Apr 2024 – Present · 1 yr 11 mos

• Conducted an Assumed Breach Active Directory and Entra ID assessment, identifying AV/EDR bypasses to domain-join an unmanaged device, gaining unrestricted access to the internal corporate network
• Leading research and development of an AI Red Team to conduct security testing for applications integrated with Large-Language Models (LLMs), identifying vulnerabilities and assessing potential risks in AI-integrated systems employing Generative AI or Agentic AI implementations
• Played a crucial role as a core team member in empaneling EY India LLP with the Indian Computer Emergency Response Team (CERT-In), achieving a 90% score in the practical test
• Played a pivotal role in organizing one of India’s largest hackathons with Data Security Council of India (DSCI) as part of the Annual Information Security Summit for two consecutive years (2023 & 2024), designing CTF-style challenges to provide participants with hands-on and real-world cybersecurity experience

May 2022 – May 2024 · 2 yrs

• Managed and led a large team in conducting a security assessment consisting of penetration testing, secure code review, threat modelling, configuration review, and Azure subscription review for an Indian multi-national Information Technology and services company, identifying critical security threats and providing security consultation.
• Performed an External Penetration Test (encompassing OSINT, Inital access attacks, Lateral Movement, Persistence and Post-exploitation within the network) to compromise Domain admins and takeover Domain Controllers.

Jan 2022 – Aug 2022 · 7 mos

• Awarded the ‘Kudos’ award for Quarter-1 (July ‘22-September ‘22) for portraying exceptional performance, team spirit, and building key client relationships.
• Awarded the ‘I am Exceptional’ award for Quarter-1 (July ‘22-September ‘22) for solving complex business problems and being intellectually stimulating
• Conducted an AWS Network Architecture Review on a compromised network for a technology company delivering SaaS-based solutions. The review culminated with identifying critical architectural misconfigurations and mitigatory actions were suggested.
• Led a large team and conducted a penetration test for a key Consumer-based client, identifying more than 200 Critical and High vulnerabilities, more than 800 Medium and Low vulnerabilities across their Web, SAP, and Infrastructure (Cloud & on-premise) environments, providing mitigation techniques, closing the engagement earlier than agreed, and received excellent client feedback.

Jan 2021 – Jan 2022 · 1 yr

• Received the ‘I am Exceptional’ award for Quarter-1 (July ‘21-September ‘21) for solving complex business problems and being intellectually stimulating.
• Conducted a penetration test for a Consumer-based company and key client, identifying more than 1000 vulnerabilities across their Web, SAP, and Infrastructure environments, providing mitigation techniques and closing the engagement earlier than agreed.
• Performed a vulnerability assessment and penetration test on a logistics and planning system for a software and services provider in the IT/ITES industry in order to identify security threats and provided remediation steps.
• Performed a penetration test and secure code review on a mobile application (Android & IOS) for an Indian multinational IT company to identify critical security issues and provided remediation steps.
• Drafted security configuration checklists for firewalls based on benchmarks from Center for Internet Security (CIS).
• Performed assessments of infrastructure vulnerabilities, including identifying, exploiting and mitigating upcoming vulnerabilities in Active Directory environments (eg: PrintNightmare, Zerologon).