Shashi Vardhan

Cybersecurity Engineer with 3.5+ years of experience in Vulnerability Assessment and Penetration Testing (VAPT)

Talent

BengaluruMember since 1 June 2026

Threat Modeling (STRIDE)Vulnerability Management LifecycleBurp SuiteOWASP ZAPNessusNmapMobSFJADXJenkinsSTRIDE MethodologyRisk PrioritizationRemediation Tracking

Hire this person

Send a job offer directly to this candidate

Threat Modeling (STRIDE)Vulnerability Management LifecycleBurp SuiteOWASP ZAPNessus

About

Cybersecurity Engineer with 3.5+ years of experience in Vulnerability Assessment and Penetration Testing (VAPT) across Web, API, Mobile, Network, and Cloud environments. Skilled in identifying, analyzing, and remediating critical security vulnerabilities aligned with OWASP Top 10 and SANS Top 25. Hands-on experience in implementing DevSecOps practices by integrating DAST and SAST tools into CI/CD pipelines, enabling early detection of vulnerabilities and reducing remediation timelines.

Strong expertise in threat modeling (STRIDE), vulnerability management lifecycle, and cloud security, including IAM, MFA, and misconfiguration analysis. Proven ability to collaborate with development and operations teams to enhance application security posture, reduce risk exposure, and ensure secure SDLC practices.

Experience

Security Engineer - SysdocTechnologies

(2022-11 - 2026-05)

Conducted VAPT on 20+ web and API applications, identifying critical vulnerabilities such as XSS, SQL Injection, CSRF, and authentication bypass issues
Identified and reported 100+ vulnerabilities, including high and critical severity issues, significantly improving application security posture
Implemented end-to-end vulnerability management lifecycle, including identification, risk prioritization, remediation tracking, and reporting
Integrated DAST (Burp Suite, OWASP ZAP) and SAST tools into CI/CD pipelines using Jenkins, enabling DevSecOps practices and improving early detection of security issues
Performed cloud security assessments focusing on IAM policies, RBAC, MFA implementation, and misconfiguration analysis
Conducted threat modeling using STRIDE methodology to identify potential attack vectors and mitigate risks during early SDLC phases
Executed network security assessments using Nessus and Nmap to identify infrastructure vulnerabilities
Performed mobile application penetration testing using MobSF and JADX, identifying issues such as hardcoded credentials and insecure data storage
Collaborated with development teams to remediate vulnerabilities, reducing remediation turnaround time and improving overall security compliance
Strengthened cloud security posture by implementing Multi-Factor Authentication (MFA) and role-based access control (RBAC)
Experience in testing salesforce lightning, integrations, web services and AppExchange apps.