Resume

8 Years of Experience

Experience

Jan, 2019 - Present
HackerU India

Head of Cyber Security (Red Team)

  • Managing the entire Red Teaming Program for HackerU India division.
  • Training advanced cyber security topics.
  • Researching new attack vectors in Red Teaming.
  • Mentoring 100s of students for career in information security.

Nov, 2018 - Jan, 2019
Traveloka

Lead Security Engineer (Product Security Team)

  • Performing vulnerability assessments and penetration testing on regular basis on various products including web, mobile and aws.
  • Automate security checks and integrate into the current CI/CD pipelines.
  • Working with developers to address security issues.
  • Educating developers on secure coding practices with workshops, talks, and lessons.
  • Working on security automation Web, Mobile (iOS, Android), AWS Security assessments.
  • Leading and mentoring team of 7 security engineers.

Oct, 2017 - Nov, 2018
khoros

Senior Security Engineer

  • Working on end to end Application Security, AWS Security. Periodic security audits, Actions on findings.
  • Handled Lithium (B2B) bug bounty program.
  • Conducted training for developers on Secure Web App Development, Secure Mobile App Development.
  • Performed security assessment of each sprint, mobile sdk (iOS and Android).
  • Conduct threat modeling, vendor risk analysis.
  • Communicating to clients, (senior) management, and fellow engineers regarding security issues.
  • Support pre-sales in the scoping of security requirements for clients.

Feb, 2016 - Oct, 2017
Philips Healthcare

Senior Software Engineer (Product Security)

  • Performed security assessment of healthcare devices.
  • Visited Philips development center across the world and conducted secure development training for developers.
  • Worked on various IoT Pentest.
  • Presented Philips at various security conferences

Jan, 2013 - Dec, 2015
Persistent Systems Ltd

Domain Consultant (Security)

  • Conducted VA PT assessments for telecom, financial, healthcare and Social clients.
  • Performed Network, Web, Android and iOS Pentest for clients.
  • Worked on Source Code review for Java based enterprise application.

Education

MIT College of Engineering, Pune

Bachelor of Engineering (IT)

Certificates

OSCE (Offensive Security Certified Expert)

2020

CREST Registered Penetration Tester

2019

AWS Certified Cloud Practitioner

2018

OSWP (Offensive Security Wireless Professional)

2017

OSCP (Offensive Security Certified Professional)

2016

Open Source Projects

OWASP iGoat

Tech Stack:  Objective C, OWASP Mobile Top 10

Role:  iGoat is a learning tool for iOS developers (iPhone, iPad, etc.) and mobile app pentesters. iGoat was inspired by the WebGoat project, and has a similar conceptual flow to it.
As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them.
It is made up of a series of lessons that each teach a single (but vital) security lesson.

My skills

Vulnerability Assessment & Penetration Testing

94%

Web, API, iOS & Android Application Pentesting

97%

Network, AWS, Azure and Google Cloud Security Audits

95%

Exploit Dev, Lateral Movement, AV Bypass Techniques

84%

Security Automation, OSINT, Threat Modelling

91%

Security compliance, ISO 27001, PCI-DSS, HIPAA, GDPR

87%