Cyber Security Engineer
Cyber Security Corporation
Pune, Maharashtra, India
As a part of the red team at cybersecurity corporation, my job was to streamline the security assessment pipeline for our clientele. Most of my work revolved around catching security bugs & vulnerabilities early in the SDLC by performing pen-testing assessments for each version of the software.During my tenure I have tested AWS cloud deployments, web applications, APIs, CLI tools, binaries and more using different tools.For numerous clients, I have performed secure code reviews for software written in Java, C/C++ & Assembly and also performed web application/API pentesting using various CLI tools and automated tools like BurpSuite.I have experience with static & dynamic analysis tools (SAST/DAST) like Nessus, GitGuardian & Klocwork, which I have used in the past to find critical security errors in code.For AWS Cloud Deployments, I have more than 1 year of experience fixing various misconfigurations with VPCs, IAM Policies, Server-less frameworks and various other types of AWS deployments.Using my fluency in x86 Assembly, I have exploited & pen-tested 32-bit/64-bit binaries written for various platforms using tools like GDB, Ghidra, IdaPro, Ghidra, WinDBG and python's PwnTools framework amongst various others.Helped the client create a disaster recovery plan (using table-top exercises / full interruption tests) and create IAM policies to protect access of corporate documents and files. Lead table top exercises with the DevOps team to identify & fix vulnerabilities in software deployed in production through simulation of threats.Malware Analysis — Proactively conducted an in-depth malware research to comprehend how modern viruses operate under the hood.