May 2023 – Nov 2024 · 1 yr 6 mos · Pune, Maharashtra, India · Remote

• Technical leader in cloud security within the Corporate Security team for the Corporate/Enterprise teams at Snowflake.
• Working alongside the engineering teams, providing expert leadership and advice on secure cloud architecture, design, and implementation for workloads in AWS, Azure and GCP.
• Securing modern languages and technologies running in a true multi-cloud/SaaS environment like AWS, GCP, Azure, Salesforce and many more.
• Use data and the power of Snowflake to drive major security initiatives in the cloud space.
• Lead the cloud security architecture, complete threat modeling, complete security testing and drive the DevSecOps model for partner teams.
• Design, develop, and manage robust Role-Based Access Control systems for our data lakes, ensuring seamless and secure access management.
• Identity Governance: Oversee and enhance identity governance frameworks, ensuring compliance with security policies and regulations.
• Data Security Management: Develop and enforce data security protocols to protect sensitive data within Snowflake internal data lakes.
• Policy Development: Create, implement, and maintain security policies and procedures related to data access and identity management.
• Access Control Audits: Conduct regular audits of access controls and identity governance processes to ensure compliance and identify areas for improvement.
• Automation and Optimization: Leverage automation tools to streamline access control processes and improve efficiency.
• User Support and Training: Provide support and training to users and administrators on access control policies and procedures.

Nov 2022 – Apr 2023 · 5 mos · Bengaluru, Karnataka, India · Remote

• Penetration Testing of Atlassian developed applications
• Manual and Automated Code Review
• Full Blown Architecture Threat Model and Reviews

Nov 2021 – Nov 2022 · 1 yr

• Architecture Security Reviews
• Mayank has worked on threat modelling for various leading banks, financial systems, aviation sectors and AI/ML platforms, RPA solutions. The effort included reviewing the design (Architectural Documents, Data Flow Diagrams, Interviewing Application Developers and Architects) and controls placed by validating evidences to identify vulnerabilities and liaise with the application team to depict their criticality and supply contextual remediation advice.
• The effort involved deep dive with the architects to understand vulnerabilities in the design of the system through a Threat Model Diagram and demonstrating them the output of the architectural flaws through a penetration test.
• Web Application Penetration Testing
• Mayank has conducted penetration tests on several net-banking applications, other banking applications, payment gateways, for various banking software. He has also been involved with market players offering RPA solutions and AI/ML capabilities.
• Cloud Assessments
• Mayank has worked with various clients on cloud configuration reviews and engagements, span across different cloud partners (Amazon, Microsoft, AliCloud). This involved deep dive into various configurations and finding vulnerabilities with specific PoC rather than just demonstrating a weak configuration in the environment
• Container Security:
• Mayank has worked on working with clients to exploit container based environments and image based bypasses for docker and kubernetes projects
• Thick Client Application Penetration Testing
• Mayank has conducted various thick client engagements with clients from various banks and has also been involved in testing software robots in a RPA based environment.
• Mainframe Assessments
• Mayank has been involved in testing mainframe applications (Specifically AS400/IBM I Series) to find vulnerabilities in the configurations and environments which lwad to heavy breach of data from clients in the Insurance sector.

Jun 2019 – Nov 2021 · 2 yrs 5 mos

• Threat Modelling:
• Mayank has worked on threat modelling for various leading banks, financial systems, aviation sectors and AI/ML platforms, RPA solutions. The effort included reviewing the design (Architectural Documents, Data Flow Diagrams, Interviewing Application Developers and Architects) and controls placed by validating evidences to identify vulnerabilities and liaise with the application team to depict their criticality and supply contextual remediation advice.
• The effort involved deep dive with the architects to understand vulnerabilities in the design of the system through a Threat Model Diagram and demonstrating them the output of the architectural flaws through a penetration test.
• Web Application Penetration Testing:
• Mayank has conducted penetration tests on several net-banking applications, other banking applications, payment gateways, for various banking software. He has also been involved with market players offering RPA solutions and AI/ML capabilities.
• Cloud Assessments:
• Mayank has worked with various clients on cloud configuration reviews and engagements, span across different cloud partners (Amazon, Microsoft, AliCloud). This involved deep dive into various configurations and finding vulnerabilities with specific PoC rather than just demonstrating a weak configuration in the environment
• Mobile Application Penetration Testing:
• Mayank has conducted penetration tests on several mobile banking application, other banking applications.
• Thick Client Application Penetration Testing:
• Mayank has conducted various thick client engagements with clients from various banks and has also been involved in testing software robots in a RPA based environment.
• Mainframe Assessments:
• Mayank has been involved in testing mainframe applications (Specifically AS400/IBM I Series) to find vulnerabilities in the configurations and environments which lead to heavy breach of data from clients in the Insurance sector.

Aug 2018 – Jul 2019 · 11 mos

Aug 2017 – Jul 2018 · 11 mos · Gurgaon, India

• Providing Application Security consulting and Architecture review analysis to off the shelf and developed products.
• Conducting Penetration testing of Web Applications, Web Services and Mobile Application to identify vulnerabilities in areas including but not limited to SSL Implementation, Authentication, Session Management, Authorization & Access Control, Input Validation, Application Logic and Application Hosting etc.
• Involved in a team responsible for implementing DevSecOps within the CI/CD Pipelines.

Aug 2014 – Jul 2017 · 2 yrs 11 mos · Noida Area, India

• Providing application security consulting during design and development, as well as security scans, evaluations, and penetration testing of web based applications and binary applications.
• Conduct security assessments to evaluate security threats related to Business Logic, Session Management, Authentication, Authorization, Access Control, Input Validation, Error Handling & Active Information Disclosure, SSL Configuration, Cryptographic Strength, Application Hosting and various other threats & risks and provide clear understanding of these risk to the client.
• Covering assessment from the perspective of an Internet based attacker & to identify any security-related implementation or configuration issues with the application and to provide recommendations for mitigating the risk.