About

As a cybersecurity graduate student at the University of Maryland, I am passionate about protecting organizations from evolving threats and vulnerabilities.

I have industry experience in web application security, penetration testing, vulnerability assessment, ethical hacking, and API security testing. In my most recent role as an associate information security consultant at qSEAp Infotech, I worked on critical banking applications, conducting web application security assessments and analysis in line with OWASP Top 10 standards, and managing change request approval processes. I performed API security assessments and thick-client pentesting. I am proficient in programming languages like Java, C, Bash/Shell Scripting, and SQL, and tools such as Burp Suite, Nessus, Postman, Kali Linux, Nmap, and Wireshark.

My goal is to continue making a positive impact in the field and further develop my cybersecurity skill set. I am enthusiastic about contributing my expertise to cybersecurity initiatives, and actively seeking opportunities that will allow me to apply my knowledge and skills in real-world scenarios.

Skills

• Technical Skills: Penetration Testing, Vulnerability Management, Security Assessments, Web Application Security Testing, API Security Testing, Thick-client Security Testing, Network Penetration Testing, Vulnerability Assessment, Cloud Security, Amazon Web Services (AWS), Azure, Operating Systems (Windows, Linux, MacOS), Threat Intelligence, Threat Modelling, Digital Forensics, Incident Response, Network Forensics.
• Programming and Scripting: Python, Java, C++, Bash/Shell Scripting, SQL.
• Pentesting Tools: Burp Suite Pro, Nessus, Postman, Kali Linux, Nmap, Metasploit, SQLMap, ffuf, Dribuster.
• Digital Forensic Tools: Autopsy, Wireshark, EnCase, Volatility, TCPDump.

Work Experience

Qseap Infotech Pvt. Ltd. Associate Information Security Consultant | Aug 2022 - Jul 2023

• Conducted web application penetration tests using Burp Suite and API security assessments using Postman, identifying vulnerabilities in line with OWASP Top 10 standards for a major banking institution, enhancing threat intelligence and analysis capabilities.
• Managed the Application Security (AppSec) team’s Change Request (CR) approval process for over 200 CRs, ensuring secure deployment and identifying potential threats, thus maintaining strong security standards on behalf of the Application Security Team.
• Collaborated with the team to perform security audits, vulnerability scanning, and assessments using Nessus on over 25 network devices and 500 servers within the financial domain, strengthening vulnerability analysis and mitigation strategies.

Accenture Full stack Engineering Senior Analyst | Jan 2021 - Jul 2022

• Developed automation scripts to increase team productivity by 20%, eliminating manual interventions in Oracle database operations and improving processes within the AWS Cloud environment.
• Developed and implemented shell scripts that automated Oracle database and data migration between cloud servers, eliminating manual tasks and achieving a 40% reduction in process time, resulting in increased operational efficiency and reliability.
• Developed microservices for the Inventory Management System using Java Spring Boot and MySQL, enhancing system scalability and performance.

Projects

Comprehensive Digital Forensic Investigation. Conducted forensic analysis using Autopsy to extract and analyze malware from a hard drive image, decoded embedded messages to uncover critical insights, and identified additional artifacts like system logs and network traffic to understand malware behavior and objectives.

Cloud Security Assessment and Infrastructure Hardening for Healthcare Platform. Assessed and remediated security vulnerabilities in a healthcare company’s AWS cloud infrastructure by securing IAM policies, implementing VPC network segmentation, encrypting S3 storage, and utilizing RDS for database management, while designing a multi-tiered architecture with Auto Scaling, multi-AZ deployments, and disaster recovery for scalability, high availability, and compliance.

Certifications

• Web Application Penetration Tester eXtreme: INE Security
• Certified AppSec Practitioner (CAP): The SecOps Group
• SC-900: Microsoft Security, Compliance, Identity Fundamentals: Microsoft
• AZ-900: Microsoft Azure Fundamentals: Microsoft
• AWS Certified Solutions Architect - Associate: Amazon Web Services (AWS)

CTF

• TryHackMe
• picoCTF 2022: Ranked #3942 out of 7800 participants in a series of CTF challenges including Binary Exploitation, Cryptography, Forensics, Reverse Engineering, and Web Exploitation.

Volunteer Experience

Volunteered at BSides NoVA 2024: Assisted in organizing and managing event logistics, engaging with cybersecurity professionals, and contributing to the success of a leading security conference. Networked with industry experts and gained insights into the latest trends and developments in cybersecurity.