Security Engineer, Nuri GmBH

Location: Berlin, Germany

Duration: Feb 2021 - Present

• Application security testing

• SAST/DAST in pipeline

• Cloud security - AWS

• SSDLC security

• Threat modeling

• Tech design reviews

• Bug bounty program

• Audit access controls

• Security awareness training

• Vulnerability Management process

• Data security of third party vendor integrations

• RCA analysis for vulnerabilities and incidents

• Tech stack: AWS security tools - Guardduty, Macie, Inspector, Cloudwatch, Cloudtrail; SAST, DAST, Terraform, Threat modeling, Tech design review, vulnerability management process, bug bounty

Security Engineer, Paytm Ltd.

Location: Delhi, India

Duration: July 2019 - Oct 2020

• Application security testing

• SAST/DAST in pipeline

• Cloud security - AWS

• Container Security

• Threat modeling

• Tech design reviews

• SSDLC security

• Bug bounty program

• Security awareness training

• WAF design and implement - Akamai Kona

• RCA analysis for vulnerabilities and incidents

• Tech stack: SAST, DAST, IAM, AWS, VAPT, Incident response

Security Engineer, EY LLP

Location: Delhi, India

Duration: June 2018 - July 2019

• Web application security testing

• API reviews for security vulnerabilities

• Red Teaming activities

• MBSS review and assessment

• Performed source code analysis to identify security issues

• RBI PPI and UPI technical security audit

• Performed technical security review in ISO27001 audits