Summary
Cybersecurity professional with 7+ years of professional IT experience. Proficient in Threat Modelling, Secure Code Reviews, and Penetration Testing. Cybersecurity ninja by day, Netflix binger by night. I speak fluent Python and JavaScript, but my love language is sarcasm. I fix security holes but can't fix my addiction to travel and questionable memes. I believe in good karma and strong passwords. If you can guess mine, I'll give you a cookie (not a tracking one, I promise).
Relevant Experience
Application Security Intern - Applause App Quality Inc
May 2024 – Aug 2024
- Secure Code Reviews (Python & JavaScript): Conducted comprehensive code reviews for Python and JavaScript projects, identifying critical vulnerabilities. Provided secure coding guidance to developers, ensuring the implementation of best practices for vulnerability mitigation.
- Security Assessments: Performed manual security assessments and penetration testing on internal web applications, identifying over 50 vulnerabilities.
- Automation and Security Tools Development: Built security plugins for frameworks like Flask and VueJS to sanitize inputs at middleware, preventing common attack vectors such as Remote Code Execution, Cross-Site Scripting, SQL Injection, Code Injection, CSRF, and Path Traversal.
- Threat Modeling: Assisted in secure design and conducted threat modeling for various applications, identifying potential risks early in SDLC. Performed threat modeling of SSO & JWT-based authentication for an existing system.
Test Engineer III - uTest Inc
Dec 2022 – Aug 2023
- DevOps Team Leadership: Led and managed a DevOps team of 15+ developers, ensuring the timely execution of over 25 projects, resulting in a 20% increase in project delivery efficiency.
- Web Application Security Administration: Administered all aspects of web application security, including vulnerability assessments, penetration testing, and implementing best practices, reducing security vulnerabilities by 40%.
- Secure Code Reviews: Conducted thorough secure code reviews for over 50 applications to maintain code quality, adhere to coding standards, and address potential security vulnerabilities, improving overall code security by 35%. Provided security best practices and secure code development advice to developers, enhancing the overall security posture.
- Threat Modeling: Performed 8+ threat modeling to identify security risks and develop mitigation strategies, reducing potential cyber attacks by 85%. Implemented and managed robust authentication and authorization mechanisms, securing access to sensitive data and resources.
Subject Matter Expert - uTest Inc
Jan 2022 – Dec 2022
- Secure Web Application Development: Collaborated closely with a development team to design, develop, and deploy secure web applications using CI/CD pipelines, achieving 99.9% uptime and enhancing performance, reliability, and scalability by 20%.
- API Security Implementation: Ensured the security of APIs by implementing best practices, access controls, and encryption mechanisms, safeguarding data and functionality and reducing API-related vulnerabilities by 40%.
- Secure Architecture Development: Developed and monitored the creation of secure architecture for web applications, integrating security throughout the software development lifecycle, resulting in a 30% improvement in overall application security.
Test Engineer II - uTest Inc
Nov 2020 – Jan 2022
- Custom Web Application Development: Collaborated with cross-functional teams to design, develop, and maintain custom web applications tailored for AI data collection and labeling projects, enhancing project efficiency by 30%.
- Web-Based Solution Implementation: Played a pivotal role in developing and implementing web-based solutions, ensuring high-quality software through rigorous testing and validation, resulting in a 20% reduction in post-release defects.
- Automation Tool Implementation: Implemented automation tools and frameworks to streamline the testing process, improving efficiency by 25% and accuracy by 60% in application testing efforts.
- Technical Documentation Maintenance: Maintained and updated 25+ technical documents for projects, including user manuals and release notes, facilitating new employee onboarding and providing ongoing support, reducing onboarding time by 15%.
Test Engineer I - uTest Inc
Sep 2019 – Nov 2020
- Test Cycle Management: Orchestrated and managed the entire test cycle within the platform, ensuring seamless execution from start to finish, resulting in a 30% increase in testing efficiency.
- Testing Process Optimization: Developed clear and user-friendly instructions for the test team, facilitating efficient and error-free testing processes, reducing testing errors by 25%.
- Test Documentation: Ensured detailed documentation of all test-related activities, including test plans, results, and relevant feedback, improving traceability and accountability by 40%.
- Stakeholder Collaboration: Collaborated closely with stakeholders to understand needs and expectations for each test cycle, achieving a 95% satisfaction rate and aligning test outcomes with business goals.
Test Engineer I - uTest Inc
Mar 2018 – Sep 2019
- Issue Triage and Prioritization: Triaged 1,000+ issue reports and test cases, evaluating severity and relevance to prioritize resolution efforts, leading to a 35% reduction in critical issue resolution time.
- Bug Reporting: Generated 300+ bug reports, including clear steps to reproduce issues and impact product functionality, enhancing the efficiency of the debugging process by 25%.
- Regression Testing: Performed rigorous regression and functional testing to identify and document defects, ensuring continued reliability and functionality of 300+ software products, resulting in a 20% reduction in post-release issues.
Projects
- Flask-Sanitize-Escape: Flask middleware extension for automatic input sanitization, guarding against common web vulnerabilities like XSS, SQL injection, and other code injection attacks.
- Vue-Sanitize-Escape: Vue.js plugin that fortifies your application against common web vulnerabilities like cross-site scripting (XSS), SQL injection, and open redirects.
- S3-Etag-Generator: Calculate the ETag for large files uploaded to Amazon S3. It implements a concurrent hashing approach, ensuring file integrity by calculating the MD5 checksum of file parts during the upload process.
- WASM: Web Attack Surface Management (WASM) is designed to identify, assess, categorize, and manage externally facing web assets such as domains, Web Applications, APIs, open ports, and web services.
Honors & Achievements
- Reported 47 security vulnerabilities at HackerOne and 54 at uTest’s crowd security testing
- Gold-rated security tester at uTest
- Recipient of ISACA New York Metropolitan Chapter Scholarship
- Secured 3rd place in the 2024 ISACA NYM Cybersecurity Case Study Competition
Certifications
- Coursera Google Cybersecurity by Google on Coursera, June 2023
- EC-Council Certified Ethical Hacker (CEH), December 2021
Technical Skills
- Information Security: Threat Modelling, Bug Bounty, Vulnerability Management, Security Assessment and Management, Secure Code Reviews, API Security, Penetration Testing, TCP/IP, SSL, TLS, OSI Model, SSH, OAuth, SAML, JWT and SSO.
- Tools: Burp suite, Nmap, Metasploit, Nessus, SonarQube, Open Source Security Tools
- Coding Cloud & Databases: Python, Java, JavaScript, Go, AWS S3, EC2, ECS, Microsoft Azure, MySQL, MongoDB
- DevOps: Kubernetes, Git, Jenkins, Continuous Integration/Continuous Deployment (CI/CD)
- Frameworks & Cloud: Vue.js, Nuxt.js, Flask, NIST Cybersecurity Framework (NIST CSF), MITRE ATT&CK, OWASP Top 10
Education
- Yeshiva University Katz School of Science and Health, New York, NY - Master’s in Cybersecurity, September 2023 - December 2024
- International Institute of Information Technology Bangalore, Bangalore, India - Advance Certificate Program in Cybersecurity, August 2022 - April 2023
- University of Pune, Nashik, India - Bachelor’s in Engineering Information Technology, June 2013 - May 2017