8 Years of Experience
Jan, 2019 - PresentHackerU India
Head of Cyber Security (Red Team)
- Managing the entire Red Teaming Program for HackerU India division.
- Training advanced cyber security topics.
- Researching new attack vectors in Red Teaming.
- Mentoring 100s of students for career in information security.
Nov, 2018 - Jan, 2019Traveloka
Lead Security Engineer (Product Security Team)
- Performing vulnerability assessments and penetration testing on regular basis on various products including web, mobile and aws.
- Automate security checks and integrate into the current CI/CD pipelines.
- Working with developers to address security issues.
- Educating developers on secure coding practices with workshops, talks, and lessons.
- Working on security automation Web, Mobile (iOS, Android), AWS Security assessments.
- Leading and mentoring team of 7 security engineers.
Oct, 2017 - Nov, 2018khoros
Senior Security Engineer
- Working on end to end Application Security, AWS Security. Periodic security audits, Actions on findings.
- Handled Lithium (B2B) bug bounty program.
- Conducted training for developers on Secure Web App Development, Secure Mobile App Development.
- Performed security assessment of each sprint, mobile sdk (iOS and Android).
- Conduct threat modeling, vendor risk analysis.
- Communicating to clients, (senior) management, and fellow engineers regarding security issues.
- Support pre-sales in the scoping of security requirements for clients.
Feb, 2016 - Oct, 2017Philips Healthcare
Senior Software Engineer (Product Security)
- Performed security assessment of healthcare devices.
- Visited Philips development center across the world and conducted secure development training for developers.
- Worked on various IoT Pentest.
- Presented Philips at various security conferences
Jan, 2013 - Dec, 2015Persistent Systems Ltd
Domain Consultant (Security)
- Conducted VA PT assessments for telecom, financial, healthcare and Social clients.
- Performed Network, Web, Android and iOS Pentest for clients.
- Worked on Source Code review for Java based enterprise application.
MIT College of Engineering, Pune
Bachelor of Engineering (IT)
OSCE (Offensive Security Certified Expert)
CREST Registered Penetration Tester
AWS Certified Cloud Practitioner
OSWP (Offensive Security Wireless Professional)
OSCP (Offensive Security Certified Professional)
Open Source Projects
Objective C, OWASP Mobile Top 10
Role: iGoat is a learning tool for iOS developers (iPhone, iPad, etc.) and mobile app pentesters. iGoat was inspired by the WebGoat project, and has a similar conceptual flow to it.
As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them.
It is made up of a series of lessons that each teach a single (but vital) security lesson.