Implement and enforce security practices throughout the entire organization.
Implemented security tooling such as Trivy, Trufflehog, and others, and ensured the integration of GitHub security features into the DevOps pipeline. Collaborated cross-functionally to drive widespread adoption of these security measures.
Research on different exploits reported by tool to determine it’s impact and exploitability using frameworks like EPSS.
Conducted penetration tests on feature releases and managed annual third-party security assessments to ensure software security and compliance.
Implemented a centralized vulnerability management solution to efficiently manage and triage security issues reported by tools like Trivy and ScoutSuite-powered makeshift CSPM.
Conducted routine access audits, enforced the least privilege principle, restricted access to sensitive components and data to only when necessary, and maintained comprehensive access logs for these instances.
Played a pivotal role in working towards attaining SOC2 and ISO27001 compliance certifications, demonstrating a commitment to industry- leading security standards.
Used Terraform for automated resource provisioning via pull requests, enhancing security and consistency while reducing operational risks.
Actively led the codebase and GitHub organization migration process, including restructuring and access control, to ensure a secure and organized transition.
Collaborated on enhancing deployment security with ArgoCD, optimizing the management of GitOps-driven infrastructure and ensuring secure, automated deployments.
Efficiently triaged reports from our open bug bounty program, prioritizing and addressing security vulnerabilities to enhance overall system resilience.
Conducted phishing drills to educate and raise awareness among team members about security threats and phishing attack vigilance.
Performed penetration testing on a wide range of web technologies to identify critical vulnerabilities affecting the business, such as Content Manipulation and SQL Injection.
Experienced in working with automated and manual penetration testing methodology to deliver quality results.
Performed cloud configuration review and penetration testing to find critical misconfiguration in client’s infrastructure.
Automated workflows and created DevSecOps pipelines and performed penetration testing on CI/CD pipelines to find vulnerabilities.
Hosted and managed Payatu Hiring CTF, contributed to creating challenges, hosting, and maintaining infrastructure, moderating Discord, etc. post that taking interviews of the top candidates to hire them.
Re-started null Pune Chapter Monthly Meetups and other types of meetings like null Humla, Puliya and workshops along with concepts like news bytes and networking hour.
Organizing monthly events, arranging venues, inviting speakers, and other duties are among the responsibilities.
Managing null Study Groups for 7 different domains of information security. Helping the newcomers, get exposed to industry grade learning experience. Responsibilities involved conducting weekly/bi-weekly meetups, finding mentors, etc.
Moderator for null Community Discord Server.
Worked in the OSINT project, contributed in gathering information from the government websites and presenting them in an easy-to-consume form.