Rohit Ranga
Dallas,Texas
Summary
Application security professional with 8+ years of experience prepared to bring extensive knowledge of application security(Web, Mobile,API) to the role. Skilled in vulnerability assessment, threat modelling, and risk mitigation. Consistently collaborates with teams to enhance security measures and adapt to evolving threats.
Overview
9
9
years of professional experience
1
1
Certification
Work History
Sr Application Security Analyst
ServiceNow USA
05.2022 - Current
- Conducted dynamic security assessments to identify vulnerabilities in ServiceNow applications.
- Conducted static security assessments to identify vulnerabilities in ServiceNow applications.
- Performed Threat modelling using STRIDE and PASTA methodology
- Performing the deep-dives to identify the root cause of enterprise-level vulnerabilities.
- Handling the Bug Bounty program of ServiceNow by actively engaging with external security researchers.
- Validate vulnerabilities by reproducing issues in sub-prod environments and providing clear Pocs aligned with ServiceNow configurations.
- Support secure SDLC by providing security guidance during design reviews.
- Researched emerging threats and technologies to adapt security strategies accordingly.
- Drove initiatives to improve application security posture, resulting in reduced vulnerability exposure rates.
- Worked closely with the Incident Command team to correlate Splunk alerts with ServiceNow platform activity, enabling early detection of potential product security vulnerabilities.
Sr Application Security Analyst
Invesco
05.2021 - 05.2022
- Worked along with the application teams to onboard them into the DevSecOps process through Bitbucket pipelines.
- Assisting application teams in implementing the SAST, DAST and 3rd part libraries pipelines in Bitbucket.
- Collaborated with development teams to integrate security best practices into SDLC.
- Performed threat modelling for the applications.
- Performed the container security scans through Prisma and analyze the reported issues.
- Performed source code analysis using Fortify followed by false-positive identification.
- Analyze the application by using both manual and automated security assessments.
- Coordinated in remediating the issues reported by 3rd party security sites like BitSight, and RiskRecon.
Application Security Analyst
ADP India
11.2019 - 05.2021
- Analyzing and evaluating the security posture of applications (Web, Web Services and Mobile).
- Perform application vulnerability scans and penetration tests.
- Perform source code analysis using Checkmarx followed by false positive identification.
- Analyzing the security configurations of the applications that are hosted on the cloud (AWS).
- Analyze the application by using both manual and automated security assessments.
- Conducting False Positive analysis of the vulnerability scanner reports
- Providing necessary mitigation for the identified vulnerabilities to the development teams, educating them on the vulnerabilities & their fixes following up and escalating when necessary.
Application Security Analyst
3i Infotech
05.2017 - 03.2019
- Analyzing and evaluating the security posture of applications.
- Develop and document security evaluation test plans and procedures.
- Performed application vulnerability scans and penetration tests.
- Analyzed the application by using both manual and automated security assessments using various tools.
- Manually tested for the OWASP TOP 10 mobile standards and APPSCAN vulnerabilities.
- Audited systems based on security standards (WASC, PCI-DSS, NIST).
- Preparing the POCs of the vulnerabilities found in the application.
- Worked on creating the Jenkin pipelines and integrating the SAST and DAST tools as part of Devsecops process.
- Prepared comprehensive security report detailing identifications, risk descriptions and recommendations with code snippets for the vulnerabilities.
Education
BTech - JNTU
CVSR College of Engineering
01.2016
Skills
- Web application security
- Mobile application(android&ios) security
- API Security
- Cloud Security
- Static code analysis
- Threat modeling
- DevSecOps Implementation
- Secure coding practices
- DAST Tools: IBM Appscan, Burp Suite, ZAP, WebInspect
- SAST Tools: Fortify and Checkmarx
- Mobile Security Tools: MobSF, Frida, Drozer, Apk tool, JD-GUI, dex2jar, Androguard
- Network Security Tools: Nmap, Metasploit Framework, Wireshark
- Languages: C, Core Java, Python scripting
Certification
OSCP
GCSA
CEH
Timeline
Sr Application Security Analyst
ServiceNow USA
05.2022 - Current
Sr Application Security Analyst
Invesco
05.2021 - 05.2022
Application Security Analyst
ADP India
11.2019 - 05.2021
Application Security Analyst
3i Infotech
05.2017 - 03.2019
BTech - JNTU
CVSR College of Engineering