About
Highly accomplished Cybersecurity Professional with over 5 years of hands-on experience specializing in Product Security, Application Security (AppSec), Penetration Testing (VAPT), DevSecOps, and Threat Modeling. Proven expertise in securing cloud-native environments and CI/CD pipelines for large-scale enterprise applications. Adept at leading Red/Purple Team exercises, automating security controls, and driving secure SDLC practices, holding industry-recognized certifications including OSCP, CEH, and CREST CRT.
Work
Bangalore, Karnataka, India
→
Summary
Leads comprehensive product security initiatives, integrating advanced security tools and methodologies to reduce vulnerabilities and strengthen enterprise application defenses.
Highlights
Conducted manual and automated VAPT on web/mobile/API platforms, efficiently triaging critical issues and coordinating timely remediations with development teams.
Integrated SAST, DAST, and SCA tools (Checkmarx, BurpSuite, Fortify) into GitLab CI pipelines, reducing vulnerability turnaround time by 30%.
Developed custom Python scripts to automate detection of secrets and misconfigurations within Infrastructure as Code (IaC) using Terraform and Helm.
Performed Red Team simulations using Cobalt Strike, Empire, and custom payloads to assess and mitigate lateral movement and privilege escalation risks.
Developed and maintained robust threat models across major product lines, embedding security requirements early in the design review process.
Remote, N/A, N/A
→
Summary
Provided expert application security analysis and consulting services, delivering risk-based reports and ensuring client compliance with industry security standards.
Highlights
Performed secure code reviews and dynamic testing for enterprise Java and React-based applications, identifying and addressing critical security flaws.
Delivered actionable, risk-based security reports aligned with OWASP Top 10 and SANS 25 guidelines, enhancing client understanding and remediation efforts.
Supported banking clients in aligning with NESA (UAE), PCI-DSS, and RBI standards, ensuring regulatory compliance and strengthening security posture.
Utilized Frida/Objection for advanced runtime instrumentation of Android/iOS applications, uncovering deep-seated vulnerabilities.
Contributed Proof-of-Concepts (PoCs) and mitigation strategies for complex business logic flaws and session management issues.
Skills
Application & API Security
Web Security, Mobile Security, Cloud Security, VAPT, SAST, DAST, IAST, SCA, Secret Scanning.
Offensive Security & Red Teaming
Red Teaming, Purple Teaming, Offensive Security Testing, Penetration Testing, Cobalt Strike, Empire, Metasploit, Nmap, Nessus.
Threat Modeling
STRIDE, PASTA, MITRE ATT&CK, Design Review.
DevSecOps & Automation
CI/CD Security Automation, DevSecOps, GitLab CI, Jenkins, Docker, Terraform, Helm, Python Scripting.
Cloud Security
AWS, Azure, GCP, Kubernetes, VMware, ScoutSuite, Prisma Cloud.
Security Compliance & Standards
ISO 27001, SOC2, HIPAA, PCI-DSS, OWASP Top 10, SANS 25, NESA (UAE), RBI.
Security Tools & Methodologies
Burp Suite Pro, Fortify, SonarQube, Checkmarx, Wireshark, OWASP ZAP, Semgrep, SonarLint, Frida, Objection, Drozer, MobSF.
Programming Languages
Python, Bash, Java, JavaScript, PowerShell.