Performing dynamic and static analysis of web applications.
Performing Android and IOS application testing.
Explained to multiple clients the root cause of vulnerabilities and recommended secure solutions and mitigations.
Analyze systems for vulnerabilities that may result in improper system configuration, hardware or software flaws, or operations.
Ability to analyze source code (secure code review).
Conducted white/gray box penetration testing on the financial systems.
Worked with development teams to implement security controls based on threat model findings
Ability to test thick client applications.
Ability to communicate and work closely with executives, peers, and employees at all levels.
Understanding of Application Security Concepts such as SAST, DAST
GRC:
Perform information security assessment and consulting with respect to CIS top 18 Controls.
Performed information security GAP assessment and consulting as per ISO-27001 security controls. Defined risks against lack of identified controls. Recommended mitigations against identified observations to maintain ISO-27001 Compliance. Technologies used: ISO-27001 |PwC Internal Work Programs.
Technical Review of Windows, Linux and Databases. Technologies used: CIS Best Practices |PwC Internal Work Programs.
Conceptual understanding or experience performing Risk Assessments against industry frameworks.
