About
As an Application Security Analyst,I secure critical applications throughvulnerability assessments, penetrationtesting, and secure code reviews,ensuring client deliverables meetdeadlines and quality. I’ve grownby mastering tools like Burp Suite,nmap, Jadx-GUI, and MobSf, improvingtechnical skills, time management, andclient communication. I collaborate withdevelopment teams to embed securityinto SDLC and mentor juniors tostrengthen team capability. My proactiveapproach, problem-solving mindset, andcommitment to learning help deliverresults and build client trust, drivingmy growth as a trusted securityprofessional.
Skills & Expertise (19)
Work Experience
Trainee
Nexdigm (Formerly SKP)
June-2019 - December-2019
Performed Vulnerability Assessment and Penetration Testing (VAPT) on internal corporate networks and applications, identifying and reporting security gaps. Collaborated with development and network teams to understand business requirements and provided realistic, risk-based mitigation or compensatory solutions for identified vulnerabilities. Engaged with clients to understand project architecture, functional dependencies, and tailored the VAPT approach accordingly for both network and application layers. Delivered detailed technical reports outlining vulnerabilities, risk impact, and actionable remediation guidance aligned with best practices and compliance standards. Assisted clients in implementing fixes and improving security posture through regular consultations and support during remediation phases. Conducted successful Red Teaming assessments, simulating real-world attack scenarios to test detection and response capabilities of the organization.
Assistant Manager
Deloitte
July-2022 - December-2022
Led a team of penetration testers working on security assessments for banking, financial services, and insurance (BFSI) clients, ensuring high-quality deliverables within strict timelines. Conducted and reviewed application penetration tests, identifying vulnerabilities across web, mobile, and API surfaces; ensured adherence to OWASP and industry standards. Trained and mentored new joiners and junior team members, facilitating skill development and improving team performance. Collaborated with developers and stakeholders to explain reported vulnerabilities, propose mitigation strategies, and track remediation efforts. Assisted the Manager in team planning, effort estimation, and delivery tracking; created strategic plans to meet security testing targets and KPIs. Acted as point-of-contact for complex client queries and provided technical leadership during client-facing discussions.
Deputy Manager
Jio Platforms
January-2023 - Present
Performed security assessments and penetration testing for microservice-based applications, focusing on feature-level changes prior to production deployment. Conducted end-to-end application security testing for internet-facing platforms to identify vulnerabilities before go-live, ensuring compliance with security standards. Independently managed application security lifecycle for multiple platforms, including risk assessment, vulnerability scanning, and remediation coordination. Participated in the Indian Computer Emergency Response Team (CERT-In) empanelment assessment for Jio in 2024, selected based on performance and skillset. Gained hands-on experience in security testing of Set-Top Box (STB) platform-based applications, expanding testing expertise beyond traditional web/mobile applications. Collaborated with development and DevSecOps teams to embed security controls within CI/CD pipelines and support secure software development practices. Provided ongoing security monitoring and supported mitigation of vulnerabilities identified in both pre-production and production environments.
Information Security Trainee
ControlCase
January-2020 - March-2021
Conducted Vulnerability Assessment and Penetration Testing (VAPT) to support clients in meeting PCI-DSS compliance, covering internal network (INVA/INPT), external network (ENPT), application security, and segmentation testing. Performed ASV (Approved Scanning Vendor) scans, analyzed scan results, and prepared compliant/non-compliant reports as per PCI-DSS standards. Coordinated end-to-end testing engagements, from gathering prerequisites and environment details to executing scans/tests and reporting outcomes. Delivered detailed security findings and reports with clear risk ratings and mitigation recommendations. Engaged directly with clients via calls to explain vulnerabilities, discuss remediation or compensatory controls, and clarify compliance requirements. Worked closely with cross-functional teams and client stakeholders to ensure smooth completion of security assessments and audit support.
Consultant
Deloitte
April-2021 - June-2022
Performed hands-on penetration testing of client applications across BFSI domains, delivering detailed security reports with prioritized vulnerabilities and remediation recommendations. Engaged in post-assessment calls with developers and clients to clarify security issues and provide guidance on compensating controls or fixes. Contributed to internal knowledge sharing and supported the onboarding of junior team members through peer guidance and technical walkthroughs.
Education
B.Sc
2015 - 2018 · India
12th
2013 - 2015 · India
10th
2001 - 2013 · India
Certifications
Penetration Testing
Offensive Security · 2022
Certification in advanced penetration testing
OWASP Security
OWASP · 2021
Certification in web application security
Certified Ethical Hacker
EC-Council · 2020
Certification in ethical hacking and penetration testing
