May 2021 – Present · 4 yrs 11 mos · India

• After many years in the cybersecurity industry, I identified a significant gap in the delivery and execution of information security services. This challenge spans from the fundamental understanding of services like penetration testing to the widespread reliance on security through obscurity.
• Frustrated by vendors misrepresenting scan reports as thorough penetration tests and the misconception that new tools can solve all security issues, I founded Enciphers. Driven by a passion for hacking and a commitment to genuinely helping companies secure their applications, we embarked on our mission.
• Since our inception, we have uncovered thousands of critical and high-severity security issues, trained hundreds of security professionals, and assisted numerous organizations in optimizing their cybersecurity budgets effectively.
• While we acknowledge that there's much more to achieve, we take pride in our journey and the milestones we've reached. We are committed to continuing our efforts to make the digital world more secure.
• Onwards and upwards!

Jun 2015 – Apr 2016 · 10 mos · Noida Area, India

• Setting up & managing the Penetration testing team. Responsible for end to end penetration testing project delivery. Managing and training the penetration testing team. Training developers and stakeholders about application and cloud security.

Sep 2014 – Jun 2015 · 9 mos · Noida Area, India

• Responsible for performing manual penetration tests on web applications, network devices, mobile applications and thick clients, both on Ad-hoc basis and Periodic Pentests.
• Conduct Discovery meetings and remediation meetings with the application team about the penetration test finding s and remediation.
• Responsible for handling war-rooms, for critical findings of penetration tests on live internet facing applications.
• Train developers regarding the application security and secure coding.
• Understand the new security vulnerabilities coming and enhance the pentest scope accordingly.
• Research for new vulnerabilities possible in the network infrastructure devices or applications.
• Helping application development team in running source code analysis with fortify and cloud based scans and finally helping them remediate the false positives.

Mar 2013 – Aug 2014 · 1 yr 5 mos · Gurgaon, India

• Worked closely on vulnerability assessments and implementation of Security Infrastructure technologies like ArcSight integration with devices, CyberArk Implementation, CCM Implementation and Vulnerability Assessments.
• Responsible for maintaining and enhancing the security in web applications & network through Periodic Pentests, Vulnerability Scans and Base-lining servers for their security. Worked on Tripwire IP360 for proper vulnerability assessment and scanning of different networks and hosts.

Jun 2011 – Feb 2013 · 1 yr 8 mos · Noida Area, India

• Application Security:
• Responsible for performing Periodic automated Pentests for websites and web applications. Gather information about the vulnerabilities as per Pen-test report and validate the same to rectify the false positives.
• Vulnerability Assessment : (Nessus and McAfee MVM)
• Initiate Vulnerability Assessments on target systems at different Segment.
• Identified Vulnerabilities being reviewed and responsibilities are assigned to respective individuals to fix them with corrective action.
• Respective individuals has to ensure that indentified vulnerabilities been fixed as per company SLA.
• Re-initiate VAs to ensure vulnerabilities have been fixed.
• Threat Monitoring and Management: Responsible for supporting and monitoring threats to Clients network security infrastructure from software vulnerabilities, malwares and virus. Performing Information Security Risk Assessment across Clients.