Experience

BayOne Solutions

• United States
• IT Services and IT Consulting
• 200 - 300 Employee

• Lead Cyber security Consultant

  • Sep 2023 - Present

  Working as Lead Cyber Security Consultant for HPE (Hewlett Packard Enterprise).



Virsec

• United States
• Computer and Network Security
• 100 - 200 Employee

• Lead Security Research Engineer

  • Nov 2021 - Aug 2023

  > Writing rules to feed into the Engineer to protect from LOLBIN attacks mapped to MITRE ATT&CK > Setup and assessments creation based on different scenario (MITRE ATT&CK) with different BAS(Breach Attack and Simulations) Tools like Cymulate SafeBreach and opensource. > Working on 0day exploits creating POC findings gaps and solution > Writing different exploits to demonstrate protection capability and gaps > Penetration Testing of different components to find gap and… Show more > Writing rules to feed into the Engineer to protect from LOLBIN attacks mapped to MITRE ATT&CK > Setup and assessments creation based on different scenario (MITRE ATT&CK) with different BAS(Breach Attack and Simulations) Tools like Cymulate SafeBreach and opensource. > Working on 0day exploits creating POC findings gaps and solution > Writing different exploits to demonstrate protection capability and gaps > Penetration Testing of different components to find gap and fix > Evaluate different security tools Antivirus/EDR/XDR with automation scripts based on IOCs and behavior > Analyzing and writing different Payloads for OWASP top 10 attacks Show less



Paytm

• India
• Financial Services
• 700 & Above Employee

• Senior Security Engineer

  • Aug 2019 - Nov 2021

  > Critical/Scaled infra(servers and networking devices) Vulnerability Assessment/Management with Nessus, tenable(io/sc), Qualys > Public/Private Cloud Penetration Testing with Metasploit, Canvas, custom exploits and payloads > Setup of Malware lab to evaluate/ bypass EDR/XDR tools > Threat hunting setup and configuration of Cortex, Cybereason on endpoints and servers. > Red Teaming with sophisticated attack techniques along with shodan, censys etc. > Security… Show more > Critical/Scaled infra(servers and networking devices) Vulnerability Assessment/Management with Nessus, tenable(io/sc), Qualys > Public/Private Cloud Penetration Testing with Metasploit, Canvas, custom exploits and payloads > Setup of Malware lab to evaluate/ bypass EDR/XDR tools > Threat hunting setup and configuration of Cortex, Cybereason on endpoints and servers. > Red Teaming with sophisticated attack techniques along with shodan, censys etc. > Security Assessment of Mobile Apps(IOS/Android) manual and automated > SAST of Web, Mobile and other applications with Checkmarx and SonarCube > VA/PT to meet the PCI-DSS compliance Audits (internal/external) > Automation of VA/VM integration with JIRA tickets, DAST tools, DLP and POC of exploits Show less



Vayam Technologies Ltd.

• India
• Information Services
• 300 - 400 Employee

• Security Researcher

  • Jun 2016 - Jul 2019

  Working as Security Researcher for MOD (Ministry of Defence). > Creating Sophisticated Red Teaming strategies and executing them to find security Gaps > Penetration Testing/Auditing large and complex infrastructure(network/devices & servers) > Programming for Malware, reverse shell, C&C server etc for POC in a controlled environment. > ICS/SCADA and IoT security audit/Penetration testing > Setting up Infra for Red/Blue Team Security drills/exercises, Creating vulnerable VM's and monitoring tools. > Analyzing and proposing… Show more > Creating Sophisticated Red Teaming strategies and executing them to find security Gaps > Penetration Testing/Auditing large and complex infrastructure(network/devices & servers) > Programming for Malware, reverse shell, C&C server etc for POC in a controlled environment. > ICS/SCADA and IoT security audit/Penetration testing > Setting up Infra for Red/Blue Team Security drills/exercises, Creating vulnerable VM's and monitoring tools. > Analyzing and proposing solution for Network/system-based Security threads and exploiting techniques > Automation for threat detection/malware analysis (static and dynamic) with FireEye and other tools. > Encountering and providing training to mitigate sophisticated spear phishing attacks with live POC Show less



Caremytrip And Group (SSTravelhouse, Mughalholiday, Thesunnsea,DeshVideshTrip)

• Security Engineer

  • Aug 2013 - Dec 2015

  > Web Security Assessment with OWASP Top 10 standard > Automated and manual Web VA with Acunetix, Burpsuite and ZAP > VPS, Hosting server and mail server hardening > Red Teaming, security tools and and framework Development -Incidents and security alert monitoring and investigation