Nidhi Verma
Security Engineer II
Summary
Information Security professional with 8.4 years of experience as a Security Engineer with expertise in DDoS mitigation, WAF tuning, bot management, and traffic security. Experienced in implementing strong security controls while maintaining performance and availability in production environments. Skilled at communicating security vulnerabilities and their business impact to both technical teams and senior management.
Overview
8
8
years of professional experience
2
2
Certifications
Work History
Security Engineer II
Expedia Group
07.2022 - Current
- Mitigated OWASP Top 10 threats using Akamai Kona WAF, improving application security posture.
- Provided real-time incident response, performed traffic analysis to detect anomalies and reduce false positives, and managed bot detection by classifying traffic based on business impact.
- Conducted security incident response, policy reviews, and simulation exercises.
- Built attack kill chains to analyze adversary behavior and intrusion patterns. Mapped threats using MITRE ATT&CK framework for deeper security insights
- Monitored and analyzed security events in IBM QRadar SIEM, created and tuned correlation rules, investigated offenses, and integrated diverse log sources for centralized visibility
Security Delivery Analyst
Accenture
01.2021 - 06.2022
- Conducted Web and Android application Vulnerability Assessment and Penetration Testing (VAPT), identifying security vulnerabilities and providing actionable remediation recommendations.
- Performed secure source code reviews for Android applications, identifying insecure coding practices and potential security risks.
- Executed threat modeling and architecture reviews for applications to identify attack vectors during the design and development phases.
- Documented and presented security assessment reports, risk evaluations, and remediation strategies to clients, translating technical vulnerabilities into business impact and contributing to the development of mobile application threat libraries.
Associate Security Researcher
Lucideus Tech. Pvt. Ltd.
01.2018 - 01.2021
- Conducted hack data analysis by constructing attack kill chains to understand adversary behavior and intrusion patterns.
- Leveraged the MITRE ATT&CK framework to map attacker tactics, techniques, and procedures during security research and case study analysis.
- Conducted web and Android application VAPT assessments, identifying security weaknesses, and recommending mitigation strategies.
Education
Integrated B.Tech + M.Tech - Software Engineering, Computer Science & Engineering
Gautam Buddha University
Greater Noida05-2018
Skills
- Application Security - Mobile and Web
- Cloud Security
- Vulnerability Assessment, Penetration Testing, Source Code Review
- DDoS mitigation, Bot Management
- Tools - Akamai WAF, Qradar SIEM, Burp Suite, Zscaler, Prisma Container Security, Crowdstrike
Accomplishments
- Published research paper "Heuristic Load Balancing Algorithms Environment" in an IEEE Conference (2018).
- Published research paper "Extending Port Forwarding Concept to IoT" in an IEEE Conference (2018).
Certification
AWS Cloud Practitioner Certification
Timeline
Security Engineer II
Expedia Group
07.2022 - Current
Security Delivery Analyst
Accenture
01.2021 - 06.2022
Associate Security Researcher
Lucideus Tech. Pvt. Ltd.
01.2018 - 01.2021
Integrated B.Tech + M.Tech - Software Engineering, Computer Science & Engineering
Gautam Buddha University