About
Cybersecurity professional with experience in Vulnerability Assessment & Penetration Testing, Red Team operations and Web Application Testing. Currently part of the Cyber Defense and Resilience department at Deloitte Touched Tohmatsu India LLP. Skilled in vulnerability assessment, Web Application (thick/thin client) testing, and manual testing across web apps, APIs, networks, and Wi-Fi environments. Proven track record in identifying critical security flaws, providing remediation guidance, and validating fixes. Strong understanding of offensive security methodologies and IT audit processes.
Skills & Expertise (24)
Work Experience
Penetration Tester / Offensive Security Engineer
Deloitte India
Sep 2024 - Present
Conducted comprehensive penetration testing and vulnerability assessments across web applications, APIs, and Android platforms for clients, primarily in the banking and BFSI sector, identifying and mitigating critical security risks. Executed Red Teaming engagements, uncovering high-impact vulnerabilities including NAC Bypass, phishing site discovery, and CMD/PowerShell restriction bypass. Performed Black Box and Grey Box security testing, exploiting vulnerabilities such as SQL Injection (SQLi), Cross-Site Scripting (XSS), Account Takeover, Remote Code Execution (RCE), Privilege Escalation, Insecure Direct Object References (IDOR), and various authentication/authorization bypasses (OTP, CAPTCHA, login), CSRF etc. Perform Malware Simulation Exercises for a top-tier BFSI organization in India, improving incident response readiness by demonstrating realistic attack scenarios. Automated security processes including reconnaissance, patch management, and evidence gathering via Python scripting and CI/CD integration. Delivered detailed remediation guidance and collaborated with development and infrastructure teams to address vulnerabilities; presented findings to both technical and non-technical stakeholders. Conducted in-depth security audits and ATM/Branch security assessments ensuring compliance with regulatory and organizational standards. Utilized a wide range of security tools including Burp Suite, Qualys, Nmap, Metasploit, SQL Map, and various Linux distributions for daily offensive security tasks.
Technical Project Management Intern
TEN Consulting Pvt Ltd
Jun 2021 - Nov 2021
Managed onboarding and task allocation for new hires, tracked project progress and deliverables to ensure timely completion, and implemented workflow automation to streamline processes, improve team efficiency, and reduce operational bottlenecks.
Cyber Security Intern
Deloitte India
Feb 2024 - Aug 2024
Selected as 1 of 25 from 80,000+ applicants for a competitive national program, worked on a live client project performing vulnerability assessments and exploitation (SQLi, XSS, IDOR, Privilege Escalation), developed custom testing scripts, conducted penetration testing using Nmap, Burp Suite, and Metasploit on Kali Linux and Windows, and participated in bug bounty programs to identify and report high-impact security flaws.
Business Development Intern
Coincent.ai Pvt Ltd
Feb 2022 - Jul 2022
Prepared detailed project proposals for clients on immersive learning platforms, delivered real-time support during implementation, and provided post-delivery assistance to ensure client satisfaction and long-term engagement.
Education
Bachelor of Technology in Electronics and Communication Engineering - Techno College of Engineering Agartala
2020 - 2023 · Afghanistan
Diploma in Electronica and Telecommunication Engineering - Dhalai District Polytechnic Institute Ambassa
2017 - 2020 · Afghanistan
