Jun 2024 – Dec 2025 · 1 yr 6 mos · Singapore · On-site

• Engage with clients to identify business opportunities for red teaming, penetration testing, and working with clients to scope and deliver those services.
• Fulfill a leadership role within the Cyber Defence team, taking responsibility for driving enhancements of services, processes, knowledge and skills.
• Led 10+ red team engagements for clients and other technical engagements, as the primary contact taking responsibility for delivery on time and to budget.
• Acting as a technical leader for the team, providing formal training and mentoring to the team.
• Lead cloud‑focused adversary simulations (Azure/AWS) to exploit misconfigurations, overprivileged identities, and lateral movement paths.
• Enhance vulnerability management programs for clients by integrating automated scanning (Nessus, Qualys) with threat intelligence to prioritize risks using CVSS.
• Conduct purple team exercises, collaborating with SOC teams to map red team TTPs to detection gaps (Splunk, Sentinel).Worked with a bank and reduced MTTR by 25% through ATT&CK‑based detection engineering.
• Serve as performance manager for junior staff and provide guidance and mentorship as part of their professional development and annual goals.
• Provide oversight and quality assurance on technical testing including internal, external, application, infrastructure, cloud and API penetration tests conducted using tools such as Burp Suite, Sysinternals, Steampipe etc. .
• Contribute to internal practice management initiatives such as cyber security training and knowledge sharing across the Singapore firm departments.
• Work with developers to remediate vulnerabilities post SAST,SCA, DAST reviews.

Apr 2021 – Jun 2023 · 2 yrs 2 mos · Singapore

• Lead and conduct application (web and mobile) and infrastructure vulnerability assessment and penetration tests on different platforms and technologies.
• Lead and conduct source code review to identify software program vulnerabilities and detect malware or malicious embedded code.
• Conduct social engineering and email phishing attacks to simulate the theft of passwords, infiltrate systems, and download malware/ransomware.
• Simulate real-time cyber-attacks using red team/blue team exercises.
• Lead server/network/middleware security configuration assessments.
• Review reports on identified security vulnerabilities and possible recommendations to remediate the vulnerabilities.
• Continuously enhance the existing penetration testing methodologies.

Jun 2023 – Jul 2024 · 1 yr 1 mo · Singapore · On-site

• Delivered and oversaw technical security testing projects, with particular focus in Adversary Attack Simulation Exercises.
• Managed stakeholders by developing existing and new client relationships.
• Managed projects for penetration testing and red team engagements.
• Performed quality assurance and technical reviews of client deliverables and internal documentation.
• Planned and executed Adversarial Attack Simulation Exercises for both project‑based and continuous engagements.
• Researched and weaponized evasion techniques and tooling to bypass cyber‑attack detection technologies.
• Directed cloud security assessments (AWS/GCP), identifying critical issues like exposed S3 buckets and weak IAM policies, and guiding remediation.
• Expanded vulnerability management offerings, developing client‑specific workflows for patch governance and zero‑day re‑
• sponse (e.g., Log4Shell).
• Led purple team initiatives, blending red team tools (Cobalt Strike) with blue team telemetry to validate detection rules (Sigma, YARA).

Oct 2018 – Mar 2021 · 2 yrs 5 mos · Hong Kong SAR

• Experience in managing team of 4 people and conducting penetration testing
• Experience in providing OWASP training to client employees
• Application penetration testing for credit score aggregating firm. The firm works similar to TransUnion in terms of providing credit scoring of an individual.
• Hands on experience in performing iCAST (regulatory Red Team by HKMA for financial institutions) on international banks
• Web and Wi-Fi Penetration Testing for a Science Park
• Application penetration testing of Near Field Communication (NFC) based card-less money withdrawal from ATM for one of the largest Chinese bank
• Network and Application Penetration testing for a utilities company targeting CCTV and Door Access Control systems
• Internal and External network Penetration Testing for a few large banks in Hong Kong

Jul 2016 – Oct 2018 · 2 yrs 3 mos · Mumbai, Maharashtra, India

• Drafted Secure Configuration Documents for Network Devices, Operating Systems, Databases etc. for international banks.
• Configuration review of Network Devices, Operating Systems, Databases etc. for leading international banks.
• Web Application Security assessment of critical Internal/External Banking and financial products including - Corporate & Personal Banking.
• Mobile Application Security assessment of critical Banking and Insurance Applications.
• Web Application/Thick Client Security testing of Critical Internal/External applications in Banking, Insurance and Industry sector
• Malware analysis of malware involved in a cyber heist
• Cyber threat Incident response at a leading Indian bank.
• Vulnerability Assessment & Penetration Testing of International Banks.
• Hands on experience with penetration testing wide range of Operating Systems including Windows, Unix.
• ATM penetration testing for leading Indian Bank

Jan 2015 – Jun 2015 · 5 mos · Gurgaon

• Java Trainee
• Ephesoft
• Python
• OCR recognition
• Spring
• Struts
• Hibernate
• Ephesoft Enterprise
• Automation

Jun 2014 – Aug 2014 · 2 mos · Pune ,India

• Programming Intern
• Website Penetration Testing
• Network Penetration testing
• Python Automation