Feb 2023 – Jun 2024 · 1 yr 4 mos

• Led comprehensive risk assessments and control reviews aligned with NIST, ISO 27001, and HIPAA frameworks.
• Utilized Wiz.io and custom security tooling to identify, classify, and remediate vulnerabilities across hybrid cloud and application environments.
• Evaluated and integrated SAST and DAST tools to strengthen the secure development lifecycle, improving detection accuracy and CI/CD automation.
• Partnered with engineering teams to embed product security reviews early in the design phase, driving secure-by-default principles across SaaS and internal applications.
• Performed penetration testing and vulnerability scanning, delivering actionable insights that reduced enterprise risk exposure and improved release confidence.
• Assessed COTS, SaaS, and generative AI products, developing security controls to address model, data, and third-party risks.
• Delivered detailed, data-backed security assessment reports with prioritized risk analysis, enabling informed decision-making for leadership and engineering teams.

Dec 2021 – Jan 2023 · 1 yr 1 mo

• Automated AWS patch management using Systems Manager (SSM), streamlining patch deployment across EC2 instances and ensuring compliance with CIS/NIST benchmarks.
• Designed and maintained patch baselines for Linux and Windows environments, reducing manual intervention and audit overhead.
• Integrated CloudWatch monitoring and compliance dashboards, improving visibility, accuracy, and reporting for security operations.
• Conducted comprehensive product security reviews for SaaS and cloud applications, identifying flaws and implementing mitigations during development.
• Performed penetration testing across web, mobile, API, cloud, and thick-client environments, providing validated findings and prioritized remediation plans.
• Collaborated with development teams to embed secure coding practices within the SDLC, improving release quality and reducing recurring vulnerabilities.
• Partnered with engineering and leadership stakeholders to strengthen patch governance and drive proactive vulnerability management.

Sep 2020 – Nov 2021 · 1 yr 2 mos · Bengaluru, Karnataka, India

• Performed penetration testing across Web, Mobile, API, Cloud, and Thick Client applications using tools such as Burp Suite Pro, Nessus, Acunetix, Netsparker, Rapid7, SonarQube, and CrowdStrike.
• Conducted white-box and black-box testing (internal, external, and thick client) including SOAP and REST web services.
• Managed application risk assessments and third-party/vendor security assessments, ensuring compliance with NIST, ISO 27001, PCI, HIPAA, SOX and client requirements.
• Monitored and responded to incidents via Rapid7 InsightIDR, strengthening detection and response processes.
• Assessed SDLC processes and delivered application security training, creating gap analyses and improvement programs.
• Provided application security and risk management oversight, aligning with organizational governance and compliance needs.

Mar 2020 – Aug 2020 · 5 mos · India

• Performed penetration testing across Mobile, Web, and Thick Client applications for banking, healthcare, and capital market clients.
• Conducted white-box and black-box testing (internal, external, and network) to identify vulnerabilities and strengthen client security posture.
• Delivered vulnerability assessments, segmentation testing, and remediation guidance, ensuring compliance with industry standards.

Oct 2018 – Feb 2020 · 1 yr 4 mos · Mumbai Area, India

• Performed penetration testing and security assessments for Web, Mobile, APIs, and Payment Gateway systems across national and international projects.
• Delivered vulnerability assessments and remediation plans, meeting strict quality and timeline requirements with high client satisfaction.
• Conducted penetration testing on 40+ web applications and 10+ mobile applications (iOS & Android), providing detailed risk reports.
• Collaborated with clients to gather requirements and deliver tailored application and network security solutions.

Jun 2017 – Sep 2018 · 1 yr 3 mos · Mumbai Area, India

• Performed vulnerability assessments and penetration testing (VAPT) for 70+ web applications and 20+ mobile apps (iOS & Android) based on OWASP standards.
• Conducted white-box and black-box testing (internal, external, and thick client), including web services and APIs.
• Utilized tools such as Acunetix, Nessus, Netsparker, and Burp Suite Pro for automated and manual security testing.
• Worked in SOC environment using ArcSight ESM, monitoring incidents and supporting detection workflows.
• Implemented endpoint and server security solutions including Symantec Endpoint Protection (SEPM), Trend Micro DDI/DDS, and system hardening.