Back to Developers
Neha Gawande

Neha Gawande

Application Security Engineer

Pune
80
Profile Score

About

Application Security Engineer with 3.5+ years of experience in Secure SDLC implementation, Web/API security testing, and vulnerability lifecycle management. Experienced in SAST, DAST, and SCA execution, secure code review, and DevSecOps integration using Jenkins. Strong understanding of OWASP Top 10, threat modeling, authentication mechanisms, and risk-based remediation. Passionate about embedding security early in the development lifecycle and collaborating with engineering teams to build secure applications.

Skills & Expertise (31)

web security testing Advanced
8.6/10
3.5
Years Exp
API Security Testing Advanced
8.5/10
3.5
Years Exp
Vulnerability lifecycle management Advanced
8.4/10
3.5
Years Exp
SAST Advanced
8.3/10
3.5
Years Exp
Secure SDLC implementation Advanced
8.3/10
3.5
Years Exp
SQL Injection Postman XSS IDOR CSRF SSRF TLS configurations Token integrity Session management CVSS v3 Risk Scoring MITRE ATT&CK Cyber Kill Chain Nessus OWASP Dependency Check Burp Suite WebInspect Enterprise Fortify Risk-Based Remediation Authentication mechanisms Threat Modeling OWASP Top 10 Jenkins DevSecOps integration Secure Code Review SCA DAST

Work Experience

Cyber Security Engineer

TCS

Feb 2022 - Present

Performed SAST using Fortify, analyzing and prioritizing vulnerabilities such as Injection, Broken Access Control, Insecure Deserialization, and Sensitive Data Exposure. Conducted DAST using WebInspect Enterprise and Burp Suite, identifying runtime and business logic vulnerabilities in staging environments. Executed SCA using OWASP Dependency Check, mapping vulnerable libraries to CVEs and CVSS v3 risk scores. Integrated SAST and SCA into Jenkins CI/CD pipelines, enabling automated Shift-Left security with severity-based quality gates. Conducted manual secure code reviews focusing on OWASP Top 10 vulnerabilities including SQL Injection, XSS, IDOR, and improper authentication. Provided remediation guidance such as parameterized queries, input validation, output encoding, and secure session handling. Participated in Secure SDLC activities including requirement reviews, security design validation, and pre-release security assessments. Led vulnerability triage sessions, validated false positives, and verified remediation prior to production deployment. Conducted Web and API penetration testing (Gray-box & Black-box) using Burp Suite. Identified vulnerabilities including SQL Injection, XSS, CSRF, SSRF, IDOR, and misconfigurations. Demonstrated proof-of-concept exploitation and assessed business impact. Validated security controls such as TLS configurations, token integrity, and session management mechanisms. Managed end-to-end vulnerability lifecycle including detection, CVSS-based risk prioritization, remediation tracking, and validation. Mapped vulnerabilities to CWE, OWASP Top 10, and MITRE ATT&CK where applicable.

Education

Bachelors Of Engineering - Amaravati University

2018 - 2021 · Afghanistan

Diploma - MSBTE

2015 - 2018 · Afghanistan

Interested in this developer?

Profile Score Breakdown

📷 Photo 10/10
📄 Resume 10/10
💼 Job Title 10/10
✍️ Bio 10/10
🛠️ Skills 20/20
🎓 Education 10/10
⏱️ Experience 5/15
💰 Rate 0/5
🏆 Certs 0/5
Verified 5/5
Total Score 80/100

Profile Overview

Member sinceMar 2026

Availability Details

Relocation

Open to Relocation

Skills (31)

web security testing API Security Testing Vulnerability lifecycle management SAST Secure SDLC implementation SQL Injection Postman XSS IDOR CSRF +21 more

Similar Profiles

FA

Future application_Technologies

Future application_Technologies

Bhoomi Chawla Computer Science & Applications

Bhoomi Chawla Computer Science & Applications

Suraj Kumar

Suraj Kumar

Android Application Developer

$100/hr Maghima Thiagarajan

Maghima Thiagarajan

Web Application Developer with 3 years of Experience

$100/hr
View All Developers →