Dec 2024 – Present · 1 yr 4 mos · Devakottai, Tamil Nadu, India · Hybrid

• At MICH JOSH CYBERSECURITY, we specialize in securing modern digital ecosystems with a strong focus on AI Security & Penetration Testing. Our expertise includes:
• 🔹 AI/ML Security – Securing AI-driven applications, LLM attack simulations, and adversarial testing
• 🔹 Penetration Testing – Web, Mobile, API, and AI/ML security assessments
• 🔹 Security Training – AI, Web, Network, Mobile, API, Thick Client, and Secure Code Review workshops
• 🔹 Compliance & Risk Assessment – Helping businesses meet security standards
• As AI continues to evolve, so do cyber threats targeting AI models and applications. We help businesses identify vulnerabilities in AI-driven systems before attackers exploit them.
• Looking to secure your AI systems or enhance your AI security skills? Let’s connect! 🚀

May 2023 – Dec 2024 · 1 yr 7 mos

• Implemented end-to-end security services, automation, and monitoring tools across
• infrastructure, safeguarding CI pipelines, and fortifying production microservices for
• comprehensive protection.
• In Devsecops process experienced with multiple tools in SAST, DAST, SCA, IaaC, CaaS.
• Handon in tools such as Checkmarx, Mend(whitesource), Aquasec, Qualys, Retirejs, Nmap,
• Ansible, Inspec. Automation tools such as Jenkins, Azure Devops, Gitlab actions.
• Performed web application security analysis using Static and Dynamic testing to identifying
• possible vulnerabilities on more than 120 applications.
• Experience in various web app penetration testing tools such as Burp Suite proxy, Dir-Buster,
• FFUF, Nmap, Qualys, Wappalyzer, XSS Hunter.
• Familiarity with static and dynamic code analysis techniques and fuzzing methods to
• uncover security issues.
• Conducted threat modeling and analyzed attacker exploit techniques to develop effective
• remediation strategies.
• Implemented best practices in security engineering, including secure development,
• cryptography.
• Performed penetration testing for around 50+ mobile (Android and iOS) applications.
• Demonstrated experience in threat modeling, testing, and analyzing applications to
• identify and mitigate security risks.

Oct 2020 – Apr 2023 · 2 yrs 6 mos

• 1. Web Application Penetration Testing:
• Performed web application security analysis and identifying possible vulnerabilities on more than 120 applications.
• Experience in various web app penetration testing tools such as Burp Suite, Dir-Buster, FFUF, Nmap, Qualys, Wappalyzer, XSS Hunter.
• 2. Mobile Application Penetration Testing:
• Performed penetration testing for around 25+ mobile (Android and iOS) applications.
• In Mobile PT, specifically focused on APK reverse engineering, traffic analysis and manipulation, dynamic runtime analysis.
• Reviewed Android and iOS mobile source code manually and recommended code fixes
• 3. Thick client application penetration testing:
• In Thick Client Application, evaluated Insecure Data Storage using the string.exe tool, Decrypting encrypted secrets, Regshot for Privilege Escalation etc.,
• Tools such as Binscope, sigcheck and visual code grepper to locate the low hanging vulnerabilities is thick client application.
• 4. Cloud penetration testing
• Worked on Cloud security vulnerabilities and utilized numerous tools such as ROADTools, StormSpotter, BloodHound, MicroBurst.
• In Cloud pentesting, perform Initial access and authentication enumeration, Data Mining, Privilege escalation and On-prem Lateral Movement.
• 5.Devsecops
• In Devsecops, obtain the security a little closer to the development life cycle and embed security in the same DevOps pipeline.

Dec 2018 – Sep 2020 · 1 yr 9 mos

• Vulnerability Assessment and Penetration Testing for Web and Mobile Application.

Jul 2017 – Dec 2018 · 1 yr 5 mos · Cochin Area, India

• Web application pentesting & secure code review
• Discovered web site security issues (XSS, CSRF, session fixation, SQL injection, information leakage, authentication etc.) across various platforms.
• In Secure code review targets to identify security flaws in the application related to its features and design, along with the exact root causes.
• Using DAST tool such as Checkmarx to sense the vulnerabilities in the source code.
• Thick client penetration testing
• In Thick client application identifying DLL Hijacking Vulnerability, Binary Analysis and Files Analysis to find the vulnerability.
• Gathering information of Thick client application’s network connections using TCP view, wireshark, CFF Explorer and Procmon.
• Network penetration testing
• In Network pentesting using tools such as Netcat, Enum4linux, dirb, meterpreter, msfvenom etc., to enumerate and exploit the vulnerabilities.
• Detect the common network security vulnerabilities such as practice of default or weak passwords and misconfigurations in network components.

May 2015 – Jun 2017 · 2 yrs 1 mo · Chennai Area, India

• 1. Web Application Penetration Testing:
• Security assessment of web applications in different categories like Input and data Validation, Authentication, Authorization & logging.
• Worked with global security teams performing Web app & Network security assessments.
• 2. API Penetration testing
• Review the security of the REST API by Identify the Weak auth tokens, Leaky APIs and insecure Data Storage which are commonly found weakness in API.
• Using the automated scanners such as FuzzAPI and Astra to find the vulnerabilities in API.
• 3. Malware Analysis:
• Conducting malware analysis and reverse engineering on suspicious code and producing a detailed report of the findings.
• In static analysis using the sys internal tools and utilizing the disassembler like IDApro to identify the behavior of the malware.
• Understanding current vulnerabilities, attacks and countermeasures.