• Performed penetration test and AWS security audit for Gelato and Optimalprint• Led vulnerability assessment and penetration testing by 3rd party, also the following patching activity through cross team collaboration and maintain the internal SLA for vulnerability mitigation• Automated vulnerability scanning of production partners through in-house build python3 tool• Managed vulnerability disclosure program for Gelato• Leading ISO27001 project and collaborating with internal and external stakeholders to achieve it by end 2023 • Supported in integration of Snyk in our CI/CD pipeline for SAST scanning• Provided occasional support in incident investigation and provided feedback for alert tunning in ELK.• Educated fellow employees on basic information security hygiene

• Round the clock Penetration Testing of Sendoso’s product and new releases to ensure their security.• Penetration Testing of various in-house build APIs.• Applying DevSecOps approach to bake in security in the SDLC.• Log monitoring and reviewing to detect any malicious activities.• Responding to security related incidents and recommending necessary defensive guards.• Documenting Information Security Policies (User Access Review, Incident Report etc.).• Recommending hardening guidelines applicable to our environment.• Research on latest attacks that can affect our environment.• Implementing ISO27001 organization wide.• Managing Sendoso’s private Bug Bounty program and triaging valid vulnerabilities.

• Penetration Testing of more than 40 In-house and client applications as per OWASP Top 10 methodology.• Operating System, Active Directory and Firewall Hardening as per CIS benchmarks.• Periodic Vulnerability Assessment and Patching of infrastructure.• Implementing various compliance standards for different clients like SOC2, PCI and ISO27001.• Internal Audit activities for PCI and SOC2 which includes but not limited to on site audit, team reviews and gathering evidences for annual external Audit.• Assisted in PCI and SOC2 external Audits.• Logs Monitoring and Investigation through LogRhythm SIEM solution.• Monitoring and Managing various security products like Trend Micro Deep Discovery, Trend Micro Office Scan, Sentinel One, Burp Enterprise etc.• Reviewing daily business requests and ensuring least privilege access principle is implemented organization wide.

https://hackerone.com/n00bs3c