Information Security Professional with strong experience and background in software development, security practices, and operations with strong exposure to integrating security into every stage of the development and deployment lifecycle.
Proficient in designing and implementing secure CI/CD pipelines, automating security checks and compliance audits, and fostering a collaborative environment where development and security teams. Strong experience in identifying vulnerabilities, conducting thorough risk assessments, and implementing effective remediation strategies.
- Responsible for leading the team as a security researcher to maintain the Coyote Chronicle website which strives to bring issues that matter to students.
- As a graduate student research assistant responsible for finding vulnerabilities and bugs in open-source applications.
- Experience and extensive research in Identifying vulnerabilities like Injection errors, Business Logic Abuse, Authentication, Session Management, etc.
- Responsible for performing Dynamic Application Security Testing using tools BurpSuite, ZAP, Acunetix, SonarQube, and IBM Scan.
- Experience in performing manual security testing by using Burp Suite proxy to identify false positives.
- Responsible for managing publications of digital newspapers in the university with a range of tasks that aim to ensure the smooth production, distribution, and quality of the content being published.
- Experience in using tools Adobe, InDesign, and WordPress.
- Responsible for finding vulnerabilities creating tickets in Jira and routing them to security application developers after initial steps of troubleshooting.
- Experience in Analyzing vulnerability assessment reports.
- Analyzing risks during the application development phase and providing solutions to mitigate risks.
- Research on competitive solutions to replace existing security tools to decrease false positives and supply developer-friendly integrations.
- Experienced in CI/CD - ANT, Maven, Gradle, Jenkins, GitHub.
- Experience in Cloud Security, Terraform, Kubernetes, Docker Products, Amazon Web Services, Agile methodologies, and Application Security.
- Responsible for conducting application security testing for open-source web applications to access vulnerabilities.
- Performed SAST and DAST methodologies at an enterprise level to identify, report, and remediate security vulnerabilities from applications deployed in development and production environments.
- Responsible for researching bug reports and determining security fixes to drive closure in future releases or patches.
- Responsible for conducting zero-day vulnerabilities and finding CVEs through fuzzing on browsers and open-source web frameworks and Binaries.
- Experience in reviewing security architecture evaluation of new systems and creating security test plans based on existing planned controls and recommendations.
- Experience on Sonatype central security project (Data Security Research).
- Proficient in understanding application-level vulnerabilities, like XSS, SQL injection, Authentication Bypass, CSRF (Cross-Site Request Forgery), and Session Hijacking.
- Responsible for finding vulnerabilities and Bugs in open-source web applications, writing reports, and reporting them to vendors on Git Hub.
- Providing technical guidance and research to facilitate improvements and data-driven decisions in projects.
- Experience in open-source environments like GitHub, GitLab, Source Forge, Fedora, and Red Hat
- Hands-on experience in using tools Jira, Visual Studio code, AVD, AFL (American Fuzzing Lop), Burp suite, ZAP, RIPS, Virtual Box, Nmap, and GNU Debugger.
- Experience in coordinating with the development team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and impact of the issue.
- Collaborated with cross-functional teams to troubleshoot technical issues, minimizing downtime.
Incident Response, Risk Assessment, VAPT, Threat Management, JIRA management
DAST Tools: OWASP Zap, Stack Hawk, Veracode, Burp Suite, Nmap, Wireshark, Acunetix
SAST Tools: Veracode, Appscan, Sonarqube, Fortify, Checkmarx
CI/CD Tools: Circle CI, Team City, Bamboo, Wrecker, Jenkins
Programming Languages: Python, JavaScript, HTML, CSS
Databases: Oracle, SQL server, MySQL, MongoDB
API Tools: Insomnia, Postman
Operating Systems: Windows, Linux, MacOS
Open-Source Environments: GitHub, GitLab, Source Forge, Fedora, Red Hat
Operating Systems: Windows, Linux, MacOS
Open-Source Environments: GitHub, GitLab, Source Forge, Fedora, Red Hat