Experience

1. Senior Security Consultant

   NotSoSecure February 2019 – Present

   Responsibilities include:

   • Conducted web and mobile application penetration testing for global clients, identifying vulnerabilities and improving security posture.
   • Performed technical reviews of security reports, ensuring accuracy, consistency, and adherence to industry and NotSoSecure standards.
   • Developed and Led the revamp of the “Application Security for Developers” training course, managing everything from content design to client delivery.
   • Delivered on-site and virtual training on secure coding practices, teaching developers how to identify and mitigate vulnerabilities.
   • Researched and experimented with technologies like Vagrant, Docker, Kubernetes, Terraform, and Infrastructure as Code (IaC) to enhance security training content.
   • Developed methodology documents as reference materials to standardize security service delivery.
   • Assisted clients in understanding and implementing fixes for identified vulnerabilities post-assessment.
   • Co-authored a white paper on “Defense Against Client-Side Attacks,” exploring browser-based security controls as part of a defense-in-depth approach.
   • Contributed to the development of an in-house cloud enumeration tool – cloud-service-enum.
   • Created vulnerable applications and attack scenarios for NotSoSecure’s training courses, providing hands-on learning experiences for security professionals.

2. Senior Information Security Engineer

   Altisource January 2018 – February 2019

   Responsibilities include:

   • Conducted comprehensive application security reviews, ensuring robust protection against vulnerabilities whenever changes were implemented.
   • Collaborated with cross-functional teams to analyze and evaluate major and minor application changes, ensuring secure design principles.
   • Performed in-depth mobile application security testing, identifying risks and strengthening defenses against emerging threats.
   • Conducted and Led database configuration assessments, aligning with CIS Standards to enhance security posture and compliance.
   • Developed custom Python automation scripts to streamline security report generation, adhering to Altisource Database security standards for efficiency and accuracy.

3. Associate Consultant

   KPMG INDIA November 2014 – December 2017

   Responsibilities include:

   • Engaged with customers and stakeholders to gather prerequisites for Application Security, Code Reviews, Vulnerability Assessments, and Configuration Audits.
   • Conducted in-depth discussions with application owners to understand architecture, security concerns, and business impact.
   • Developed threat profiles and mapped test cases to ensure comprehensive security coverage.
   • Executed application security test cases, identifying vulnerabilities and weaknesses across different layers.
   • Delivered detailed security assessment reports, highlighting risks, remediation strategies, and actionable insights.
   • Provided clear and practical remediation guidance, helping teams fix vulnerabilities effectively.
   • Assisted customers with security-related queries, ensuring smooth communication and resolution.
   • Enhanced the knowledge base, documenting solutions and best practices to empower other pentesters, reducing dependency on product owners and saving valuable time.