Om Narayan Email & Phone Number

New York, NY, US

Seattle, WA, US

Accountable for security of DynamoDB, Keyspaces, Finspace, Amazon Managed Bitcoin and Amazon managed Airflow, GenAI capabilities within these services used by worldwide customers across numerous industry sectors healthcare, government, finance, entertainment, education, fitness to name a few.

New York, New York, US

• Set up the responsible disclosure and a private bug bounty program from the ground with an effective end-to-end process from submission of vulnerabilities to remediation.
• Integrated DAST solution(Stackhawk) in the CI/CD pipeline which helped to provide security coverage from a dynamic security testing standpoint.
• Provided training to development teams for working on the issues reported from the above two sources and documented a best security practice for reference which helped developers to build apps with a security mindset.
• Set up, administered, and managed a runtime application security protection solution(Sqreen) which helped to detect runtime attacks and automatically blocked malicious requests providing comprehensive security.
• Performed quarterly internal penetration testing on infrastructure(Kubernetes/AWS) and web application to get additional security coverage and be compliant to regulatory compliance obligations.
• Performed secure architecture and design review for new product/feature releases which helped to detect security issues in the early stage of development.

New York, US

• Responsible for building up an application security program from the ground up.
• Collaborate and interface with different application development and site reliability team to incorporate SAST by integrating native source code scanning and open source vulnerability scanning in the CI/CD pipeline.
• Working with different SAST/DAST vendors for their assessment and their capabilities to determine the fit for the organization.
• Responsible for performing manual source code review and educating developers by conducting a session on secure coding practice.
• Perform monthly pen-testing on the QA version of the production internet-facing applications and reporting bugs to respective development team
• Responsible for triaging the bug reported from the bug-bounty programme hosted by third party vendor hackerone.

New York, NY, US

• Developed automated security in depth solution using AWS services(Lambda, Cloud Trail, Cloud Watch, AWS config) to detect security and non-compliance incidents in the cloud and respond in real time.
• Leveraged AWSGuardDuty for anomalous behaviour and threat detection on cloud and integrated with SIEM for centralized incident and response.
• Managing EKS and container security by integrating vendor(Aqua-security) product with AWS and SIEM for alerting and remediation.
• Configured Tenable scan on AWS and internal corporate managed systems for vulnerability detection and compliance reporting.
• Performed Incident response with SIEM(Sumologic) by configuring logs from a various network source to flow into centralized SIEM(Sumologic) and integrating webhook to Pagerduty and slack.
• Wrote alert queries in SIEM and performed analysis of alert generated and enacted with remediation as a response to that incident.

New York, NY, US

My responsibility ranges from taking classes on behalf of the professor to holding TA sessions for students and helping them to address their queries from the coursework. I have been helping students in their projects with technology like spark-sql and various machine learning algorithm using spark-ml module.I am responsible for managing IBM cloud.

New York, NY, US

• Implemented defensive security techniques with appropriate resource locking and a role based access control to permit secure read/write access and valid operations on the University’s student profile management system.
• Performed regressive testing on defense mechanism of library management system to discover vulnerabilities from insufficient remediation implementation and recommended solutions to improve security posture.
• Successfully discovered and exploited a buffer overflow vulnerability in Facebook capture the flag challenge through blackbox application penetration testing.
• Performed SSL Strip to demonstrate degrading down a secured(https) endpoint communication to an unsecured(http) and successfully stole confidential information.
• Performed a Network and Application Penetrating system on a client image and submitted a report of found vulnerability and recommendation for proper remediation.
• Used snort in NIDS mode on packet capture to detect and alert malicious incoming traffic.

Santa Clara, CA, US

• Developed an automated fuzzing utility for Graphics Processing Display drivers to perform comprehensive mutational fuzzing and helped developers with the early identification and redressal of security vulnerabilities.
• Implemented selective mode of fuzzing with annotations on target code which benefitted developers in effective security testing of only intended module.
• Participated in development of project management platform to identify inconsistencies in source code acceptance for various products within the organization which streamlined decision making process by highlighting.
• Performed Open source security Vulnerability analysis of driver source code using security tools- CheckMarx, Whitesource and Coverity APIs to record and update the vulnerability’s score associated with open source and.
• Used the recorded parameters for a meaningful view to simplify decision making on insecurity associated with code of various products within organization.

Mumbai, Maharashtra, IN

• Developed multithreaded scheduler for activation of services which enhanced services activation process on number by 5% which helped to reduce business loss by meeting service level agreement from the performance.
• Replaced a file based interaction with XML mechanism for interactions with updated version of billing system which improved performance, reliability and user experience of the system.
• Led a team of 12 junior software developers to identify and remediate security vulnerabilities associated with interactions of new billing system.

Mumbai, Maharashtra, IN

• Developed mechanisms for input validation and sanitization of input obtained from untrusted sources to reduce Cross Site Scripting exposure which significantly filtered potential malicious requests to application.
• Successfully developed defensive techniques to malicious resource exhaustion queries on Database server and positively impacted availability and performance of this system during peak demand.
• Participated in the patching and remediation of secure Denial of Service (DoS) attacks by removing duplicate request generation on application server -consuming undesired server resources and gradually causing resource.
• Redesigned user session management on application server by updating association of large size object from user session to only legitimate user request which led to reduced memory usage and improved system performance.

Mumbai, Maharashtra, IN

CPOS Security Assessment Identified and analyzed potentially vulnerable form elements of web application.Developed a secured input client side validation and sanitization for all vulnerable user input form elements to mitigate web based attacks.Identified and analysed run time query on server side for potential malicious occurrence and replaced with.

Master’S Degree, Computer Science

Bachelor’S Degree, Computer Science

High School, Science

Science