Security Engineer @paypal | Ex-IBMer | Application Security | DevSecOps | Threat Modeling | Synack Red Teamer
8 Years of Experience
Pune, Maharashtra, India
+9197********
-
-
60 Days
Informational Security Professional With 5+ Years of Experience in Information Security Including Skills Such as Application Security (Offensive), DevSecOps, Penetration Testing, Threat Modeling, Vulnerability Assessment, Source Code Review. Actively Working in PayPal as Information Security Engineer, Includes Key Responsibilities Such as Penetration Testing of Applications (Web Applications, Mobile Applications, APIs, Network), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Integrating and Maintaining DevSecOps Pipeline, etc. I Possess Good Understanding and Knowledge of Application Security Processes, Secure SDLC, Secure Coding Principles and Standards, Security Best Practices & Policies, Information Security Strategy, Risk Assessments, Security Architecture, Strategic Documentation, Network Audits, Threat Management, etc.
PayPal, SaaS/Cloud Product, Financial Services
Synack Red Team
IBM
PayPal, Synack Red Team, IBM, FirstCry.com (BrainBees Solutions Pvt. Ltd.), Infinity Labs India
Job Title : Information Security Engineer
Company name : PayPal
Period : March 2023 - Present
Job Title : Synack Red Team Researcher
Company name : Synack Red Team
Period : May 2023 - Present
Job Title : Penetration Tester
Company name : IBM
Period : November 2021 - March 2023
Summary : Web Application Pentesting of IBM's Products Such as,
IBM zSystems, IBM Watson Health, IBM Data & AI, IBM Cloud, Blueworklive
Performing Web Application Penetration Testing, Mobile Application Penetration Testing, Infrastructure Penetration Testing, Thick Client Penetration Testing.
Working With Product Team to Fix Vulnerabilities Identified During Mobile and Web Application Security Assessments.
Collaborating With Network Administrators to Remediate Vulnerabilities Identified During Wireless and Network Security Assessments.
Preparing the Assessment Reports With All the Details Including, Technical Impact, Business Risk, Severity, Proof of Concepts, Mitigations.
Communicating With Product Teams for Scoping, Kick-off Calls, Daily Notifications, Findings Updates, Report Delivery, and Report Readout Using Mails Conference Calls.
Conducting Research and Development for New Vulnerabilities and Sharing It With Other Colleagues.
Job Title : Information Security Analyst
Company name : FirstCry.com (BrainBees Solutions Pvt. Ltd.)
Period : December 2018 - November 2021
Summary : Responsible for Pentesting of Internal Web Applications for Warehouse Management With Black Box, Grey Box Perspective.
Firstcry.com's Official Android Application's Penetration Testing With Static and Dynamic Analysis Methodology.
Conducted Internal and External Network Pentesting as With Multiple Automated Tools Such as Greenbone Security's Openvas, Nessus, Acunetix Etc.
Manual Exploitation of Vulnerabilities Found in Automated Scanners and Explained Impact to Developers and Management
Involved to Take Findings Calls to Explain Critical Vulnerabilities From Business Logic Perspective to the Developers and Provide Remediation.
Prepared Detailed Penetration Testing Reports of Findings Within Timeline.
Job Title : IT Support Engineer (Asset Management)
Company name : Infinity Labs India
Period : January 2017 - January 2018
Title : Threat Modeling Security Fundamentals
Period : December 2023 - Present
Summary : ven4f5bm, microsoft.com, https://learn.microsoft.com/en-us/users/codeh4ck3r/achievements/ven4f5bm
Issuing Authority : Microsoft
Title : DevSecOps - Introduction
Period : November 2023 - Present
Summary : 57046394175727, verified.cv, https://appsecengineer.verified.cv/en/verify/57046394175727
Issuing Authority : AppSecEngineer
Title : Dante Certification Level 2
Period : July 2023 - Present
Summary : HTBCERT-AB10323908, github.com, https://github.com/codeh4ck3r/Technical-Certificates/blob/main/Dante.pdf
Issuing Authority : Hack The Box
Title : RastaLabs Pro Lab
Period : July 2023 - Present
Summary : HTBCERT-3D476D9FC8, github.com, https://github.com/codeh4ck3r/Certs/blob/main/RastaLabs.pdf
Issuing Authority : Hack The Box
Title : Think Like a Hacker
Period : May 2022 - Present
Summary : credly.com, https://www.credly.com/badges/3d91a94b-0263-4bb4-8613-a2e184bf008a?source=linked_in_profile
Issuing Authority : IBM
Title : Advanced Penetration Testing
Period : October 2019 - Present
Summary : CC-1d7ad3ed-6c4a-49cb-a99e-1219828a1a39, cybrary.it, https://www.cybrary.it/info/verify-certificate/
Issuing Authority : Cybrary
Title : Certified Ethical Hacker
Summary : ECC38925767559, google.com, https://drive.google.com/open?id=1xpwWzncFzQjItDe_fiEUtSrdj0hfqZ-t
Issuing Authority : EC-Council
English (Professional Working), Hindi (Full Professional), Marathi (Native Or Bilingual)
Award : CVE-2020-29226: Blind SQL Injection
Issuer : https://cve.mitre.org/
Summary : Blind SQL Injection
Award : CVE-2022-31447: XML External Entity (XXE)
Issuer : https://cve.mitre.org/
Summary : XML External Entity (XXE)
Award : CVE-2022-40766: SQL Injection
Issuer : https://cve.mitre.org/
Summary : SQL Injection
Award : Hall of Fame
Issuer : Dell
Summary : Acknowledgment by Dell for Finding SSRF Vulnerability.
Award : Hall of Fame
Issuer : Twitter
Summary : Acknowledgment by Twitter for Finding Security Vulnerability.
Award : Hall of Fame
Issuer : LinkedIn
Summary : Acknowledgment By LinkedIn for Finding SQL Injection Vulnerability
Show More