Mayur Dusane

Security Engineer (He/Him/His)

mdusane@mail.yu.edu | 2014230463 | LinkedIn

Summary

Cybersecurity professional with 7+ years of professional IT experience. Proficient in Threat Modelling, Secure Code Reviews, and Penetration Testing. Cybersecurity ninja by day, Netflix binger by night. I speak fluent Python and JavaScript, but my love language is sarcasm. I fix security holes but can't fix my addiction to travel and questionable memes. I believe in good karma and strong passwords. If you can guess mine, I'll give you a cookie (not a tracking one, I promise).

Relevant Experience

Application Security Intern - Applause App Quality Inc

May 2024 – Aug 2024

  • Secure Code Reviews (Python & JavaScript): Conducted comprehensive code reviews for Python and JavaScript projects, identifying critical vulnerabilities. Provided secure coding guidance to developers, ensuring the implementation of best practices for vulnerability mitigation.
  • Security Assessments: Performed manual security assessments and penetration testing on internal web applications, identifying over 50 vulnerabilities.
  • Automation and Security Tools Development: Built security plugins for frameworks like Flask and VueJS to sanitize inputs at middleware, preventing common attack vectors such as Remote Code Execution, Cross-Site Scripting, SQL Injection, Code Injection, CSRF, and Path Traversal.
  • Threat Modeling: Assisted in secure design and conducted threat modeling for various applications, identifying potential risks early in SDLC. Performed threat modeling of SSO & JWT-based authentication for an existing system.

Test Engineer III - uTest Inc

Dec 2022 – Aug 2023

  • DevOps Team Leadership: Led and managed a DevOps team of 15+ developers, ensuring the timely execution of over 25 projects, resulting in a 20% increase in project delivery efficiency.
  • Web Application Security Administration: Administered all aspects of web application security, including vulnerability assessments, penetration testing, and implementing best practices, reducing security vulnerabilities by 40%.
  • Secure Code Reviews: Conducted thorough secure code reviews for over 50 applications to maintain code quality, adhere to coding standards, and address potential security vulnerabilities, improving overall code security by 35%. Provided security best practices and secure code development advice to developers, enhancing the overall security posture.
  • Threat Modeling: Performed 8+ threat modeling to identify security risks and develop mitigation strategies, reducing potential cyber attacks by 85%. Implemented and managed robust authentication and authorization mechanisms, securing access to sensitive data and resources.

Subject Matter Expert - uTest Inc

Jan 2022 – Dec 2022

  • Secure Web Application Development: Collaborated closely with a development team to design, develop, and deploy secure web applications using CI/CD pipelines, achieving 99.9% uptime and enhancing performance, reliability, and scalability by 20%.
  • API Security Implementation: Ensured the security of APIs by implementing best practices, access controls, and encryption mechanisms, safeguarding data and functionality and reducing API-related vulnerabilities by 40%.
  • Secure Architecture Development: Developed and monitored the creation of secure architecture for web applications, integrating security throughout the software development lifecycle, resulting in a 30% improvement in overall application security.

Test Engineer II - uTest Inc

Nov 2020 – Jan 2022

  • Custom Web Application Development: Collaborated with cross-functional teams to design, develop, and maintain custom web applications tailored for AI data collection and labeling projects, enhancing project efficiency by 30%.
  • Web-Based Solution Implementation: Played a pivotal role in developing and implementing web-based solutions, ensuring high-quality software through rigorous testing and validation, resulting in a 20% reduction in post-release defects.
  • Automation Tool Implementation: Implemented automation tools and frameworks to streamline the testing process, improving efficiency by 25% and accuracy by 60% in application testing efforts.
  • Technical Documentation Maintenance: Maintained and updated 25+ technical documents for projects, including user manuals and release notes, facilitating new employee onboarding and providing ongoing support, reducing onboarding time by 15%.

Test Engineer I - uTest Inc

Sep 2019 – Nov 2020

  • Test Cycle Management: Orchestrated and managed the entire test cycle within the platform, ensuring seamless execution from start to finish, resulting in a 30% increase in testing efficiency.
  • Testing Process Optimization: Developed clear and user-friendly instructions for the test team, facilitating efficient and error-free testing processes, reducing testing errors by 25%.
  • Test Documentation: Ensured detailed documentation of all test-related activities, including test plans, results, and relevant feedback, improving traceability and accountability by 40%.
  • Stakeholder Collaboration: Collaborated closely with stakeholders to understand needs and expectations for each test cycle, achieving a 95% satisfaction rate and aligning test outcomes with business goals.

Test Engineer I - uTest Inc

Mar 2018 – Sep 2019

  • Issue Triage and Prioritization: Triaged 1,000+ issue reports and test cases, evaluating severity and relevance to prioritize resolution efforts, leading to a 35% reduction in critical issue resolution time.
  • Bug Reporting: Generated 300+ bug reports, including clear steps to reproduce issues and impact product functionality, enhancing the efficiency of the debugging process by 25%.
  • Regression Testing: Performed rigorous regression and functional testing to identify and document defects, ensuring continued reliability and functionality of 300+ software products, resulting in a 20% reduction in post-release issues.

Projects

  • Flask-Sanitize-Escape: Flask middleware extension for automatic input sanitization, guarding against common web vulnerabilities like XSS, SQL injection, and other code injection attacks.
  • Vue-Sanitize-Escape: Vue.js plugin that fortifies your application against common web vulnerabilities like cross-site scripting (XSS), SQL injection, and open redirects.
  • S3-Etag-Generator: Calculate the ETag for large files uploaded to Amazon S3. It implements a concurrent hashing approach, ensuring file integrity by calculating the MD5 checksum of file parts during the upload process.
  • WASM: Web Attack Surface Management (WASM) is designed to identify, assess, categorize, and manage externally facing web assets such as domains, Web Applications, APIs, open ports, and web services.

Honors & Achievements

  • Reported 47 security vulnerabilities at HackerOne and 54 at uTest’s crowd security testing
  • Gold-rated security tester at uTest
  • Recipient of ISACA New York Metropolitan Chapter Scholarship
  • Secured 3rd place in the 2024 ISACA NYM Cybersecurity Case Study Competition

Certifications

  • Coursera Google Cybersecurity by Google on Coursera, June 2023
  • EC-Council Certified Ethical Hacker (CEH), December 2021

Technical Skills

  • Information Security: Threat Modelling, Bug Bounty, Vulnerability Management, Security Assessment and Management, Secure Code Reviews, API Security, Penetration Testing, TCP/IP, SSL, TLS, OSI Model, SSH, OAuth, SAML, JWT and SSO.
  • Tools: Burp suite, Nmap, Metasploit, Nessus, SonarQube, Open Source Security Tools
  • Coding Cloud & Databases: Python, Java, JavaScript, Go, AWS S3, EC2, ECS, Microsoft Azure, MySQL, MongoDB
  • DevOps: Kubernetes, Git, Jenkins, Continuous Integration/Continuous Deployment (CI/CD)
  • Frameworks & Cloud: Vue.js, Nuxt.js, Flask, NIST Cybersecurity Framework (NIST CSF), MITRE ATT&CK, OWASP Top 10

Education

  • Yeshiva University Katz School of Science and Health, New York, NY - Master’s in Cybersecurity, September 2023 - December 2024
  • International Institute of Information Technology Bangalore, Bangalore, India - Advance Certificate Program in Cybersecurity, August 2022 - April 2023
  • University of Pune, Nashik, India - Bachelor’s in Engineering Information Technology, June 2013 - May 2017