Jayaraman M

Experienced and self-motivated Cyber security specialist with 7.5+ years of experience in

Red-Teaming, penetration testing and vulnerability Assessment. Experienced in DAST and SAST reviews on Devsecops pipeline, bringing forth a proven track record in managing/driving the pentest team and providing prompt deliverables.

Experienced in Ethical Hacking concepts and Hacking Tools.

• Experienced in vulnerability Analysis and Penetration testing.
• Experienced in assisting Third Party Assessment as a single Point-of-Contact, by creating a plan from pre-requisites till post engagement call.
• Experienced in being a part of security council for responsible vulnerability disclosure program

(Bug Bounty Program), to validate and release a bounty for the bugs reported.

• Managed DAST and SAST team (8-member team) in offshore to ensure on-time delivery of the assigned tasks
• Worked in Devsecops pipeline (DAST and SAST on pipeline), ensuring Scans are triggered properly and analyzing/resolving the issues from Jenkins
• Experienced in using Webinspect for DAST scans, Identifying the hurdles in using WI and connecting with vendors periodically to resolve the issues
• Experienced in using Fortify for SAST reviews, and assisting developers in suppressing/remediating the True Positives
• Developed an internal tool using Bash script named Servicemap to automate the port scanning
• Developed two internal Frameworks.

➢ ‘R@zploit’ to automate the internal retest process containing more than 12 modules to test OCSP stapling, cipher detection, certificate details, TNS Listener poisoning check,detecting harmful HTTP methods, SNMP and SMTP enumeration and so on by invoking

Metasploit, standalone scripts and self-developed logics using shell script and resource script.

➢ ‘Staut_Framework’ which interacts with the internal server to fetch needed information without querying through the Web-GUI and saves time during the revalidation process.

• Developed an internal tool to detect the reachability of the target across the attack boxes allocated for testing, named Connectivity Scan
• Developed a small code snippet based on Bash scripting, to automate the template creation for

MicroFocus Webinspect for onboarding applications for DAST scans and named it as ‘Templator’

• Developing a one stop solution tool for Web and network penetration testing by invoking the open-source standalone tools to uncover vulnerabilities on a servers in the network and named it a ‘1ne2ouch’
• Developed a git commit analyzer script, which takes the date as a input and list the commits on each repos under an organization in a csv file to analyze what have changed in the code since a particular date
• Attended NullCon and Nullmeet security conferences to enhance the skillset.

B-tech - ECE from india