I am working on Application Security Engineering at TIAA, a Fortune 100 provider of secure retirements and outcome-focused investment solutions to millions of people working in higher education, healthcare, and other mission-driven organizations
Prior to TIAA, I was working as an Application Security Engineer at AppDirect, a leading end-to-end commerce platform that helps deliver any digital service, on any device, and accelerate time to market. My role involved Application Security Engineering, Automation, Pentesting and Code Reviews for AppDirect products
Prior to AppDirect, I was working as an Application Security Analyst at Qualys, a leading provider of information security and compliance cloud solutions. My role was to make sure the Qualys’ products and services are secure, safe and free from commonly seen client/server side vulnerabilities.
Prior to Qualys, I was working with SecureLayer7 Technologies, a consulting firm, doing vulnerability assessment and penetration testing.
Apart from work related activities, I sometimes play ctfs on hackthebox & lab.pentestit.ru and have contributed to open source security & DevSecOps Newsletter. I am an active participant at Null,OWASP chapter meets and was also a part of the review team for the Free Docker Security Course.
You can read about my work and learnings on my blog here.
I have some hands-on experience on tools like Burpsuite, Nmap, Sonarqube, Dependency-Check, Dependency-Track, Nessus, WhiteHat Sentinel, Docker, Kubernetes, Maven, Gradle, Jenkins, Git.
Attributed with CVE-2017-14618, CVE-2017-14619, CVE-2017-15284, CVE-2017-15878, CVE-2017-15879, CVE-2017-16807, CVE-2017-18048, CVE-2017-18049, CVE-2019-6804 & CVE-2019-10349.
I am interested in learning various aspects of Application & Software Security, Security Automation and DevSecOps, Fuzzing and Exploit Development, and I intend to keep the list going on…