Team Lead (SecurityTesting) at ValueMentor | 05/2021-04/2023
- Led a team of five security analysts as a subject matter expert in application security by performing VAPT and QA.
- Performed automated secure code review for 20+ applications.
- Performed over 2100 hours of Web VAPT for GCC, UK , US and Indian clients.
- Performed over 1300 hours of iOS and Android VAPT for GCC client in fintech, insurance and healthcare sector.
- Responsible for organising up-skilling programs to enhance the team skillset.
- Trained and onboarded a team of 5 subject matter resources to ensure delivery quality and consistency. • Led over 50+ engagements as SPOC by supporting various stages of an engagement,
- Scoping & Kickoff
- Pentesting & Service Delivery
- Worked as a program manager for the CEO office driving various programs of CEO office,
- Designed, developed, and implemented a comprehensive employee performance appraisal framework for the organization.
- Worked closely with Marketing, Finance, Operations and HR departments to ensure seamless execution of several programs.
- Responsibly composed and implemented an employee recognition program for recognising employee contributions and achievements.
- Coordinated participation in a major international event. This involved working with stakeholders across different phases.
- Worked closely with the leadership team to for tracking annual goal progress.
Security Analyst at Ernst & Young | 09/2019-02/2020
- Designed modules and trained internal team on penetration testing.
- Performed internal network testing for clients in Europe and Asia.
- Identified vulnerabilities in backend webservice endpoints.
- Responsible for identifying vulnerabilities in web applications.
- Conducted periodical testing in mobile applications.
- Performed client level interactions for providing mitigation support.
- Conducted physical security audit.
Freelance Security Consultant | 08/2017-09/2019
- Responsible for conducting vulnerable assessments and penetration testing on applications and networks as per requirements.
- Conducted training programs for business unit managers,IT development team and students.
- Web Security
- Network Security
- Mobile App Security
- Threat Modelling
- Vulnerability Managements
- Active Directory Assessments
- Automated Secure Code Review
- Certified Ethereum Developer
- Secret Management in Python (Practitioner Level)
- Elite Hacker - Hack The Box
- 1000+ reputation in Stackoverflow
- Delivered talk on Spear phishing and trojans at ISACA Cochin Chapter 2016.
- Former Asst. Commander (Volunteer) - Kerala Police Cyberdome.
- Co-founded 0SecCon (Open Security Community)