WORK HISTORY

Senior Security Consultant II at EY GDS | 12/2024-04/2026

  • Performed web application testing on an AI chatbot for a major construction cost estimation firm in Europe.
  • Performed 7 Web and API penetration tests on a major agritech firm in Europe.
  • Conducted and completed more than 2000 hours of Web and API penetration testing for a major US bank.
  • Trained more than 100 interns on web application penetration testing
  • Led and developed 2 challenges for a major CTF

Senior Security Consultant at ValueMentor [contract] | 05/2024-08/2024

  • Led and managed security testing of a major lottery client in UAE.
    • Performed VAPT on core front-end and backend web applications of the lottery interface.
    • Performed internal and external network VAPT of 45+ IP addresses on the Azure cloud environment.
    • Collaborated with the devops team to mitigate the identified security vulnerabilities.
    • Performed automated secure code review of 1 Million+ lines of code

Team Lead (SecurityTesting) at ValueMentor | 05/2021-04/2023

  • Led and managed a team of 5 security analysts, serving as a subject matter expert in security by conducting penetration tests and vulnerability assessments, for web apps, mobile apps and network.
  • Conducted VAPT on Web, Mobile and Network for various clients in fintech, insurance, e- commerce and hospitality across GCC, UK, US and India.
  • Mentored and trained resources on security testing techniques, tools, and industry standards to enhance skillset which resulted in an increase in the team strength by 25%.
  • Implemented and managed up-skilling programs for security testing team which resulted in an increase of 5% in skillset.
  • Led over 50+ engagements as SPOC by supporting various stages of an engagement,
    • Scoping & Kickoff: Defined the scope of security engagements. Facilitated kickoff meetings, discussing the penetration testing process and rules of engagement.
    • Pentesting & Service Delivery: Created vulnerability reports and mitigation strategies for clients to protect application and network. Carried out QA to guarantee the testing’s quality and coverage.
    • Client Interactions: Provided clients with on-demand assessment activities, emphasising the security posture and impacts.Provided technical support and communication to developers to resolve vulnerabilities
  • Executed automated secure code reviews for multiple applications, ensuring robust security measures.
  • Developed internal tracking project execution plans that included task distribution, progress tracking, and quality control procedures.

Security Analyst at Ernst & Young | 09/2019-02/2020

  • Designed modules and trained internal team on penetration testing.
  • Performed internal network testing for clients in Europe and Asia.
  • Identified vulnerabilities in backend webservice endpoints.
  • Responsible for identifying vulnerabilities in web applications.
  • Conducted periodical testing in mobile applications.
  • Performed client level interactions for providing mitigation support.
  • Conducted physical security audit.

Freelance Security Consultant | 08/2017-09/2019

  • Responsible for conducting vulnerable assessments and penetration testing on applications and networks as per requirements.
  • Conducted training programs for business unit managers,IT development team and students.

SKILLS

  • Web Security
  • Network Security
  • Mobile App Security
  • Vulnerability Managements
  • Active Directory Assessments
  • Automated Secure Code Review
  • Python
  • Leadership
  • Training
  • ProjectManagement
  • EthereumSmartContracts

CERTIFICATION

  • Certified Ethereum Developer
  • Secret Management in Python (Practitioner Level)

ACHIEVEMENTS

  • Elite Hacker - Hack The Box
  • 1000+ reputation in Stackoverflow
  • Delivered talk on Spear phishing and trojans at ISACA Cochin Chapter 2016.
  • Former Asst. Commander (Volunteer) - Kerala Police Cyberdome.
  • Co-founded 0SecCon (Open Security Community)

CONTRIBUTIONS