Sunil Kande

Product Manager

Pune, Maharashtra, India7 yrs 5 mos experience

Most Likely To SwitchHighly Stable

Key Highlights

Certified ethical hacker with extensive security expertise.
Over six years in product security and penetration testing.
Proficient in mobile and web application security assessments.

Stackforce AI infers this person is a Cybersecurity Specialist with a focus on Application Security and Penetration Testing.

Contact

Skills

Core Skills

Application SecurityCyber-securityPenetration TestingTeam Leadership

Other Skills

SecurityData PrivacyFirewallsInternet Protocol Suite (TCP/IP)TroubleshootingAndroid pentestingWeb ApplicationsAttack Surface ManagementVulnerability ManagementBug BountyvPenTestIOS TestingManual TestingLeadershipOWASP TOP 10

About

As a Product Security Engineer at Funding Societies, I leverage my expertise in security testing, risk management, and compliance to ensure the safety and integrity of web applications, thick clients, network security, and web services. With over six years of experience in this role, I have developed a strong understanding of technology risk management, disaster recovery, business continuity, and IT regulatory compliance. I am also a certified ethical hacker with a passion for identifying vulnerabilities and providing strategic guidance and remediation advice to clients. In addition to my full-time role, I work as a part-time bug bounty hunter, where I apply my skills to identify and report security issues in various applications. I hold certifications in mobile application penetration testing and web application penetration testing from eLearnSecurity, demonstrating my commitment to continuous learning and professional development.

Experience

7 yrs 5 mos

Total Experience

1 yr 5 mos

Average Tenure

3 yrs 2 mos

Current Experience

Hackerone

Bug Bounty Hunter and Core Penetration Tester

Mar 2024 – Present · 2 yrs 2 mos · Remote

Team LeadershipAndroid pentestingWeb ApplicationsPenetration Testing

Bugcrowd

Bug Bounty Hunter and Penetration Tester

Oct 2023 – Present · 2 yrs 7 mos · Remote

Funding societies | modalku group

Product Security Engineer

Mar 2023 – Present · 3 yrs 2 mos · Singapore · Remote

Application SecuritySecurityCyber-securityData PrivacyFirewallsInternet Protocol Suite (TCP/IP)+1

Notsosecure | part of claranet cyber security

Security Consultant

Jul 2022 – Mar 2023 · 8 mos · India · Remote

SecurityCyber-securityData PrivacyInternet Protocol Suite (TCP/IP)Troubleshooting

Arisglobal

Application Security Engineer

Oct 2021 – Jul 2022 · 9 mos · Banglore · Remote

SecurityCyber-securityInternet Protocol Suite (TCP/IP)Troubleshooting

Cobalt

Team Lead

Jul 2021 – Present · 4 yrs 10 mos · United States · Remote

➼ Experienced in security testing on the Web Applications, Thick Client, Network Security and Web Services.
➼ Experienced in providing tactical and strategic guidance and detailed remediation advice aimed at helping clients achieve strong security postures
➼ Experienced in security risk management, security governance framework and compliance (IT Security Audit/log review), Vulnerability Assessment, Penetration Testing (Manually), Application Security, Security Technologies, Security Incident Response and Security Assessment.
➼ Experienced in Cloud Security (AWS). Have an understanding of Technology Risk Management, Disaster Recovery, Business Continuity
and IT Regulatory Compliance.
➼ Experienced in performing the static and dynamic analysis testing of Android and iOS application.
➼ Worked on CI/CD toolset and building pipelines.
➼ Proficient in OWASP Web, API top 10 and SANS 25 Frameworks.

Application SecuritySecurityCyber-securityData PrivacyFirewallsInternet Protocol Suite (TCP/IP)+1

Security innovation

2 roles

Security Engineer

Feb 2021 – Sep 2021 · 7 mos · Remote

➼ Worked as a Security Engineer; my responsibilities have expanded to include client engagement, project estimation, advanced VAPT, research, report preparation and review, managing security projects, mentoring team members, etc.
Responsibilities:
➼ Working on reviewing application code against the secure coding baseline and practices.
➼ Provide required reports to management and client Handle the project as well as BAU operations
➼ Perform Web applications, Thick-client Applications, Mobile Applications, API and Network
➼ Penetration Testing with Automated Tools and Manually.
➼ Have Hands-on Experience in OWASP top 10 and Complete threat Modal.
➼ Analyze data, such as logs or packet captures, from various sources within the enterprise and conclude past and future security incidents
➼ Application Security - Threat modeling, Source Code Review and Delivering Report.
➼ Performed the static and dynamic analysis testing of Android and iOS application.
➼ Proficient in identifying various core Mobile vulnerabilities like Deep linking exploit, Local file stealing using LFI, Local SQL Injection, Abusing WebView XSS, Bypassing application workflow
➼ Developing security tools to automate (Using python and bash) the penetration testing process
➼ Mentoring junior colleagues in information security
➼ Network vulnerability assessment & manual penetration testing tools Nessus, Nmap, Nexpose, Metasploit and Armitage.
➼ Web Application Penetration Testing.
➼ Configuration Audit of Network Devices & Operating System
➼ Worked on cloud environments such as AWS, GCP, Azure and Ali Cloud;
➼ Worked on security risk management, security governance framework and compliance (IT Security Audit/log review), Vulnerability Assessment, Penetration Testing (Manually)