Washington DC-Baltimore Area
4+ years of Cybersecurity work experience; includes working at MongoDB (NYC) , unicorn startup as well as security researcher involved in finding zero days. For any interesting full time security engineer roles : ronnie(at)terpmail.umd.edu Skills: Python, Secure code review, secure SDLC, Threat modelling, Whitebox/BlackBox vulnerability assessment, Cloud Security, cloudformation, terraform, network security, IAM Security, Application security, Red Teaming, Mobile, web, API, iOS Pentesting, cryptography, OWASP Top 10, Information assurance, Digital Forensics etc. Hands-on experience (but not limited to): * Detection Engineering with SIEM like Splunk * Proficient in web application security using tools like Burp Suite, and Acunetix. * Experienced in API security testing with Postman and Codacy for static code analysis. * Skilled in AWS cloud security with hands-on experience in AWS services: Lambda, WAF, CloudTrail, CloudWatch, SNS, S3, KMS, EC2, IAM, and Slack-based alert automation. * Capable of setting up Honeypot networks for intrusion detection. * Familiar with DevSecOps practices and CI/CD pipelines in Jenkins. * Network security testing using Nmap, Nessus, and Metasploit (manual and automated approaches). * Mobile application penetration testing with tools like Frida, Burp Suite, Xposed, JD-GUI. * Experienced in mobile anti-cheat solution assessments using Xposed, Magisk, dnSpy, and Game Guardian. * Have handled bug bounty triage and remediation. * Competitor research via OSINT techniques. * Secret management expertise using HashiCorp Vault. * Conduct phishing simulation exercises for security awareness. Security Community Contributions: I have open sourced several infosec tools as well as act as editor of a security medium publication which has more than 5k followers. I am always trying to upgrade my skillsets in diversified security landscapes. I am experienced in both dynamic and static code analysis. Starting from college, I have been actively contributing to the security of different organizations; in turn getting myself listed and rewarded in several security HOF viz. Google Hall of Fame, Microsoft, Facebook Whitehat List, Apple etc to name a few. During my Junior yr, I was selected as one among 30 students from Asia to attend an invite only security conference and live hacking event in Singapore by Facebook. I also have a couple of CVE’s for open source security contribution. "For we walk by faith, not by sight" - 2 Cor 5:7 Feel free to follow me on LinkedIn and let’s have a humble conversation about life/ information security. :)
Detection Engineering
Coursework: Cloud Computing, Hacking with C and Unix binaries, Secure Operating Systems, Cloud Security, Linux System Administration, Virtualization and docker, Information Assurance , Security Tools for Information security , Digital Forensics and Incident Response, Penetration Testing
As an Information Security Engineer Intern, I worked in the intersection of cloud security and application security and was able to complete impactful projects with high visibility.
* Product security Review and Code Review * Performing web, mobile, API pentesting. * Red Teaming * Game Hacking * Fraud Mitigation * SIEM and EDR * Threat and OSINT hunting * Cloud Security
My primary role involved in helping achieve CVE's for our client. * Involved in finding Zero Days in Open Source applications. * Conduct both DAST and SAST * Trace LOC and vulnerability introduction versions. * Create detailed report and conduct walkthroughs and suggest remediation to clients in popular Israeli web security company. Strengthened skills in Docker, NPM Ecosystem, Pypi, Go, .net, Ruby etc.