Resume
8 Years of Experience
Experience
Jan, 2019 - Present
HackerU IndiaHead of Cyber Security (Red Team)
- Managing the entire Red Teaming Program for HackerU India division.
- Training advanced cyber security topics.
- Researching new attack vectors in Red Teaming.
- Mentoring 100s of students for career in information security.
Nov, 2018 - Jan, 2019
TravelokaLead Security Engineer (Product Security Team)
- Performing vulnerability assessments and penetration testing on regular basis on various products including web, mobile and aws.
- Automate security checks and integrate into the current CI/CD pipelines.
- Working with developers to address security issues.
- Educating developers on secure coding practices with workshops, talks, and lessons.
- Working on security automation Web, Mobile (iOS, Android), AWS Security assessments.
- Leading and mentoring team of 7 security engineers.
Oct, 2017 - Nov, 2018
khorosSenior Security Engineer
- Working on end to end Application Security, AWS Security. Periodic security audits, Actions on findings.
- Handled Lithium (B2B) bug bounty program.
- Conducted training for developers on Secure Web App Development, Secure Mobile App Development.
- Performed security assessment of each sprint, mobile sdk (iOS and Android).
- Conduct threat modeling, vendor risk analysis.
- Communicating to clients, (senior) management, and fellow engineers regarding security issues.
- Support pre-sales in the scoping of security requirements for clients.
Feb, 2016 - Oct, 2017
Philips HealthcareSenior Software Engineer (Product Security)
- Performed security assessment of healthcare devices.
- Visited Philips development center across the world and conducted secure development training for developers.
- Worked on various IoT Pentest.
- Presented Philips at various security conferences
Jan, 2013 - Dec, 2015
Persistent Systems LtdDomain Consultant (Security)
- Conducted VA PT assessments for telecom, financial, healthcare and Social clients.
- Performed Network, Web, Android and iOS Pentest for clients.
- Worked on Source Code review for Java based enterprise application.
Education
MIT College of Engineering, Pune
Bachelor of Engineering (IT)
Certificates
OSCE (Offensive Security Certified Expert)
2020
CREST Registered Penetration Tester
2019
AWS Certified Cloud Practitioner
2018
OSWP (Offensive Security Wireless Professional)
2017
OSCP (Offensive Security Certified Professional)
2016
Open Source Projects
OWASP iGoat
Tech Stack:
Objective C, OWASP Mobile Top 10
Role:
iGoat is a learning tool for iOS developers (iPhone, iPad, etc.) and mobile app pentesters.
iGoat was inspired by the WebGoat project, and has a similar conceptual flow to it.
As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them.
It is made up of a series of lessons that each teach a single (but vital) security lesson.
My skills
Vulnerability Assessment & Penetration Testing
94%
Web, API, iOS & Android Application Pentesting
97%
Network, AWS, Azure and Google Cloud Security Audits
95%
Exploit Dev, Lateral Movement, AV Bypass Techniques
84%
Security Automation, OSINT, Threat Modelling
91%
Security compliance, ISO 27001, PCI-DSS, HIPAA, GDPR
87%