Dishant Desai
Tempe,AZ
Summary
Dedicated Application Security Engineer with over 3 years of experience. Adept at providing security code and design reviews, implementing static analysis and SCA scanning into our product teams CI/CD pipeline, coordinate 3rd party penetration tests, mitigate entire vulnerability classes, manage the Bounty Bounty program and evangelize security within engineering with our security champions program. Seeking to leverage expertise in application security to contribute to a dynamic team and enhance cybersecurity posture.
Overview
5
5
years of professional experience
1
1
Certification
Work History
Application Security Engineer
Gen Digital Inc
Tempe, AZ
01.2021 - Current
- Collaborated with cross-functional teams including developers, product managers, and quality assurance to develop and implement a comprehensive secure CI/CD automation plan to integrate application security tools seamlessly into product teams Software Development Life Cycle (SDLC) thus ensuring the delivery of secure and resilient applications.
- Implemented Static Application Security Testing (SAST) and Software Composition Analysis (SCA) tools in products teams CI/CD pipelines by working closely with development and DevOps teams, ensuring early detection and remediation of security issues.
- Performed code reviews of software applications and analyzed results from SAST/DAST vulnerability scans to identify and help remediate potential vulnerabilities and determine risk levels associated with identified security risks.
- Conducted security reviews and web application penetration tests using Burpsuite and other penetration testing tools to identify vulnerabilities and security weaknesses.
- Coordinate third-party penetration tests with vendors to assess the security posture of applications and collaborate with development teams to address identified issues.
- Conducted threat modelling exercises with development teams and review the ones provided prior to security assessments to better understand the threat landscape in the applications architecture and utilize that information during penetration tests.
- Spearheaded the Open Source Security Review Board (OSRB) at GEN by conducting vulnerability assessment and risk analyses of third-party libraries and dependencies , advising on their usage and potential security implications.
- Played a key role in managing the company's public bug bounty and vulnerability disclosure program on leading platforms, such as Bugcrowd by triaging, validating, and prioritizing reported vulnerabilities which resulted in increased number of valid submissions and overall effectiveness.
- Streamlined the bug triage process for the bug bounty program, reducing the response and resolution times by 83%, enhancing program efficiency.
- Created and provided hands-on company-wide annual secure developer training for 1400+ developers using Secure Code Warrior (SCW) based on but not limited to OWASP Top 10, which helped applications achieve PCI-DSS compliance and ensuring alignment with industry best practices. Thus, raising awareness of security threats and promote a culture of security.
Full Stack Software Engineer Intern
Payper
Tempe, AZ
10.2020 - 12.2020
- Developed and implemented React UI components, modules and stand-alone functions that could be used across the web application using OOPS concepts and added dynamic functionality by creating and dispatching Action Creators that deployed Actions
- Created and used Reducers that received said Actions to modify the Store State Tree
- Used JIRA as the bug tracking system to track and maintain the history of bugs/issues on everyday basis and
- Extensively used Git for version controlling and regularly pushed the code to GitLab.
IPTS Platform Software Engineer Intern
Symantec (Norton LifeLock)
Tempe, AZ
07.2019 - 08.2019
- Developed and designed a full-stack web application that conducts sentiment analysis on YouTube videos, using the YouTube REST API and natural language processing, and helps monitor user behavior over social networks
- Developed the application by coding in Java, Python, and Spring Boot for the backend and React for the frontend to display YouTube videos and their associated details and to depict sentiment analysis in the form of pie charts
- Participated in technical training to learn to use modern containerization systems such a Docker and later applied the same
- Developed a deep learning model that detected and identified specific objects in real-time videos using Python and TensorFlow for back-end which displayed how long an object had screen time.
Education
Master of Science (MS) in Computer Science -
Pace University, Seidenberg School of Computer Science and Information Systems
05.2020
Skills
- Application Security : BlackDuck, Coverity, Checkmarx, Snyk, Aqua
- Cyber Security Concepts : OWASP Top 10, OWASP ASVS, SANS 25, Microsoft STRIDE and DREAD
- Pentesting : BurpSuite, Nmap, SQLmap, SOAP UI, Postman, Wireshark
- Languages : Python, C, Java, PhP, Javascript, ReactJS
- Frameworks : Metasploit, OSINT, PCI-DSS
- Operating Systems : Linux (Ubuntu, Kali), macOS, Windows
- Tools and Technologies : Git, Jira, Confluence, AWS, GCP, MySQL Server, Docker, Visual Studio, MS Office Suite, VM Ware Fusion, Jupyter Notebooks
Certification
- GIAC - Information Security Fundamentals 2021
- GIAC - Security Essentials (In Progress)
Timeline
Application Security Engineer
Gen Digital Inc
01.2021 - Current
Full Stack Software Engineer Intern
Payper
10.2020 - 12.2020
IPTS Platform Software Engineer Intern
Symantec (Norton LifeLock)
07.2019 - 08.2019
Master of Science (MS) in Computer Science -
Pace University, Seidenberg School of Computer Science and Information Systems
- GIAC - Information Security Fundamentals 2021
- GIAC - Security Essentials (In Progress)
Similar Profiles
Jashwanth PJashwanth P
Information Security Intern at Gen Digital (NortonLifelock)Information Security Intern at Gen Digital (NortonLifelock)
Charlie Sathyaraja MCharlie Sathyaraja M
Senior Support Partner Manager at Gen DigitalSenior Support Partner Manager at Gen Digital
Liza KeenanLiza Keenan
Global Business Legal Manager at Gen Digital Inc.Global Business Legal Manager at Gen Digital Inc.