Secure SDLC, PCI, Enterprise Information Security Experience, Close Software Development Team Interaction
Knowledge of SSO, SAML, OAuth, JWT, Rest API
Penetration Testing: OWASP Top 10,CVE, Threat Modelling, Manual Penetration Testing and Vulnerability
Tools: - Burp Suite, Metasploit, Kali Linux, IBM AppScan, HP WebInspect,W3af, Qualys, White Hat
Programming Languages: - Ruby (Beginner), Python, Data Analysis
SANS: DEV 522 (Defending Web Applications Security Essentials) - SANS, Orlando - 2013
edX Honor Code Certificate for "Processing Big Data with Hadoop in Azure HDInsight"
Network Security (M.S.
LKM Firewall Built a Linux based firewall from scratch based on the given rules to block a specific IP
address and TCP port based on TCP/IP packet analysis using net filter hooks.
Exploiting Vulnerable phpBB Found out and exploited phpBB vulnerabilities.
Mobile Forensics Forensic Analysis of Windows based Mobile Phones and solving a cases based
Hard Disk Forensics Solving a case based on Forensic Analysis of Hard Disk
Network Forensics Solving a case based on Captured Network Traffic
INDEPENDENT RESEARCH PROJECT
CREDITSEC - Next Generation Credit Card Security Nov, 2010 - Present
Developed a security mechanism to prevent the stealing of credit card numbers stored in databases and
prevent hacking and misuse of credit card numbers by storing these credit card numbers in a human unreadable
Presented as a speaker at PhreakNIC15 (http://www.phreaknic.info/) held at Nashville, Tennessee from November
4-6, 2011 on "CREDITSEC - Next Generation Credit Card Security".
It is a revolutionizing next generation credit
card security that can be adopted to secure credit card being stolen from databases breaches
Presentation: - http://goo.gl/9eYJWl
Video: - http://www.youtube.com/watch?v=b3EpdXvQ-aE.
Sr. DevSecOps Engineer08/2016 to CurrentCompany NameCity, State
Part of the Red Team to conduct penetration test and ethical hacking across Intuit's assets focusing on application
Proactive threat hunting, Incident Response, SIEM (Splunk), Log Analysis, SourceFire, Fireeye, Implemented Active
Network Monitoring (Moloch), Assisting Forensic Investigation Team post incident analysis.
Sr. Application Security Engineer08/2015 to 08/2016Company NameCity, State
Working with the engineering and IT functional teams to conduct Security Architecture reviews and building up the
application security program.
Also involved in conducting penetration testing and security testing and remediation
with the application developers.
Developed Application Security Standards.
Sr. Application Security Architect03/2015 to 08/2015Company NameCity, State
Working closely with the business units to ensure that security is taken care of at high level as well as detail design
perspective, ensuring that process is matured from an application architecture perspective.
Architecture Review Program at other business Units.
Sr. Application Security Analyst12/2013 to 03/2015
Working closely with the Application Development Team to work on the Application Security (Defensive) and
Penetration Testing and Ethical Hacking (Offensive).
Handling a critical business Unit (Wyndham Exchange &
Rentals) at Wyndham Worldwide from the application security effort perspective.
Sr. AssociateCompany NameCity, State
Information & Application Security July 2012 - Dec 2013
Application Security Architecture Review - [Defensive]
Interacting with the application development team do an application security architecture review, review their
HLD's, DTD's as well do Threat Modeling to ensure adequate security features are embedded in the application.
Application Penetration Testing and Ethical Hacking [Offensive]
Regular and comprehensive penetration tests and vulnerability assessment of critical business and customer facing
web applications and closely interacting with the application development teams to ensure the vulnerabilities are
fixed and closed based on a comprehensive report of findings.
Web Application Firewall (F5 ASM)
Lead the team of two people to successfully Implement Web Application Firewall (F5 ASM) for the entire critical
and important internet facing Discover Financial Services web applications.
Web Application Firewall Analyst
Primary Web Application Firewall Analyst handling the analysis and review of Web Application Firewall attacks
based on the traffic and incidents recommending action to be taken.
Education and Training
Master of Science: Information SecurityDecember,2011Johns Hopkins UniversityCity, StateInformation Security
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.
Johns Hopkins University
Uttar Pradesh Technical University
Job Titles Held:
Sr. DevSecOps Engineer
Sr. Application Security Engineer
Sr. Application Security Architect
Sr. Application Security Analyst
Web Application Firewall Analyst
Master of Science : Information Security December,2011 Bachelor of Technology : Computer Science & Engineering August,2008
Create a job alert for [job role title] at [location].