Rishivar Kumar Goli

- Responsible for leading the team as a security researcher to maintain the Coyote Chronicle website which strives to bring issues that matter to students.

- As a graduate student research assistant responsible for finding vulnerabilities and bugs in open-source applications.

- Experience and extensive research in Identifying vulnerabilities like Injection errors, Business Logic Abuse, Authentication, Session Management, etc.

- Responsible for performing Dynamic Application Security Testing using tools BurpSuite, ZAP, Acunetix, SonarQube, and IBM Scan.

- Experience in performing manual security testing by using Burp Suite proxy to identify false positives.

- Responsible for managing publications of digital newspapers in the university with a range of tasks that aim to ensure the smooth production, distribution, and quality of the content being published.

- Experience in using tools Adobe, InDesign, and WordPress.

- Responsible for finding vulnerabilities creating tickets in Jira and routing them to security application developers after initial steps of troubleshooting.

- Experience in Analyzing vulnerability assessment reports.

- Analyzing risks during the application development phase and providing solutions to mitigate risks.

- Research on competitive solutions to replace existing security tools to decrease false positives and supply developer-friendly integrations.

- Experienced in CI/CD - ANT, Maven, Gradle, Jenkins, GitHub.

- Experience in Cloud Security, Terraform, Kubernetes, Docker Products, Amazon Web Services, Agile methodologies, and Application Security.

- Responsible for conducting application security testing for open-source web applications to access vulnerabilities.

- Performed SAST and DAST methodologies at an enterprise level to identify, report, and remediate security vulnerabilities from applications deployed in development and production environments.

- Responsible for researching bug reports and determining security fixes to drive closure in future releases or patches.

- Responsible for conducting zero-day vulnerabilities and finding CVEs through fuzzing on browsers and open-source web frameworks and Binaries.

- Experience in reviewing security architecture evaluation of new systems and creating security test plans based on existing planned controls and recommendations.

- Experience on Sonatype central security project (Data Security Research).

- Proficient in understanding application-level vulnerabilities, like XSS, SQL injection, Authentication Bypass, CSRF (Cross-Site Request Forgery), and Session Hijacking.

- Responsible for finding vulnerabilities and Bugs in open-source web applications, writing reports, and reporting them to vendors on Git Hub.

- Providing technical guidance and research to facilitate improvements and data-driven decisions in projects.

- Experience in open-source environments like GitHub, GitLab, Source Forge, Fedora, and Red Hat

- Hands-on experience in using tools Jira, Visual Studio code, AVD, AFL (American Fuzzing Lop), Burp suite, ZAP, RIPS, Virtual Box, Nmap, and GNU Debugger.

- Experience in coordinating with the development team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and impact of the issue.

- Collaborated with cross-functional teams to troubleshoot technical issues, minimizing downtime.