Lead Security Engineer

• Sep 2022 - Present

Senior Security Engineer II

• Sep 2020 - Sep 2022

Senior Security Engineer

• Jul 2018 - Sep 2020

• AppSec Lead for new and emerging Instacart products; conducted design, code reviews and penetration test for these products in Ruby on Rails• Worked on application and system security review for different Instacart verticals• Integrated security static analysis tool, Brakeman for all Rails application with the CI pipeline• Helped integrate mobile static analysis tool, Data Theorem in CI for Android and iOS applications• Added Okta as authentication method for internal admin applications using 'ruby-saml'• Worked on evaluating different Zero Trust/IAP products • Evaluated and helped integrate cloud security monitoring solutions for Instacart VPCs• Helped co-manage the Bug Bounty program and Vendor Security Review program• Co-created Security Education program and delivered it to about 300 engineers• Created interview content and conducted interviews to help expand the security team

Application Security Engineer

• May 2017 - Jun 2018

• AppSec Lead for fuzzing automation and infrastructure; this involved finding fuzzing targets, writing harnesses, generating seed input corpus and dictionaries, crash triage, setting up fuzzer boxes, automation of crash triage and bug reporting, creation of the fuzzing dashboard, worked with the Satori team to fix the crashes and refine the fuzzer for false positives ; fuzzed the Satori Real Time Backend in C++ using AFL • AppSec Lead for Satori Backend, Smart Cities and Cognant Ad Campaign Solution • Worked on penetration tests and design reviews for Satori Smart cities, Cognant Mobile Ad Campaign solution, MZ Game features and MZ marketing websites; AppSec Lead on 10 pentests and a contributor on many others • Static Code analysis using Checkmarx, triage and removal of false positives using Checkmarx Query Language CxQL • Helped with the deployment of Signal Sciences (WAF) for various projects • Code reviews in C++, PHP, Python, Java, JS and Lua • Performed network infrastructure scans for new MZ buildings • AppSec Lead for the MZ Bug Bounty Program • Contributor and instructor for MZ Hackerspace, including 3D printing and embedded projects

Member of Technical Staff, NSBU Application Security

• Feb 2015 - May 2017

• Design and development of security related features such as Appliance File Usage Collation/Whitelisting and API/CLI for Mandatory Access Control using Apparmor. • Enhancement of Ixia tools such as IxANVL to make it compatible with NSX for protocol conformance testing. Also worked on Ixia Breaking Point, Peach fuzzer and AFL. • Carried out traditional network attacks on software defined virtualized network such as ICMP redirect, DHCP hijacking, MAC/ARP/IP spoofing, flooding, port sweeping/scanning and fragmentation attacks. • Other analysis efforts include log scrubbing, appliance file permission audit, iptables rule checking; traffic interception (MITM attacks); vulnerability analysis and mitigation; fuzz/negative testing • Attended security conferences such as RSA conference, Defcon, Moosecon and other trainings.

Intern - Member of Technical Staff

• May 2014 - Aug 2014

Worked on an independent project to develop a system to simulate the workload of the primary customers of VMware NSX. Also worked on web based topology creator tool where users can create deployable JSON configuration by drag-dropping nodes and links on to a canvas. Worked on an independent project to develop a system to simulate the workload of the primary customers of VMware NSX. Also worked on web based topology creator tool where users can create deployable JSON configuration by drag-dropping nodes and links on to a canvas.

Software Engineer

• Aug 2011 - Jul 2013

Design, coding, testing and handling of PRs (problem reports), peer review of code, feature description, unit test plan, buffer creation. Design, coding, testing and handling of PRs (problem reports), peer review of code, feature description, unit test plan, buffer creation.

Software Developer Intern

• Aug 2010 - Oct 2010

Junior level trainer at robotic outreach programs by the company at NIT Nagpur and VIT Vellore. Junior level trainer at robotic outreach programs by the company at NIT Nagpur and VIT Vellore.

Research Intern, Computer and Informatics Group

• May 2010 - Jun 2010

http://www.vecc.gov.in/ http://www.vecc.gov.in/