United States
I’m a cybersecurity professional with 7+ years of experience focused on securing web applications, conducting in-depth penetration tests, and managing end-to-end vulnerability assessment programs. I’ve worked with enterprise environments and Fortune 500 clients across industries such as finance, retail, and tech. 🛠️ Core competencies include: Web App Penetration Testing (OWASP Top 10, SANS CWE Top 25) Secure SDLC & DevSecOps integration Static & Dynamic Analysis (SAST/DAST) Tools: Burp Suite, OWASP ZAP, Nmap, Metasploit, Nessus, Wireshark Security Assessments: OWASP Software Maturity Model SAMM, DSOMM Manual exploitation & red teaming methodologies I hold the CEH certification and am actively pursuing the OSCP to sharpen my offensive security capabilities. I take pride in translating technical findings into business-impactful insights and fostering secure development practices. Let’s connect if you're looking for someone who can think like an attacker but act like a trusted advisor.
- Conducted manual penetration testing using Burpsuite tool for 3 insurance portals to simulate real-world attack scenarios and uncover complex vulnerabilities. - Executed DAST scans with HCL Appscan and performed false positive analysis to identify runtime security issues - Performed SAST using Fortify/Scan Wizard/Audit Benchmark for 12 Azure DevOps cloud repositories and - performed false positive analysis, manual code review - Reviewed application architectures and participated in threat modeling discussions & security design reviews to identify risk early in the development lifecycle.
- Contributing technical blogs and educational content on OWASP Top 10 and secure development practices for early-career AppSec professionals. - Assisting in designing beginner-friendly CTF labs and hands-on challenges for community learning. - Supporting community engagement by mentoring and guiding mentees on AppSec learning paths. - Collaborating with the founder and team to shape educational programs aligned with OWASP SAMM and DevSecOps principles. - Promoting secure coding awareness by breaking down complex security topics into accessible, actionable resources.
Cybersecurity Capstone Project: - Investigated multiple real-world breach scenarios including phishing, PoS malware, and AI-related ransomware to identify vulnerabilities, attack vectors, and root causes using MITRE ATT&CK and digital forensics techniques. - Conducted a full incident response simulation for a selected case study, analyzing attacker tactics, assessing compliance gaps (NIST, ISO 27001), and recommending strategic improvements. - Delivered a final breach report detailing timeline reconstruction, threat intelligence, and risk mitigation strategies, demonstrating hands-on expertise in cybersecurity analysis and reporting.
🔹 Conducted web & API penetration testing using Burp Suite, ZAP, and Postman 🔹 Performed vulnerability assessments and security reviews across SDLC 🔹 Integrated AppSec into DevSecOps pipelines with tools like Checkmarx & SonarQube 🔹 Delivered secure code review and remediation guidance to dev teams 🔹 Led security testing efforts for clients like Nike, PwC (Vialto), and Uber 🔹 Improved security maturity using OWASP SAMM, DSOMM frameworks 🔹 Enabled faster vulnerability triage and reduced remediation time by 30% 🔹 Collaborated in Agile environments to embed security early in development
- Conducted dynamic and static application security testing (DAST, SAST) - Reviewed code and architecture for security vulnerabilities (manual & automated) - Managed AppSec tools like Fortify, Burp Suite, and Checkmarx - Worked closely with developers to provide secure coding guidance