Nov 2017 – Sep 2019 · 1 yr 10 mos · Greater Dublin

• Securing various PTC products like ThingWorx Internet of Things (IoT) Platform, Vuforia, Windchill etc.
• Securing Microservices, Kubernetes clusters and applications running in Dockers/Containers
• Familiar with different Python SDK's like boto3, kubernetes and azure for automation and analysis
• Azure IAM, AKS, az cli, Azure Policies
• Terraform, Jenkins, Chef, CI/CD, helm/helmsman, Vault
• OpenID Connect/OAuth2. Kubernetes-AzureAD integration and RBACs
• Writing Chef cookbooks for configuration management.
• Web Application Security using Burp Suite, OWASP ZAP, Veracode, Sonatype etc.
• Creating Kibana (ELK) dashboards from scratch for Security Analysis

Jan 2017 – Oct 2017 · 9 mos · Bangalore, India

• Zeta India is a Directi company, an m-commerce player going to disrupt Corporate benefits and mobile payments space. Responsible for overseeing company-wide Security, Compliance, Privacy & data protection program, sales enablement, and enterprise risk management.
• Interacting with Legal, HR, Dev, DevOps teams, Customers etc
• Helping Banks, Corporates to on-board using Zeta App, from Security point of view.
• Web Application Security and Mobile Security Research
• Handling bug bounty programme
• API Testing, REST, JSON, Burp Suite, ZAP, nikto, Nessus, Kali OS
• Developed and implemented compliance program covering SOC 2 Type 2. Scoped, planned and managed PCI DSS and ISO 27001
• Writing IT & Cyber Security Policies.
• Amazon VPC, ELB, EC2, Elasticsearch, Logstash, Kibana (ELK) etc.

Oct 2014 – Jan 2017 · 2 yrs 3 mos · Bangalore, India

• Vulnerability Research and Malware Analysis, Yara Rules, Sandboxes, Web Application Security, Advanced Evasion Techniques detection, Threat Coverage of recent Vulnerabilities, Suricata IDS/IPS, Python. Shell code detection signatures. NSS Coverage (Signature writing, FP/FN testing, fine tuning signatures to reduce performance issues)
• Vulnerability Research, Exploit Writing
• Malware Analysis
• Web Application Security, OWASP Top10
• Penetration Testing and Hardening
• Python (exploit writing, tooling and automation)
• Tools: IDA Pro, WinDBG, OpenVAS, Nessus, Nexpose/Metasploit, ZAP, Burp Suite, Wireshark

Oct 2012 – Oct 2014 · 2 yrs · Bangalore, India

• Involved in sustenance work, fixing bugs in different Cisco Products like Cisco's flagship Deep Packet Inspection (DPI) Solution Network Based Application Recognition(NBAR) and Session Aware NETworks (SANET).
• Worked on Software Defined Networking (SDN) technologies like Opendaylight (ODL) Controller, OpenFlow and Mininet for creating Proof of Concepts.
• C, Java, Python
• Tools:
• Cisco IOS, gdb, Wireshark

May 2012 – Sep 2012 · 4 mos

• Was the first Security Researcher at CEM. Worked on Vulnerability Research and AppID to come up with Signatures to protect/detect/cover various threats at Network level using UTM (Unified Threat Management) appliance.Worked on different Application Security Vulnerabilities like Buffer Overflows and OWASP Top 10 like Cross Site Scripting(XSS), SQL Injection etc.
• Web Application Security, OWASP Top10
• Device Hardening
• Penetration Testing
• Writing Snort Signatures for P2P, AppID and File Type Detection
• C
• Tools:
• Backtrack, Metasploit, Snort, nmap, nc, hping3, Nessus, WebScarab

Aug 2011 – Aug 2012 · 1 yr

• Was teaching CEH v7.1 in my free time. Teaching was done out of passion towards Information Security and to educate people from various Attacks, Hacks, Malware etc.
• Tools:
• nmap, nc, Backtrack, Metasploit, Snort, hping3, Nessus, WebScarab, Wireless/Wi-Fi Hacking, Cryptography, Malware Analysis, Vulnerability Research, Network/Application/System Security, Wireshark/tcpdump

Aug 2011 – Aug 2012 · 1 yr

• Was teaching CEH v7.1 in my free time. Teaching was done out of passion towards Information Security and to educate people from various Attacks, Hacks, Malware etc.
• Tools:
• nmap, nc, Backtrack, Metasploit, Snort, hping3, Nessus, WebScarab, Wireless/Wi-Fi Hacking, Cryptography, Malware Analysis, Vulnerability Research, Network/Application/System Security, Wireshark/tcpdump

Nov 2010 – May 2012 · 1 yr 6 mos · Bangalore, India

• Development of different features/functionality for McAfee IPS (Intrushield) using C Language on UNIX/LINUX Platform. Used different Inter Process Communication (IPC) concepts, Threads etc.
• Unit Testing and Integration Testing of developed Code.
• Socket Programming
• POSIX Threads
• Tools:
• Coverity, CVS, gdb

Dec 2008 – Oct 2010 · 1 yr 10 mos · Bangalore, India

• Worked on coverage of recent threat detection for McAfee IPS (Intrushield). Involved in solving detection issues in McAfee IPS due to evasion for NSS Certification and ICSA Labs Certification. Worked on different Application Security Vulnerabilities like Buffer Overflows, Cross Site Scripting(XSS), SQL Injection etc.
• Roles Included:
• IPS Automation using Python/Perl
• Exploit Writing (Debugging with Ollydbg,Windbg etc.)
• Threat Coverage Testing for IPS
• Testing for NSS/ICSA Certifications
• False Positive and False Negative Testing
• Snort IDS Configuration and Rule Writing
• Tools:
• Metasploit, CoreImpact, OllyDBG, WinDBG, tcpreplay/tcpdump, tomahawk, nmap, hping, Wireshark etc.,

Mar 2007 – Nov 2008 · 1 yr 8 mos · Noida, Uttar Pradesh, India

• Worked as Vulnerability Researcher and Malware Analyst developing Signatures/Filters for iPolicy IPF (Intrusion Prevention Firewall), a UTM appliance. Involved in researching various Vulnerabilities and Malware to come up with protection mechanisms. Worked on different Application Security Vulnerabilities like Buffer Overflows, Cross Site Scripting(XSS), SQL Injection etc.
• Roles included:
• Vulnerability Research
• Malware Analysis(dynamic)
• Security Advisory write-ups
• Web Application Signatures, OWASP Top10
• Snort IDS/IPS and Protocol Anomaly Detection Signatures
• Knowledge of Penetration Testing.
• Tools:
• nmap, nc, Metasploit, SAINT, Blade Karalon, Wireshark