Jul 2023 – Jan 2024 · 6 mos

Apr 2021 – Aug 2023 · 2 yrs 4 mos

• Client: Emirates NBD Bank - Cyber Security Consultant
• Collaborate with product development and solution teams proactively to manage software security risk aligned with business goals and to achieve Secure Development Lifecycle.
• Work closely with Agile Squads to implement security controls during the development stage.
• Provide vulnerability remediation guidance and mentoring to product development software engineers.
• Triaging the security observations identified through manual or automated testing tools with the development team.
• Conducting Source code review for any new changes in the application functionality.
• Handling End to End security of the assigned application.
• Risk Tracking and mitigation.
• Identified multiple critical technical/business logic-based security issues in Banking applications.
• Analyzing the PII or Sensitive information in Storage or transit by validating in logs, databases, and servers.
• Handling multiple Agile Squads for End to End project delivery.
• Well-versed with multiple tools such as Burp Suite, Checkmarx, Nessus, Twistlock, NexusIQ, Insomnia, Checkmarx SCA, MobSF, Kibana, etc.
• Day-to-day work includes a wide variety of security activities from Application Penetration testing, Mobile App VAPT, Network/Server Vulnerability Assessments, Secure Code Reviews, Firewall
• Configuration Reviews, Risk Assessments, Architecture reviews, Data and Privacy assessments, and Container and API reviews.

Sep 2018 – Apr 2021 · 2 yrs 7 mos

• Worked with 20+ clients in a wide range of security domains such as Web, Mobile, API, Thick Client, Network, Wi-Fi, etc. delivering reports with identifying several Critical, High vulnerabilities.
• Executed web/mobile application penetration testing and API security assessment in London for a major UK-based bank.
• Have worked in UAE for one of the largest Telecom companies, performing Network security, web app, and various other red teaming activities.
• Identified a critical vulnerability in Road Transport Authority (RTA) Dubai during the assessment of API's.
• Conducted Application Security testing for various business Web Applications in the areas of Banking, Finance, Insurance, and e-commerce.
• Conducted Vulnerability Assessments for networks, devices, and servers.
• Proficient in OWASP Top10 Category vulnerabilities and mitigations.
• Experienced in both black box and white box security testing.
• Experienced working with AppSec tools such as BurpSuite, Nessus, Nmap, Metasploit, SQLMAP, and other Kali Linux tools, etc.
• Developed a python-based platform for Redteaming. It facilitates an attacker infiltrating internal networks and performing silent information gathering and basic attacks. This application, since it uses native handwritten code, evades detection from most antivirus software
• Performed Wi-Fi pen testing using an Alfa card and pineapple tetra devices.
• Managing team with multiple assessors to ensure timely delivery of projects

May 2021 – Jan 2024 · 2 yrs 8 mos · Dubai, United Arab Emirates · On-site

Aug 2016 – Sep 2018 · 2 yrs 1 mo · Bengaluru, Karnataka, India

• Web Application Penetration tester with experience in performing web application security audits against OWASP Top 10 vulnerabilities.
• Hands-on experience performing Mobile Application VAPT, Network Security.
• Proficient in understanding application-level vulnerabilities like XSS, SQL Injection, etc.
• Performed Internal and External application and network assessments.
• Visited multiple client locations to deliver projects in the security domain.
• Static and dynamic analysis of android applications.
• Developed a signature/pattern-based Source Code Review platform to facilitate a quick and early code check for the developers while writing the code