Product Security @ADDX • Lead a fintech start-up to develop its cybersecurity strategy from scratch.• Develop a strategy to measure the security posture of the cloud accounts.• Building the cybersecurity roadmap for the assets (primarily hosted in AWS infrastructure).• Setup real-time threat detection capabilities in the cloud utilizing CloudTrail, CloudFront and other log sources in the cloud and deploy WAF solution to detect and mitigate threats towards the Application.• Perform and create procedures for system security audits, penetration tests, and vulnerability assessments• Recommended preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy.• Cyber-security investigation, Incident management & threat mitigation.• Blockchain/Smart Contract vulnerability and penetration testing• Blockchain based application security source code review.• Web application/Mobile application (Android/iOS) vulnerability analysis and pen-testing • FIX API protocol vulnerability analysis and pen-testing.• Implemented infrastructure security automation using ansible/terraform.• Responsible for SIEM implementation and incident response analysis.• Security awareness and secure development trainings.• AWS security specialist - DevSecOps Practices • O365/GSuite Security• MAS/TRM regulations, ISO27001, SOC2

Microsoft India R&D India • Responsible for supply chain security and assurance to customers, suppliers and internal teams• Responsible for Product security and assurance in supply chain including (web, Mobile) application vulnerability assessment & penetration testing and Infrastructure security testing• Enterprise wide penetration tests and reviews conducted on various components to identify security loopholes and subsequently addressed with appropriate controls

Zeotap Product Security • Web Application Security • Mobile Application Security • Rest API Security Testing• Network Security• Cloud Security• Security Automation using Ansible, Docker, Python • Source Code Review• Big data security• AWS security automation• Web application security automation• Network security automation• Security Architect• Network Secure Architecture • Application Secure Architecture• SIEM • Incident Response Management • ISO27001• CSA• GDPR• G-Suite Security

Security Consulting in Government Sector • Common Criteria Implementation• Product security evaluation • USB based devices security testing• Smartphones Security testing • Thick Client Security Testing • Routers & Switches Security Testing • Operating System Security Testing

SAP Product Security.• Web Application Penetration Testing• Mobile Application Testing • Cloud Security• Secure Code Review for both web and mobile applications• Network Penetration Testing• Configuration Audit for various devices and servers• Web Services Testing• API Testing - REST and SOAP APIs.