Shagun Bhatia

Software Engineer

San Francisco, California, United States6 yrs 1 mo experience

Most Likely To SwitchHighly Stable

Key Highlights

Certified Ethical Hacker with strong application security expertise.
Proven experience in managing security assessments and training.
Skilled in threat modeling and vulnerability assessments.

Stackforce AI infers this person is a Cybersecurity expert specializing in application security and threat modeling.

Contact

Skills

Core Skills

Application SecurityPenetration TestingSecurity ArchitectureThreat ModelingWeb Application SecurityInfrastructure SecuritySoftware DevelopmentNetwork Security

Other Skills

Cloud SecuritySecurity Architecture DesignSecurity AssessmentsSecurity Architectural DesignCode ReviewsBurp SuiteOWASP Top 10 TechniquesSecure SDLCAngularJSFirewall InstallationKali LinuxAndroidJavaScriptDatabasesC

About

A Certified Ethical Hacker, studying CyberSecurity at USC. Expertise in threat modeling and web application security. Have experience in penetration testing and security consulting. Always looking to grow and learn more

Experience

6 yrs 1 mo

Total Experience

2 yrs

Average Tenure

3 yrs 6 mos

Current Experience

Netflix

Application Security Engineer

Nov 2022 – Present · 3 yrs 6 mos · Los Gatos, California, United States

Part of the Application Security and Review Assessment
Responsible for running and managing the Netflix Bug Bounty Program. Work with the Application engineers to mitigate issues at scale.
Conduct Pentest and security assessments for high-risk, critical features of the business.
Perform security reviews and provide guidance to the application teams for making their applications secure
Help Uplevel teams by facilitating and creating security training for software engineers

Cloud SecurityThreat ModelingPenetration TestingSecurity Architecture DesignApplication Security

Salesforce

3 roles

MTS Product Security Engineer

Jul 2022 – Nov 2022 · 4 mos

Review Security Architectural Design reviews for services deployed on AWS, Heroku, 1st party Datacenters.
Actively performing threat modeling to analyze services, surface the risks and suggest potential mitigation.
Perform code reviews on the products which are offered by the company to find vulnerabilities
Uplift the security posture of services and encourage the teams to shift left and engage early in the SSDL
Develop new tools to continuously scan cloud environments to find any threats or security weaknesses.
Write documentation and guidance for onboarding new hires to the team and help introduce them to the environment

Threat ModelingSecurity Architectural DesignCode ReviewsSecurity Architecture

AMTS Product Security Engineer

Jul 2021 – Aug 2022 · 1 yr 1 mo

Review Security Architectural Design reviews for services deployed on AWS, Heroku, 1st party Datacenters.
Actively performing threat modeling to analyze services and surface the risks and suggest potential mitigation.
Perform code reviews on the products which are offered by the company to find vulnerabilities
Uplift the security posture of services and encourage the teams to shift left and engage early in the SSDL
Develop new tools to continuously scan cloud environments to find any threats or security weakness.
Write documentation and guidance for onboarding new hires to the team and help introduce them to the environment

Threat ModelingSecurity Architectural DesignCode ReviewsSecurity Architecture

Infrastructure Security Intern

May 2020 – Aug 2020 · 3 mos · California, United States

Performed Infrastructure Security architecture reviews of AWS cloud and Heroku platform
Performed Threat modeling and prepared Actionable for the team to pivot into Threat Modeling
Built a Open Policy Agent Dashboard for Salesforce security to monitor the entire development space to check for Infrastructure security configuration violations in ELK stack

Infrastructure SecurityThreat Modeling

University of southern california

2 roles

Vulnerability assessment Student worker

Aug 2020 – May 2021 · 9 mos · Los Angeles, California, United States

Using Burp Suite for web application penetration testing to apply OWASP Top 10 Techniques
Validate the vulnerability report generated by scans and suggest remediation

Burp SuiteOWASP Top 10 TechniquesWeb Application Security

Vunerability Assesment Student worker

Nov 2019 – May 2020 · 6 mos · United States

Using Burp Suite for web application penetration testing to apply OWASP Top 10 Techniques
Validate the vulnerability report generated by scans and suggest remediation

Burp SuiteOWASP Top 10 TechniquesWeb Application Security

Cognizant

Software Development Intern

Jan 2019 – Apr 2019 · 3 mos · Pune, Maharashtra, India

Developed Secure automated solution for the migration of data between different ECM system.
Used Encryption, Encapsulation, input sanitization techniques in Secure SDLC
Improved the UI of the solution using AngularJS to create single page application in modular manner

Secure SDLCAngularJSSoftware Development

National informatics centre, meity

cyber security intern

May 2018 – Jul 2018 · 2 mos · delhi

● Hardened the security of network devices such as switches and routers. Installed firewall to set up
network perimeter and subnet the network into zones.
● Analyzed And monitored endpoint devices and LAN networks as part of the CERT team to ease checking travelers while ensuring security, is given utmost importance.

Network SecurityFirewall Installation