I am an Information Security Professional with more than 6 years of professional experience. I love to play with open-source tools and more inclined towards defense than offense in the Information Security domain. I works with the Operation and Development team, solving challenging between security and DevOps team.
I have worked on Web, Mobile Application and Network Infrastructure Penetration Testing in my past organizations. Conducted VA/PT around 300+ Web applications most of the US and Europ based projects.
Assesses, defines, implements, participates in and supports DevSecOps programs for NotSoSecure clients. Engagements span from simple IT projects to large-scale, enterprise-level transformation programs. Collaborate with teams and aid in developing consultative solutions to implement client DevSecOps capabilities to enable secure product development. Conduct methodology and architecture security assessments and define solutions to produce tailored DevSecOps platforms inclusive of target state people, process, and technology operating models.
- Support clients achieving the benefits that DevSecOps can offer Contribute to/participate in the design and implementation of DevSecOps platforms which covers areas such as integrating security into build automation, deployment automation, test automation, SDLC orchestration, environment management, monitoring, and production release procedures.
- Drive adoption of tools and practices as the client transitions to DevSecOps.
- Containerization principles and frameworks (Docker, Kubernetes).
Work closely in between the development and DevOps teams to help in implementations of security in their process. Use Docker, Tool Automation - ZAP, Burp, Webinspect, Nessus, Vagrant
- Implementation of the security tools based on the design and specifications.
- Work with the developers during the implementation and development of security features.
Responsible for security testing of enterprise mobile computer products across OS platforms (Windows/ Android) for various features (including standard phone features, Barcode Scanning, RFID, NFC) and MDM solutions.
- Participates in the design and execution of vulnerability assessments, penetration tests and security audits and provides recommendations for application design whenever required.
- Review requirements specifications and technical design documents to provide timely and meaningful feedback.
Part of Global Enterprise Vulnerability Assessment and Management team. Responsible for periodic vulnerability assessment and penetration testing activity.
- Enterprise Vulnerability Management.
- Internal and External Vulnerability Management.
- Pentration Testing Web application and Network.