1.Performed Black box penetration testing using Burpsuite,OWASP ZAP and Acunetix2.Used automated port scanners like Nmap and Vulnerability Scanners like Nessus, Nexpose to understand the open ports, services and identified vulnerabilities3.Performed Reconnaissance on target using OSINT tools and techniques4.Performed both Static and Dynamic Application security testing(SAST & DAST)5.Performed Source Code Review for critical Business Logic functions6.Performed API Security testing on RESTAPIs7.Performed both Static and Dynamic analysis in Mobile app security pen-testing8.Performed Network security assessment using industry standard tools, techniques9.Participated in scrum meetings related to remediation and product quality issues10.Depicting/justifying the false positives and true positives in Automated scan reports and combine with Manually tested vulnerabilities to create Client specific Report11.Participating in remediation review and recommendations to identified vulnerabilities with development teams and stakeholders12.Conduct in-depth OS security assessments and ensure that devices were on current security patches and virus signatures13.Perform security testing for in-house and client developed/hosted internet/intranet applications by using industry standard tools for automated and manual testing14.Thrived to shift the security element to the left of the SDLC and practiced it at every phase of SDLC by using various threat modeling methodologies15.Followed all the respective compliance regulations and standards like PCI-DSS,HIPAA,GDPR etc.

1.Deploying SIEM tool in clients' environment and troubleshooting it’s components2.Integrating different log sources with SIEM tool3.Performed proactive monitoring, analysis, investigating security incidents and escalating to L2 analyst4.Performed Security assessments using tools such as NMAP, Nessus, Metasploit etc. 5.Perform Pentesting using Burpsuite, OWASP ZAP to find Web and API vulnerabilities6.Create the reports with PoCs, remediations according to client specific templates by removing false positives7.Creating scheduled automated backups using bash scripting8.Creating and Managing Visualizations, Dashboards and Weekly reports9.Collecting IOCs from open sources and integrate with in-house threat intel DB10.Performed Threat Hunting pro-actively across clients’ infrastructure to mitigate threats using MITRE-ATT&CK framework and worked on EDR solutions as well11.Research new and evolving threats, attacks and vulnerabilities12.Raised awareness and provided training to fellow employees