Achievements

• Found High Vulnerability on the Porsche Shop web application (Bug Hunting)
• Found High Vulnerability on Heidelberg University's web application (Broken Object Level Authorisation)

Responsibilities

• Worked on best practices for AI security standards, referencing OWASP Top 10 LLM and ISO 42001 AI Management System.
• Strengthened the application security posture by creating security profiles, integrating Threat Modelling (STRIDE), Application Security requirement assessments, Compliance, Cloud assessments, and Vulnerability/Risk Management processes.
• Adapted ISO 27001: 2022 frameworks to specific business needs for the leasing department, enhancing governance and compliance while supporting operational efficiency.
• Successfully implemented necessary compliance measures, focusing on aligning operations with the Digital Operational Resilience Act (DORA).
• Optimized Governance, Risk, and Compliance for web applications, ensuring adherence to standards and best practices.
• Streamlined vulnerability management processes using Qualys VMDR, collaborating with application teams to reduce the identified vulnerabilities.

Achievements

• Saved 15000$ for the client by finding a Critical Vulnerability RCE on the client's live estate.
• Saved 10000$ reporting a High Vulnerability, i.e. Improper session management on client payment sites.
• Pat on the back, Reward for 2021 ? Coforge
• Collaborator Reward For 2022 ? Coforge

Responsibilities

• Lead Vulnerability Assessment and Mitigation through PCI Compliance, Tier-1, and Tier-4 internal and external applications, and network annual pen tests, reducing risks by 67%.
• Performed Release scans associated with the Secure SDLC ecosystem.
• Managed end-to-end vulnerability assessment lifecycle, utilising Qualys WAS and Network Scans to inform Asset Tagging, Asset Management, and Risk Management strategies, resulting in a 13% decrease in overall vulnerabilities.
• Assessed web applications and APIs for vulnerabilities using open-source and professional tools (OWASP Zap, Metasploit, BURP Suite and Nmap) and prepared technical reports of the findings. Successfully reported numerous Critical and High vulnerabilities around the web application.
• Conducted SFTP and FTP Penetration testing.
• Completed Static Application Testing (SAST) using Veracode for various applications.
• Conducted configuration review for Windows OS and Linux OS to meet Business Hardening standards (CIS Benchmark).
• Contributed innovative ideas to the team in conducting security operations, leveraging SPLUNK for Threat Analysis, Real-Time Incident Monitoring, and streamlined Incident Response.
• Mitigated vulnerabilities identified via Endpoint Detection and Response (EDR) platforms, leveraging Microsoft Defender and Crowdstrike Falcon to enhance endpoint security posture, reducing vulnerabilities by 6%.
• Developed and implemented a ServiceNow (SNOW) workflow that streamlined Security Operations, resolving over 600 tickets and significantly improving SLA adherence and operational efficiency.

Initiatives

• Introduced Brand Protection, reducing more than 75% of unused open ports.
• Collaborated with client (DNATA) to create a Security Governance model for both the security team and application/infra team to agree on workflow and SLAs, including work structure, reporting format, processes, documentation (SOPs), etc.
• Developed processes to introduce and implement new tools (POCs for Qualys scanning) and techniques to perform ongoing security assessments of the environment.
• Developed an auto-report generator using Power Automator for the team.