Summary
Overview
Work History
Education
Skills
Timeline
Generic

Rishivar Kumar Goli

San Bernardino,CA

Summary

Information Security Professional with strong experience and background in software development, security practices, and operations with strong exposure to integrating security into every stage of the development and deployment lifecycle.

Proficient in designing and implementing secure CI/CD pipelines, automating security checks and compliance audits, and fostering a collaborative environment where development and security teams. Strong experience in identifying vulnerabilities, conducting thorough risk assessments, and implementing effective remediation strategies.

Overview

5
5
years of professional experience

Work History

Graduate Student Research Assistant

California State University, San Bernardino
09.2021 - 05.2023

- Responsible for leading the team as a security researcher to maintain the Coyote Chronicle website which strives to bring issues that matter to students.

- As a graduate student research assistant responsible for finding vulnerabilities and bugs in open-source applications.

- Experience and extensive research in Identifying vulnerabilities like Injection errors, Business Logic Abuse, Authentication, Session Management, etc.

- Responsible for performing Dynamic Application Security Testing using tools BurpSuite, ZAP, Acunetix, SonarQube, and IBM Scan.

- Experience in performing manual security testing by using Burp Suite proxy to identify false positives.

- Responsible for managing publications of digital newspapers in the university with a range of tasks that aim to ensure the smooth production, distribution, and quality of the content being published.

- Experience in using tools Adobe, InDesign, and WordPress.

DevSecOps Engineer

Loginsoft Private Limited
05.2020 - 08.2021

- Responsible for finding vulnerabilities creating tickets in Jira and routing them to security application developers after initial steps of troubleshooting.

- Experience in Analyzing vulnerability assessment reports.

- Analyzing risks during the application development phase and providing solutions to mitigate risks.

- Research on competitive solutions to replace existing security tools to decrease false positives and supply developer-friendly integrations.

- Experienced in CI/CD - ANT, Maven, Gradle, Jenkins, GitHub.

- Experience in Cloud Security, Terraform, Kubernetes, Docker Products, Amazon Web Services, Agile methodologies, and Application Security.

Application Security Engineer

Loginsoft Private Limited
08.2018 - 04.2020

- Responsible for conducting application security testing for open-source web applications to access vulnerabilities.

- Performed SAST and DAST methodologies at an enterprise level to identify, report, and remediate security vulnerabilities from applications deployed in development and production environments.

- Responsible for researching bug reports and determining security fixes to drive closure in future releases or patches.

- Responsible for conducting zero-day vulnerabilities and finding CVEs through fuzzing on browsers and open-source web frameworks and Binaries.

- Experience in reviewing security architecture evaluation of new systems and creating security test plans based on existing planned controls and recommendations.

- Experience on Sonatype central security project (Data Security Research).

- Proficient in understanding application-level vulnerabilities, like XSS, SQL injection, Authentication Bypass, CSRF (Cross-Site Request Forgery), and Session Hijacking.

- Responsible for finding vulnerabilities and Bugs in open-source web applications, writing reports, and reporting them to vendors on Git Hub.

- Providing technical guidance and research to facilitate improvements and data-driven decisions in projects.

- Experience in open-source environments like GitHub, GitLab, Source Forge, Fedora, and Red Hat

- Hands-on experience in using tools Jira, Visual Studio code, AVD, AFL (American Fuzzing Lop), Burp suite, ZAP, RIPS, Virtual Box, Nmap, and GNU Debugger.

- Experience in coordinating with the development team to ensure closure of reported vulnerabilities by explaining the ease of exploitation and impact of the issue.

- Collaborated with cross-functional teams to troubleshoot technical issues, minimizing downtime.

Education

Master of Science - Computer Science

California State University - San Bernardino
San Bernardino, CA
08.2023

Skills

    Incident Response, Risk Assessment, VAPT, Threat Management, JIRA management

    DAST Tools: OWASP Zap, Stack Hawk, Veracode, Burp Suite, Nmap, Wireshark, Acunetix
    SAST Tools: Veracode, Appscan, Sonarqube, Fortify, Checkmarx

    CI/CD Tools: Circle CI, Team City, Bamboo, Wrecker, Jenkins

    Programming Languages: Python, JavaScript, HTML, CSS

    Databases: Oracle, SQL server, MySQL, MongoDB

    API Tools: Insomnia, Postman

    Operating Systems: Windows, Linux, MacOS

    Open-Source Environments: GitHub, GitLab, Source Forge, Fedora, Red Hat

    Operating Systems: Windows, Linux, MacOS

    Open-Source Environments: GitHub, GitLab, Source Forge, Fedora, Red Hat

Timeline

Graduate Student Research Assistant

California State University, San Bernardino
09.2021 - 05.2023

DevSecOps Engineer

Loginsoft Private Limited
05.2020 - 08.2021

Application Security Engineer

Loginsoft Private Limited
08.2018 - 04.2020

Master of Science - Computer Science

California State University - San Bernardino
Rishivar Kumar Goli