Pragyan Paramita
Columbus,Ohio
Summary
- Senior Security Engineer with over 9 years of experience in Application Security, currently supporting the Product Security team at ServiceNow. I specialize in secure design reviews, threat modeling, and comprehensive security assessments.
- Act as a liaison between Product Engineering and Security teams, driving the Security Champions Program to foster a culture of security within the organization and Mentor product security engineers and DevSecOps professionals to ensure a strong security posture across all software development and deployments.
- Proficient with the OWASP Code Review Guide and static analysis tools, with indepth knowledge of OWASP Top 10, CVSS, ASVS, and CWE Top 25.
- Skilled in authentication and authorization protocols, including OIDC, OAuth 2.0, SAML, and JWT.
- Automated third-party vulnerability reporting through GUS for Salesforce products, improving the efficiency of bug triaging across product lines.
- Extensive experience in validatinng SAP web and mobile applications, with a focus on educating clients on best practices to strengthen security measures.
- Conducted static and dynamic security analyses for internal and external applications, offering rapid remediation for vulnerabilities and ensuring corporate compliance.
- Regular speaker at cybersecurity workshops and conferences, sharing insights and best practices to enhance industry standards.
Overview
9
9
years of professional experience
Work History
Senior Product Security Engineer
ServiceNow Inc.
04.2023 - Current
- Led design reviews and threat modeling for the ServiceNow product portfolio, ensuring robust security architecture across products.
- Expertise in SAST, DAST, and SCA.and their related tools
- Conducted comprehensive security assessments across product lines to identify and mitigate potential risks
- Experience with threat modeling, discovery, vulnerability, and penetration testing
- Drove the Security Champions Program, mentoring team members to foster a security-first culture
- Collaborate with cross-functional teams to integrate security measures into the software development process including conducting code reviews, secure code guidance, threat modeling
- Understanding agile methodologies, such as CI/CD, application resiliency, and security.
- Facilitated seamless collaboration between Product Engineering and Security teams to align on security goals and practices
- Provided technical support for the implementation of security solutions across multiple platforms.
Security Assurance Engineer
Salesforce Inc.
12.2021 - 04.2023
- Increased bug triaging efficiency by 30% through independent management of operations
- Achieved a 65% closure rate for critical (P0 and P1) vulnerabilities, significantly reducing high-priority risks
- Automated third-party vulnerability reporting in GUS, streamlining issue tracking and resolution
- Led the 'Women in Security' group in India, fostering inclusivity and professional growth within the security community
- Provided strategic security guidance to bug bounty and enterprise security teams, enhancing overall security posture
Global Security Validation
SAP Inc.
12.2018 - 08.2021
- Identified SQL injections, XSS, CSRF, authentication flaws, and other OWASP Top 10 vulnerabilities in SAP products
- Conducted active security validation, process reviews, and DPP (GDPR and PCI compliance) assessments to ensure regulatory compliance
- Skilled in identifying and exploiting business logic and framework-related vulnerabilities, as well as eliminating false positives through static and dynamic scans using tools like WebInspect, HP Fortify, and Checkmarx
- Reviewed OSS scan results with tools such as Vulas, Whitesource, and Protecode, aligning findings with CVEs and NVD standards
- Collaborated with product teams to analyze and develop detailed threat models
- Contributed to patch validation and security enhancements for SAP products, closing identified security gaps
- Created detailed reports, provided remediation strategies, and conducted risk analysis using CVSS
Security Engineer
Accenture
10.2015 - 12.2018
- Implemented security protocols within the SDLC for client projects, establishing comprehensive security checklists at each development stage
- Analyzed source code for vulnerabilities, mapping issues to risk rating standards like DREAD and CVSS
- Conducted extensive testing, including authentication, authorization, configuration management, session management, and data validation testing on web applications
- Managed a portfolio of three applications, identifying risks, advising on controls, and recommending vulnerability checks
- Delivered manual penetration testing services, documenting findings clearly and concisely across various testing scenarios: web application, iOS, and Android penetration testing, as well as API and web services testing
- Verified weaknesses by simulating attack techniques to assess the effectiveness of potential threats
- Authored in-depth security reports detailing issues, analysis, and remediation approaches
- Delivered security training for new hires at Accenture, promoting foundational security knowledge
- Conducted compliance testing for OWASP, HIPAA, PCI, and GDPR requirements
- Specialized in mobile application security and framework assessments, performing both static and dynamic analysis of applications
- Led vulnerability assessments and developed targeted remediation strategies to enhance security posture
Education
Bachelor of Technology - InformaEon & Technology
College of Engineering and Technology
01.2015
Senior High School (12th) -
BJB Junior College
01.2011
High School (10th) -
BJB English Medium School
01.2009
Skills
- Mobile Security & Encryption
- Application Pen-Testing
- Threat Modelling
- Secure design review
- Vulnerability assessment
- SAST/DAST/SCA
- Security champions mentoring
- Security Issues Analysis
- Source Code Reviews
- Technical Project Management
- Cloud Security Basics
- Kubernetes Security
- Dev Sec Ops
- Burp Suite and OWASP ZAP
Toolsused
JD-GUI, AndroGuard, APKTool, Dex2-jar, Appie, QARK, MARA, SUPER, AndroBugs, Simplify, Android - Tamer, Xposed Framework, SQL Cipher, publicKey Pinning, Proguard, Frida, Drozer, Android - ssl - bypass, Class - dump, Readmem, AppEncryptor, Dumpdecrypted, Cycript, Codesign, Mobsf, Needle, Objection, Passion fruit, Lipo, PluRl, Otool, Clutch, MachoView, Frida, iTunnel, iFunbox, iDB, iNalyzer/iRET, Dependency check, Snoop-it, Keychain Dumper, Cydia Substrate, Introspy-iOS, Application, Burp Suite, OWASP - ZAP, Fiddler / fSociety, SQLmap, Commix, Webspoilt, Slowloris, Social Engg toolkit, Sonarqube, Wireshark, Nmap, Hashcat, John the ripper, TCP-dump, IDA Pro, Rdare2, Hopper, GDB, LLDB, Binary - Ninja, Barf, Olly Debug, Snyk, Black Duck, Sonatype, CheckMarx, HP Fortify
Timeline
Senior Product Security Engineer
ServiceNow Inc.
04.2023 - Current
Security Assurance Engineer
Salesforce Inc.
12.2021 - 04.2023
Global Security Validation
SAP Inc.
12.2018 - 08.2021
Security Engineer
Accenture
10.2015 - 12.2018
Bachelor of Technology - InformaEon & Technology
College of Engineering and Technology
Senior High School (12th) -
BJB Junior College
High School (10th) -
BJB English Medium School
Similar Profiles
SAI NAGENDRA PRASADSAI NAGENDRA PRASAD
Senior HR Business Partner at ServiceNow Inc.Senior HR Business Partner at ServiceNow Inc.
EMILY ABDNOUREMILY ABDNOUR
Senior Manager, Program Management – STEP EDU at SERVICENOWSenior Manager, Program Management – STEP EDU at SERVICENOW
Ryan W. FairRyan W. Fair
Manager, Sales Operations U.S. Public Sector at ServiceNowManager, Sales Operations U.S. Public Sector at ServiceNow