
AI is analyzing your overall score…
Identifying your key strengths…
Evaluating your skill match against the job requirements…
Assessing your cultural and operational fit
Cyber security- VAPT with 5+ years in Cyber Security, VAPT & Threat Modeling
Information Security Consultant with 5 years of experience in security assessments across Web Applications, Mobile Applications, APIs, Network, and Cloud environments. Skilled in performing penetration testing, vulnerability assessments, and threat modeling for diverse client infrastructures. Hands-on experience in identifying and mitigating application-level vulnerabilities such as Cross-Site Scripting (XSS), SQL Injection, Authentication Bypass, weak cryptography, and session management flaws. Proficient in executing OWASP Top 10 and SANS Top 25 test cases. Experienced in source code review, eliminating false positives, and supporting secure architecture design. Familiar with AWS cloud environments and CI/CD pipelines. Adept at preparing security dashboards, tracking vulnerabilities, and ensuring remediation closure.
Vaagdevi Engineering College
Bachelor of Technology · CSE
August 1, 2015 – June 30, 2019
SecureEyes Techno Services Pvt Ltd
Security Consultant
October 1, 2024 – Present
India
Concentrix
Sr Operations
September 1, 2022 – October 1, 2024
India
Tech Mahindra PVT LTD
Associate
March 1, 2021 – June 1, 2022
India
Knoah
Technical Associate
February 1, 2020 – July 1, 2020
India
Banking Client (SecureEyes)
October 1, 2024 – Present
Experience in remediation review and recommendations to vulnerabilities identified during Security Assessments. Interacting with Application development teams to guide them on the observations reported and the impact of its exploitation. Preparing executive reports for every assessment. Also conduct closing meeting calls with respective clients. Hands on experience with SAST tools like Veracode and Fortify. Responsible for identifying the security gaps and Vulnerabilities through various tools and techniques. Hands on experience with tools like Microsoft TMT. To perform mandatory checks based on input validation, Authentication, Authorization, Configuration Management, Sensitive Data Exposure and Session Management. Verifying false positives and identifying false negatives. Performed application security assessment which adheres to OWASP top 10 issues using open source tools and manual techniques for assessment. Recommendations to mitigate the weakness discovered during the assessment. Prepare detailed forensic and VAPT reports including findings, evidence, attack paths, and remediation steps. Worked on tools like Burpsuite, OWASPZAP, NMAP, SSL Scan, Kali linux, Fortify.etc to complete the application security testing. Discovered insecure storage, hardcoded secrets, and SSL certificate validation issues in the mobile app, strengthening mobile security posture. Delivered High quality VAPT reports with detailed technical impact, reproducible POCs, and tailored remediation strategies aligned with OWASP Top 10 and CWE standards. Network architecture review, Digital Forensic Readiness Assessment, Firewall Rules Review, Configuration review of Servers and Patch management, Offensive Security, Process Review. Simulated Real world attack scenarios through red team participation, testing the organization's monitoring and response readiness. Received reorganization from executive leadership for high quality assessments, rapid delivery under tight deadlines, and client satisfaction. Worked closely with the development and SOC teams to provide security during the SDLC and post deployment monitoring. Conducted network reconnaissance using NMAP, Nikto, and metasploit to access exposed services and identify potential attack vectors. Authored technical documentation and internal knowledge base articles on secure coding practices and vulnerabilities trends. Played a key role in securing a critical internal applications before production rollout, directly reducing attack surface and risk exposure. Delivered a security awareness sessions and mentored interns in real world VAPT methodologies and fool proficiency.
Mobile Application and Health Insurance (Concentrix)
September 1, 2022 – October 1, 2024
Security Testing was carried out on health Care Applications. Conducted full scope penetration testing of web, Mobile, and API layers. Identified and exploited critical Vulnerabilities as per OWASP Framework. Executed business logic testing to uncover flaws in authorization flows, bypassing user role restrictions and accessing sensitive admin functionalities. Leveraged advanced tools like Burpsuite Pro, OWASP ZAP, Nessus, MobSF, Frida, and Objection to perform hybrid (Manual + automated) security assessments. Reduced false positives by manually verifying scan results, significantly improving the accuracy and trustworthiness of vulnerability reports. Validated patches post fix and collaborated with developers to ensure secure remediation without introducing a new risks. Simulated Real world attack scenarios through red team participation, testing the organization's monitoring and response readiness. Received reorganization from executive leadership for high quality assessments, rapid delivery under tight deadlines, and client satisfaction. Worked closely with the development and SOC teams to provide security during the SDLC and post deployment monitoring. Conducted network reconnaissance using NMAP, Nikto, and metasploit to access exposed services and identify potential attack vectors. Authored technical documentation and internal knowledge base articles on secure coding practices and vulnerabilities trends. Played a key role in securing a critical internal applications before production rollout, directly reducing attack surface and risk exposure. Delivered a security awareness sessions and mentored interns in real world VAPT methodologies and fool proficiency.
Web Application and API (Tech Mahindra)
March 1, 2021 – June 1, 2022
Responsible for secure SDLC process for application security assessment activities. Ensure applications follow secure SDLC phases and all security requirements are implemented before each release. Good Knowledge on Threat Modeling. Perform penetration testing for all online digital web Applications. Responsible for identifying security gaps and vulnerabilities thorough various tools and techniques. Evaluate applications against OWASP web Top 10 and other industry standards. Hands on experience with CI/CD pipelines. Perform expert advice and guidance to internal teams on risk assessment, testing and in fixing vulnerabilities. Validating and Findings reported by external teams, third party org and other security groups, and investigating security incidents with incident response teams. Simulated Real world attack scenarios through red team participation, testing the organization's monitoring and response readiness. Received reorganization from executive leadership for high quality assessments, rapid delivery under tight deadlines, and client satisfaction. Worked closely with the development and SOC teams to provide security during the SDLC and post deployment monitoring. Conducted network reconnaissance using NMAP, Nikto, and metasploit to access exposed services and identify potential attack vectors. Authored technical documentation and internal knowledge base articles on secure coding practices and vulnerabilities trends. Played a key role in securing a critical internal applications before production rollout, directly reducing attack surface and risk exposure. Delivered a security awareness sessions and mentored interns in real world VAPT methodologies and fool proficiency.
CEH (Certified Ethical Hacker) v.13
Unknown
June 1, 2026 – Present
Cultural Fit Analysis
The candidate's project diversity across health insurance, general web/API applications, and banking clients, along with their experience in different organizational settings (Concentrix, Tech Mahindra, SecureEyes), indicates adaptability and a broad exposure to various security challenges. Their active participation in red team simulations and mentoring interns suggests a proactive and collaborative mindset, aligning well with a culture that values continuous learning and teamwork in cybersecurity. The CEH certification further underscores a commitment to professional development in the field.
Soft Skills & Operational Fit
The candidate demonstrates strong operational fit through their experience in collaborating with development and SOC teams, validating patches, and providing expert advice on risk assessment and vulnerability remediation. Their involvement in red team exercises and delivering security awareness sessions indicates a proactive and team-oriented approach. The repeated recognition for high-quality assessments and client satisfaction suggests strong communication and delivery skills.