Oct 2019 – Nov 2020 · 1 yr 1 mo · Bengaluru, Karnataka, India · On-site

• Collaborated with development, operations, and security teams to build, deploy, and maintain secure and scalable software systems.
• Implemented security best practices across the development process, including code review, testing, and deployment.
• Conducted security assessments and vulnerability scans to identify and mitigate potential security risks in software applications.
• Developed and maintain security automation scripts and tools to streamline security processes and ensure consistent implementation of security controls.
• Implemented and managed security monitoring and incident response processes to quickly detect and respond to security incidents.
• Stay up-to-date with the latest security threats, trends, and technologies and apply this knowledge to improve the security posture of software systems.
• Developed and maintain documentation and training materials to educate development and operations teams on security best practices and policies.
• Communicated with stakeholders to report on security status, identify areas for improvement, and provide recommendations for remediation.
• Participated in the development of security policies and standards to ensure compliance with regulatory requirements and industry best practices.
• Conducted security awareness training sessions for employees to raise awareness about security risks and promote security best practices.

Mar 2019 – Sep 2019 · 6 mos · Bengaluru, Karnataka, India · On-site

• Deployed and monitor web applications in AWS while maintaining a security-first mindset and using secure development, coding, and engineering practices.
• Worked collaboratively in a team environment, communicating effectively with peers and clients.
• Automated end-to-end CI/CD pipelines, from code commits to production, using Infrastructure as Code (IaC) and infrastructure testing strategies.
• Developed, document, and implement CI/CD strategies for managing the IaC baseline, ensuring the reliability, load balancing, monitoring, and logging of systems.
• Installed, configured, and troubleshoot the UNIX/Linux-based environments.
• Continuously evaluated and improved the organization's DevOps processes, tools, and methodologies.
• As DevSecOps Engineer, responsible for managing the development and deployment of web applications in AWS while maintaining a security-first mindset, worked collaboratively in a team environment and possessed excellent communication skills to effectively communicate with peers and clients, As an Engineer, collaborated with development, security, and operations teams to ensure that security requirements are met throughout the development process and this involves facilitating communication and coordination between teams, providing training and guidance on security best practices, and maintaining positive relationships with stakeholders.

Dec 2017 – Mar 2019 · 1 yr 3 mos · Bengaluru Area, India · On-site

• Implemented Cloud Advisor, Oracle Functions, Container Registry, Container Engine for Kubernetes, Autoscaling, GPU Shapes, API Gateway, and Anomaly Detection across all OmniChannels.
• Worked in configuration of secured landing zones.
• Security Provisioned in regions, service label, advanced configuration, compartment, policies, groups and users(IAM).
• Integrated of Hashicorp vault(encryption standards) with Oracle Cloud.
• Implemented cloud security migration from Oracle cloud to AWS Cloud using CloudEndure.
• Deployed Hub, Spoke Architecture, Inbound SSH CIDR, Outbound HTTPS CIDR, Connect Landing Zone to On-premise Network, Provide Network and Security Administrator Email Address.
• Audited Cloud Shell, OCI Audit Logs, Cloud Guard, and OCI VCN Flow Logs.
• Helped the information security team in the implementation of CIS, SOC2 and NIST benchmarking with OCI.
• Exposure in security configuration with PAAS and IAAS posture.
• Advisor on Design Reviews, Threat Modeling, Secure SDLC, SAST & DAST Reviews, Security Governance, Information Management, Information Security Strategy, Process and Framework practices.
• Hold knowledge on working implementation on AWS Configuration, AWS secure CloudEndure migration, and GitLab Cloud in AWS environment.

Jun 2015 – Dec 2017 · 2 yrs 6 mos · Bengaluru, Karnataka, India · On-site

• An experienced person of 7 years I had performed Security Testing, Linux Boxes Testing.
• Session hijacking, Cookie cadger, Image Sniffing, ssl sniffing or ssl stripping, and well versed with phenomenon of VA, AVA and Footprinting.
• Wireless-pen testing-implementation of standards for IEEE802.11 with all versions, fern wifi crack tool, standards of WEP,WPA and WPA2, RADIUS, using airmon0.
• Security Implementation: Firewall policies using all ports, IDS/IPS, AIDE, SNORT Implementation and Honey POT.
• Implemented AWS Cloud security controls(IAM - Provisioning & de-provisioning, AWS Config, Security Hub, Cloudformation Stack, Cloudtrail, Cloudwatch, Lambda Security, DDOS Protection, Hardening, Cloudtrail, GuardDuty, Security Hub, Trusted Advisor, Shield Advanced, AWS Config & Inspector ) & CloudFlare with SIEM activities.
• Tech Stack: Gitlab Pipelines, SAST: Sonatype, Contrast and Snyk, DAST: Rapid7, BurpSuite, Acunetix, Container Scan: Clair, TwistLock, Falco, Cloud: and AWS and GCP(Basics).
• Implemented SAST controls Sonatype, Contrast, Fortify and Snyk.
• Implemented WAF controls for Imperva and Cloudflare.
• Hall of Fame from Microsoft (4 times), UpWork, Intel, Samsung, Indeed, Netflix, Seagate, Paypal, and Jet Airways.

Apr 2013 – May 2015 · 2 yrs 1 mo · Gurgaon, India

• Source code reviews for Java based applications.
• Performed VAPT for mediation web devices and other postpaid web generated user interface (application user interface, this is specifically used by customers for their activity)
• Audit FTP, SMTP, AUTH log analysis for user activity and malware activities related to all CDR web logs.
• Perform ethical cracks ("hacks") to assess the vulnerabilities of test, Internet, and/or Intranet connected systems, networks, and applications including Windows, Linux, AIX, Solaris, Linux, HP-UX.
• Done the fraud analysis from customer end through analyzing of ftp logs and tracking user activity according to android and iOS application id.
• Analyzing latest hacks and upgrading servers with help of ec-ops team.
• Produced advisory reports regarding 0-day exploits, CVE vulnerabilities, current network.
• Performed host, network, and web application penetration tests.
• Performed network security analysis and risk management for designated systems.
• Proposed remediation strategies for re-mediating system vulnerabilities.
• Developed Security Assessment Plan, Security Assessment Report, Security
• Assessment Questionnaire, Rules of Engagement, kick off Brief, and Exit Brief templates.

Nov 2012 – Mar 2013 · 4 mos · Gurgaon, India · On-site

• Performed penetration testing at manual and automated level through burp suite and other automated tools.
• Audited log analysis for user activity and malware activities related to all Unilever Channel Concepts.
• Performed ethical cracks ("hacks") to assess the vulnerabilities of test, Internet, and/or Intranet connected systems, networks, and applications including Windows, Linux, AIX, Solaris, Linux, HP-UX.
• Generated and presented reports on security vulnerabilities to both internal and external customers.
• Produced advisory reports regarding 0-day exploits, CVE vulnerabilities, current network.
• Integrated of Hashicorp vault(encryption standards) with Oracle Cloud.
• Experience in cloud security migration from Oracle cloud to AWS Cloud using CloudEndure.
• Experience in Deploy Hub, Spoke Architecture, Inbound SSH CIDR, Outbound HTTPS CIDR, Connect Landing Zone to On-premise Network, Provide Network and Security Administrator Email Address.
• Experience in Cloud Shell, OCI Audit Logs, Cloud Guard, and OCI VCN Flow Logs.
• Experience in implementation of CIS, SOC2 and NIST benchmarking with OCI.
• Implemented Design Reviews, Threat Modeling, Secure SDLC, SAST & DAST Reviews, Security Governance, Information Management, Information Security Strategy, Process and Framework practices.

Aug 2010 – Nov 2012 · 2 yrs 3 mos · Noida

• Conducted Vulnerability Assessment and Penetration Testing (VAPT) using a combination of manual and automated methods, including Nessus and other automated tools.
• Conducted ethical hacking to identify vulnerabilities in connected systems, networks, and applications (such as Windows, Linux, AIX, Solaris, and HP-UX) both on the Internet and Intranet.
• Generated comprehensive reports on identified security vulnerabilities for both internal and external customers.
• Proficiently used various security tools including netcat, curl, burp suite extensions (co2, xxser), commix, sqlmap, haviz, wpscan, ssl-dos, xml bomb scanner, urlsnarf, driftnet, tasksel (server installation), poodle scanner, tcpdump, heartbleed scanner, http forensic tool, nmap, dmitry,netdiscover, wireshark, traceroute, host, angryipscanner, dnsdict6, nikto, and Nessus.
• Possess a strong understanding of the NIST and ISO27001, SOC2 standards' requirements and implementation frameworks.