Rohit singh

DevOps Engineer

Gurugram, Haryana, India4 yrs 7 mos experience

Most Likely To SwitchHighly Stable

Key Highlights

Expert in Application Security and Vulnerability Management.
Proven track record in conducting comprehensive penetration tests.
Strong collaboration skills with product teams for security enhancements.

Stackforce AI infers this person is a Cybersecurity Specialist with a focus on Application Security in the SaaS industry.

Contact

Skills

Core Skills

Application SecurityPenetration Testing

Other Skills

SCAInformation Security AnalysisWeb application vulnerability testingThreat ModelingBug Crowd VDPCollaborationVulnerability ManagementArchitecture DocumentationVulnerability AnalysisBurp SuiteBug Crowd VDP and Bug Bounty ManagementObjectionMobile App pentestingSASTDAST

About

Experienced Application Security Professional with a demonstrated history of working in the computer software industry. Skilled in Web application/API VAPT and Software Composition Analysis (SAST/DAST/SCA). Strong information technology professional with a Bachelor of Technology focused in Computer Science and engineering at The Technological Institute of Textile and Sciences.

Experience

4 yrs 7 mos

Total Experience

3 yrs 2 mos

Average Tenure

4 yrs 7 mos

Current Experience

Cvent

Application Security Engineer II

Sep 2024 – Present · 1 yr 9 mos · Gurugram · Hybrid

Conducted end-to-end security reviews on new applications and features, from threat modeling to SCA to SAST to DAST to internal penetration tests.
Managed the Vulnerability Disclosure Program, triaging findings reported by researchers via the Bugcrowd tool, and collaborating with researchers and product teams for remediation of findings. Implemented a paid reward program (Bug Bounty).
Collaborated with product teams on the discovery and remediation of application vulnerabilities, ensuring timely remediation.
Worked with product teams to create threat models and architecture documents to identify and remediate threats to the application using the Threat Modeler tool.
Conducted static and dynamic application security testing for both web and mobile applications, running scans via tools like Checkmarx, Data Theorem, Burp Suit and Whitehat Vulnerability Scanner, and triage of findings.
Ran full penetration tests on Cvent applications, both web and mobile.
Effectively communicated with clients about vulnerabilities status and the mitigating controls in place.
Led security training within product teams, managing the secure coding training program and training developers on OWASP Top 10 security risks.
Collaborated with internal teams and third-party penetration test vendors to conduct penetration tests on Cvent applications.

SCAInformation Security AnalysisWeb application vulnerability testingThreat ModelingApplication SecurityPenetration Testing

Synopsys inc

2 roles

Professional Services Consulting, Consultant

Promoted

Feb 2024 – Present · 2 yrs 4 mos

Performed penetration tests for web applications, web services, mobile android applications and vulnerability analysis for the issues reported.
Provided pen-testing services to different clients with global footprints. Worked on a variety of
assessments with ranging for production to test environment, intrusive and non-intrusive, black-
box and grey-box assessments and delivered assessment report customized towards client specific
requirements.
Also worked on post-assessment support by working with clients to work toward the remediation of the
reported findings and to suggest best practices to reduce the application's risk exposure.

Penetration TestingVulnerability Analysis

Security Service Associate

Nov 2021 – Feb 2024 · 2 yrs 3 mos

Newly joined Synopsys to start my career in Cyber security. Learned different tools like Burp suite and performed penetration tests for web applications and web services and vulnerability analysis for the issues reported.
Provided pen-testing services to different clients with global footprints. Worked on a variety of
assessments with ranging for production to test environment, intrusive and non-intrusive, black-
box and grey-box assessments and delivered assessment report customized towards client specific
requirements.
Also worked on post-assessment support by working with clients to work toward the remediation of the
reported findings and to suggest best practices to reduce the application's risk exposure.

Burp SuitePenetration TestingVulnerability AnalysisApplication Security

Gurugram police

Cyber security Summer Internship

Jun 2021 – Jul 2021 · 1 mo · Bhiwani, Haryana, India · Remote

Learned various cyber attack scenarios and countermeasures.
Hands-on practice with various hacking tools under the guidance of Mr. Rakshit Tandon(Cyber Security Specialist and Consultant), Mr. Ishan Sinha(Cyber Crime investigation specialist) and Dr. Hitesh Yadav (ACP Cyber Crime, Gurugram Police)