I am working as a Senior Application Security Engineer at TIAA, a Fortune 500 provider of secure retirements and outcome-focused investment solutions to millions of people working in higher education, healthcare, and other mission-driven organizations.

At TIAA, I am working on application security engineering, automated security testing, penetration testing and code reviews as part of my job.

Prior to TIAA, I was working as an Application Security Engineer at AppDirect, a leading end-to-end commerce platform that helps deliver any digital service, on any device, and accelerate time to market. My role involved Application Security Engineering, Automation, Pentesting and Code Reviews for AppDirect products

Prior to AppDirect, I was working as an Application Security Analyst at Qualys, a leading provider of information security and compliance cloud solutions. My role was to make sure the Qualys’ products and services are secure, safe and free from commonly seen client/server side vulnerabilities.

Apart from work related activities, I sometimes play ctfs on hackthebox & lab.pentestit.ru and have contributed to open source security & DevSecOps Newsletter. I am an active participant at Null,OWASP chapter meets and was also a part of the review team for the Free Docker Security Course.

You can read about my work and learnings on my blog.

I have some hands-on experience on tools like Burpsuite, Sonarqube, Checkmarx, Dependency-Check, Dependency-Track, WhiteHat Sentinel, Docker, Kubernetes, Maven, Gradle, Jenkins, Git, Github Advanced Security.

I am interested in learning various aspects of Usable Application & Software Security, Security Automation and DevSecOps, Fuzzing and Exploit Development, and I intend to keep the list going on…

Everything on this site reflects my personal views only and are prone to errors, feedbacks are appreciated any day :).