Jul 2025 – Oct 2025 · 3 mos · Remote

• Back to basics, hacking web applications for bread and butter ;)

Apr 2024 – Jul 2025 · 1 yr 3 mos · Bengaluru, Karnataka, India

• Training team members on niche areas i.e. threat modelling, AI Security, IoT/OT Security and AppSec.
• Conducted Security Design Reviews and Threat Modeling for IoT products, evaluating secure architecture requirements for hardware, cloud, APIs, and mobile applications.
• Identified vulnerabilities in AI/LLM-based platforms (supply chain risks, prompt injection flaws); implemented guardrails and secure coding practices with developers.
• Developed advanced phishing frameworks, utilising Deepfake, AI base Voice Cloning and Vishing.
• Designed SIEM use cases for IIoT grade embedded devices and further implemented niche detection techniques specifically for Custom Linux OS.

Feb 2023 – Apr 2024 · 1 yr 2 mos · Bengaluru, Karnataka, India

• Performed SAST for Ruby/C/C++ codebases; integrated findings into CI/CD pipelines to reduce vulnerabilities during development.
• Collaborated with engineering teams to prioritize and remediate critical issues (e.g., command injection, RCE).
• Led Red Team exercises for OT/IT systems, improved incident response playbooks.

Apr 2022 – Feb 2023 · 10 mos

• ‣ Led a team of 4 to gather remediation plans/risk acceptances, and ensure effective communication of solutions to stakeholders via meetings or mail.
• ‣ Researched, developed & implemented process improvement for clients by creating interactive dashboards & custom automation in the environment.
• ‣ Created cybersecurity best practice communications to educate staff against breaches, zero-day vulnerabilities & remedial measures through research.
• ‣ Developed options to advise on prioritization of remediation actions and reconciliation of vulnerability mitigation action date.

Aug 2021 – Feb 2023 · 1 yr 6 mos

• ‣ Joined TCS as a Digital Cadre being in the top 0.1% of the hiring drive.
• ‣ Performed vulnerability assessment scans on the client side to ensure maximum coverage and conducted penetration tests for clients.
• ‣ Reviewed violations of computer security procedures and supported the remediation plan development as well as the current status of remediation plan execution.

Aug 2020 – Nov 2020 · 3 mos

• ‣ The objective of the project was to identify online ICS/SCADA/IoT systems and their vulnerabilities using passive reconnaissance.
• ‣ Developed a framework that uses APIs (Censys, Shodan, etc) to enumerate ICS/SCADA/IoT devices used by GOI which are vulnerable to foreign threats.

May 2020 – Jun 2020 · 1 mo · Bhubaneshwar, Odisha, India

• ‣ Tested security of systems by attempting to gain access to web-based applications.
• ‣ Documented penetration testing findings.