☕️Register here for our upcoming Blackhat Asia Virtual Training on Attack & Defend Software Supply Chain before it gets sold out!
Register here for our upcoming NULLCON 2024 - Hyderabad on
Attacking CI CD Environments before it gets sold out.
Attacking CI CD Environments before it gets sold out.
Register here for our upcoming OWASP Spring Virtual Training 2024 on Attacking CI CD Environments before it gets sold out.
Experience
Senior Security Engineer
Security Engineer
- Implement and enforce security practices throughout the entire organization.
- Implemented security tooling such as Trivy, Trufflehog, and others, and ensured the integration of GitHub security features into the DevOps pipeline. Collaborated cross-functionally to drive widespread adoption of these security measures.
- Research on different exploits reported by tool to determine it’s impact and exploitability using frameworks like EPSS.
- Conducted penetration tests on feature releases and managed annual third-party security assessments to ensure software security and compliance.
- Implemented a centralized vulnerability management solution to efficiently manage and triage security issues reported by tools like Trivy and ScoutSuite-powered makeshift CSPM.
- Conducted routine access audits, enforced the least privilege principle, restricted access to sensitive components and data to only when necessary, and maintained comprehensive access logs for these instances.
- Played a pivotal role in working towards attaining SOC2 and ISO27001 compliance certifications, demonstrating a commitment to industry- leading security standards.
- Used Terraform for automated resource provisioning via pull requests, enhancing security and consistency while reducing operational risks.
- Actively led the codebase and GitHub organization migration process, including restructuring and access control, to ensure a secure and organized transition.
- Collaborated on enhancing deployment security with ArgoCD, optimizing the management of GitOps-driven infrastructure and ensuring secure, automated deployments.
- Efficiently triaged reports from our open bug bounty program, prioritizing and addressing security vulnerabilities to enhance overall system resilience.
- Conducted phishing drills to educate and raise awareness among team members about security threats and phishing attack vigilance.
Security Consultant - Program Manager
- Managed entire delivery process of all the projects in the company ensuring the quality of work is being delivered to the customer.
- Acts as first point of contact for customers to resolve any issues.
- Technical Lead for Projects.
- Coordinating with different departments like HR, Marketing, Finance to get the best for the consultants and customers.
Security Consultant
- Performed penetration testing on a wide range of web technologies to identify critical vulnerabilities affecting the business, such as Content Manipulation and SQL Injection.
- Experienced in working with automated and manual penetration testing methodology to deliver quality results.
- Performed cloud configuration review and penetration testing to find critical misconfiguration in client’s infrastructure.
- Automated workflows and created DevSecOps pipelines and performed penetration testing on CI/CD pipelines to find vulnerabilities.
- Worked on in-house open-source projects like https://securecode.wiki and https://cybersecwiki.com to contribute to infosec community.
- Hosted and managed Payatu Hiring CTF, contributed to creating challenges, hosting, and maintaining infrastructure, moderating Discord, etc. post that taking interviews of the top candidates to hire them.
Security Consultant Intern
- Working with clients to pentest web applications.
- Developed front-end solution to make the secure code wiki public - securecode.wiki and also created its CI/CD pipeline.
- Research on real time scenarios and tools.
Software Development Intern
RevMeUp
- Developed an admin panel to monitor and manage data and requests from the mobile application.
- Tech Stack used: HTML/CSS, Bootstrap, NodeJS and MongoDB
Community
Volunteering work in different tech. communities.
Chapter Lead
- Re-started null Pune Chapter Monthly Meetups and other types of meetings like null Humla, Puliya and workshops along with concepts like news bytes and networking hour.
- Organizing monthly events, arranging venues, inviting speakers, and other duties are among the responsibilities.
Crew member
- Developed pre-CTF challenges for Social Media and also challenges for the main event.
- Worked on different cloud providers - AWS, GCP, Azure, Digital Ocean & Alibaba while working on the CTF.
- Handled Social Media aspect of strategising posts for better reach and engagements and also designing creatives for the event.
Moderator & Challenge Developer
- Developed CTF challenges for the Winja CTF events at nullcon 2021 (06th Mar, 2021) and at c0c0n 2021 (12th Nov, 2021).
Volunteer
- Managing null Study Groups for 7 different domains of information security. Helping the newcomers, get exposed to industry grade learning experience. Responsibilities involved conducting weekly/bi-weekly meetups, finding mentors, etc.
- Moderator for null Community Discord Server.
- Worked in the OSINT project, contributed in gathering information from the government websites and presenting them in an easy-to-consume form.
Core Team Member
- Moderating talks, sessions and any events that fall under the umbrella of DevC: Pune.
- Developed CTF security centric challenges, for developers to learn about security.
- Generates content or organizes discussion for the members.
