Assosciate Director2016 - PRESENTNotSoSecure
Technologies: Kubernetes, Amazon EKS, Burp Suite, Bash, Python, Java, Team Management, Inspec, Ansible, AWS, DevSecOps, AWS Lambda, ELK (Elastic Stack), Jenkins, Pentesting, Secure Containers, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Continuous Integration (CI), Cloud Security, Continuous Delivery (CD), Jenkins Pipeline, Security, Web Security, Vagrant, Cloud, OWASP, OWASP Zed Attack Proxy (ZAP), OWASP Top 10, Kali Linux, Docker, CI/CD Pipelines, Threat Modeling, Cybersecurity, Amazon Web Services (AWS), DevOps Engineer, DevOps, GitHub
- Moved 100+ VMs running on an ESX server to AWS EKS by dockerizing the underlying OS and its dependencies. The Bash shell was also exposed over the browser using Apache Guacamole. This helped save time and money increasing flexibility.
- Led the team to develop a training called DevSecOps and taught people on how to inject security into their DevOps pipelines. Created hands-on labs accessible right from the browser.
- Led of team of specialists in performing threat modeling and secure architecture review for our clients.
IT Security Specialist2015 - 2016Emirates NBD
Technologies: Pentesting, Security, Web Security, Burp Suite, OWASP, OWASP Top 10, Kali Linux, Threat Modeling, Cybersecurity
- Served as an internal information security consultant to the organization ensuring proper information security clearance amidst a constantly changing environment at the bank and ensure its compliance.
- Oversaw risk assessment of new business initiatives (products, channels, solutions) across the bank from an information security and architecture perspective ensuring involvement at every stage of the project/imitative lifecycle.
- Performed third-party (vendor) assessments through RFP sessions helping to select the best vendor from a security and architecture perspective.
IT Risk Advisory Consultant2014 - 2015EY
Technologies: SOX Compliance, Vendor Audit, Pentesting, Security, Web Security, OWASP, OWASP Top 10, Kali Linux, Burp Suite, Cybersecurity
- Performed vulnerability assessments and penetration testing for EYs clients in the telecommunications, media and entertainment, and technology domains.
- Performed IT audits to ensure compliance with various regulatory standards and policies including SOX and TRAI.
- Developed and reviewed the minimum baseline security standards for various technologies.
Security Analyst2012 - 2014NII Consulting
Technologies: VAPT, Pentesting, Mobile Application Security, Web Security, Security, OWASP, OWASP Top 10, Kali Linux, Burp Suite, Cybersecurity
- Performed VAPT on web/mobile applications and servers for clients in the banking industry and advised them on security issues.
- Conducted CSJD (certified secure Java development) trainings for NII’s and IIS’s premier clients and CSI (Computer Society of India) Mumbai Chapter.
- Delivered security awareness training to the senior management of a major oil and gas corporation in India.
- Managed single-handedly a 3-month engagement for a leading insurance company to perform secure code reviews and developed security guidelines for developers in J2EE technology.
Software Engineer2010 - 2012Mastek
Technologies: Java, Android, Apache Struts, JPA, Security
- Served as a full-stack developer in J2EE-Oracle technology with expertise in Spring, Apache Struts, JPA, Hibernate, MySQL, and Oracle.
- Developed a suite of applications for the MHADA Lottery 2012 following secure coding best practices as advised by the security team over a period of 15 months.
- Developed J2ME mobile applications for bus-tracking as part of a hackathon.