityProduct Management