About
1.5 years of experience in security assessments Vulnerability Assessment and Penetration Testing (Web Application, Mobile Application, API, Network, Cloud) Hands-on experience with both Automation and Manual Testing Tools. Performed Application Penetration Testing for various clients. Assisting in review of business solution architectures from security point of view which helps avoiding security related issues/threats at the early stage of project. Experience in running scans on Source code files using Veracode and verifying vulnerabilities to eliminate false positives. Good Knowledge on SAST and DAST Skilled using Various Tools for web application penetration tests such as Burp Suite, OWASP ZAP, Veracode, Wireshark, Nmap, Nessus, Work Audit Bench, Fortify, Acunetix. Ability to perform, secure code review, Penetration Testing (Web, Mobile, API, Network), Vulnerability Assessment. Proficient in understanding application-level vulnerabilities like XSS, SQL Injection, authentication bypass, weak cryptography, Session Management, etc. Performed Web Application Security / Penetration Testing in accordance with OWASP standards and SANS guidelines, using manual techniques and Automation tools. Skilled in executing OWASP top 10 test cases. Good Knowledge on Cloud Security with Jenkins Conducted application architecture review for few projects. Publishing monthly dashboards, taking follow up for closure of vulnerabilities. Executing test cases, reviewing results, and working with development team to remediate the open issues. Reporting the identified issues in the industry standard framework. Ability to build good relationships with clients/operational managers and colleagues.
Skills & Expertise (26)
Work Experience
Security Analyst
Aon Insurance Company
Present - Present
Integrated Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) tools into CI/CD pipelines, enhancing early detection of vulnerabilities and reducing time-to-fix. Led the implementation of security tools across all phases of the Software Development Life Cycle (SDLC), ensuring comprehensive security coverage from design through deployment. Streamlined Agile security practices by incorporating security reviews and automated testing into agile sprints. Architected and deployed security testing solutions that seamlessly integrated with development and operations workflows, promoting a culture of continuous security improvement within cross-functional teams. Automated vulnerability assessments and reporting using advanced DAST/SAST tools, significantly improving the efficiency of security assessments and enabling proactive risk management. Monitored and analyzed security metrics from DAST and SAST tools to drive informed decision-making and prioritize remediation efforts, enhancing overall application security posture. Collaborated with development, QA, and operations teams to integrate security best practices into the Agile framework, ensuring security is embedded into every stage of product development. Enhanced security testing coverage by customizing and optimizing DAST/SAST tools to address specific application requirements.
Junior Analyst
KPMG
Feb 2025 - Present
Conducted vulnerability assessments using web application vulnerability scanners and manual penetration testing. Perform infrastructure security assessments by analyzing the networks, enumeration of services on hosts and identify vulnerabilities. Exploitation of identified vulnerabilities in network hosts by using existing exploits or manual methodologies. Manual web application penetration testing using Burp Suite. Application Security Assessment by using automated scanners like Web Inspect and Appscan. Using web application vulnerability scanners like Web inspect and Veracode to perform automated testing. Proficient in identifying application-level vulnerabilities like XSS, SQL Injection, CSRF, IDOR, Authentication & Authorization bypass and Cryptographic flaws etc. False positives removal by analyzing the results from automated scanners. Performed security checks for cloud environment. Good Knowledge of Jenkins and CI/CD Pipelines. Application Security Testing: Acquainted with various approaches to Grey box & Black box application security testing. Good knowledge on scanning tools like SonarQube and Qualys. Performed Threat Modelling of the applications in coordination with development teams. Reporting the vulnerabilities with evidence, business impact and remediation steps. Performed security testing on APIs using Postman. Responsible for timely delivery of status updates and final reports to clients. Work closely with developers and network/system administrators while fixing the findings. Vulnerability management by keeping track of reported issues and ensuring fixing. Using standards like CVSS (Common Vulnerability Scoring System) to provide the severity (Critical, High, Medium, Low) rating to the vulnerabilities identified.
