Hi!

I am a Security Engineer & specialized into FinTech. I aim to make a difference through my creative solution.

Say Hi to me!

Email: [email protected]

About me

I'm a hacker, Security Engineer and all-time learner. I have a very niche interest in FinTech and have worked with several top-tier institutions. I have been hacking since 2015, stepping into bug bounties reported and collaborated with companies like Facebook, Uber, Mastercard, Visa, Avast, Intel etc. I started my journey in Signzy as an Intern, where I have worked in B2B with reputed financial organizations like HDFC, Citi Bank, Pinelabs & others, helping them deploy APIs and flows securely environment. I love to keep myself updated with personal finance and am very curious about subjects like financial case studies, Economics, VC, and Startups. Now I'm a security engineer at Klar in Berlin, one of the top fintech in Mexico that provides quick banking solutions.
Travelling is a part of me. I love to fail, grow and connect with people.
It's no secret that proper time management is a crucial element of success regardless of who you are or what you do. So I am an avid reader who loves to read more about productivity. I am also a global speaker, delivered almost 40+ international events, and trained more than 1500+ people.
I have been hacking since 2015, hacked into top-tier companies in the bug bounty industry. CEH (Certified Ethical Hacker) in 2019 & worked with the Indian police force on a contractual basis to crack down on Cyber cases.
Proficiency -
- Web Application & API Penetration Testing.
- Automating Security Pipeline & Workflows.
- Android / IOS Application Penetration Testing.
- Building Appsec Pipeline.
- Vulnerability Management.
- Security Configuration Review for Clouds & Containers.

Experience

Klar - AppSec | Security Engineer | DevSecOps


Berlin - Germany


Klar is a digital financial services platform allowing users to manage their money in a secure and personalized way from their smartphone.Quick Banking solutions.
I am part of the Security team where I am leading & building the Appsec Pipeline from scratch.
• Internal / External API Pentesting
• Managed and reconfigured the Enterprise Pentest Program; continuously led as the subject matter expert in vulnerability triage and remediation with Cobalt.
• Collaborated with SRE team during Incident Response.
• Building internal Vulnerability Management with opensource tools.
• Intregating SAST tools to improve CI/CD lifecycle.
• Building Key management with the Devops team.

Skills - Burpsuite Enterprise | Synk | Jira | Notion | Cobalt | Vulnerability Management | Terraform | Postman

BlockFi - AppSec | Red Teaming | Blockchain | Fintech | Crypto


NewYork - USA


BlockFi is a complete cryptocurrency ecosystem for advanced crypto traders. It has over 1 million verified users and over $10 billion in assets. I was part of the Cyber Defense team where I was working with my team members from different nations across the globe. • Established SDLC best practices, including configurations for the WAF allow listing, SAST, and DAST tools. Utilized tooling to manage vulnerability identification and remediation efforts.
• Managed and reconfigured the Enterprise Bug Bounty Program; continuously led as the subject matter expert in vulnerability triage and remediation with Hackerone.
• Collaborated with multiple teams during Incident Response Management as it pertained to Application Security.
• Conducted Network, API, Web Application Penetration tests, and Mobile Security (IOS) identifying multiple vulnerabilities to mitigate enterprise risk.
• Communicated Enterprise needs to thirdparty-vendors, performed in-depth tool assessments to compare functionality, performed Proof of Concepts, and write high-level deliverables to present to leadership.
• Ensuring all security events and incidents (internal/external) are logged into Vulnerability Management and regularly updated and closed Jira tickets within the set SLAs.

Skills - Burpsuite Enterprise | Synk | Jira | AWS Identity and Access Management (AWS IAM) | Vulnerability Management | Defectdojo | Tenable Nessus

Signzy - B2B | RPA | AI | APIs | Fintech | Banking | Digital Security

Bangalore - India

Signzy is enabling 10 million+ end customer and business onboardings every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a strong global partnership with Mastercard and Microsoft.One of the top-notch fintech startups in India.
My day to day activities were -
• Dealing with B2B products with Top Financial Institutions like Citi bank, HDFC, Axis, Pine Labs.
• Day to Day Configuring REST APIs in a secure manner.
• API QA Testing with POSTMAN.
• Penetration Testing.
• Integrating AI-based KYC.
• Collaborating with Product Managers & Clients to integrate flows in a secure architecture.

Community Member - Google Developer Group | Open Source India | Null Bangalore | Defcon India

India

I have worked as Security tester & Quality Assurance for the GDG and been an active member of the family. Worked in different opensource projects as Security & functional tester.
I have worked on -
- Planning, scripting, executing and reporting tests.
- Creating and writing test plans.
- Executing tests to qualify them for that stage of development process.
- Developing tests to automate these tests.
- Diagnosing identified problems and communicating the issues appropriately to the development team.
- Creating and updating associated documentation for the test plans.
- Automation with Selenium/Python.
- Mobile application testing.

Community Member - OWASP

India

- Managing community members.
- Strategic Planning.
- Organizing Talks.
- Presenting Talks.
- Collaborating with OWASP Board members.

Bug Bounty - Bugcrowd | HackerOne

Remote

Most of my weekends I spent my time playing CTFs & Bugbounties.I have been doing bug bounties since 2017 and got acknowledged by Top Programs like Uber, Mastercard, Facebook, Sony, Hubspot, and so on. Top #500 Global rank in Bugcrowd 2019.
Skills: Fuzzing · Bash · Asset Discovery · GraphQL · Elasticsearch · Parser · IDOR · CSRF · RCE · OWASP · Serialization · Reverse Engineering · Python · Docker · Burpsuite

Freelancer - Web Design & Development - HTML | CSS | JS | Bootstrap | SQL| PHP | Python | Wordpress | SEO

India

I have worked as a freelance front-end developer with more than 15+ Startups & Companies.
- HTML
- CSS
- JS
- Wordpress
- PHP
- SQL
- Node
- SEO
- Cloudflare
- Webmail
- Chat Bots Intregation

Education

Information Security & Android Development - Jain University

Banaglore - India

2017 - 2020

Secondary School - Hindustani Kendriya Vidyalaya (Commerce)

Guwahati - India

2015 - 2017

Primary School - Luit Valley High School

KPT - India

2002 - 2015

My Expertise

Web Application Penetration Testing

Mobile App Penetration Testing

Static & Dynamic Testing

API Penetration Testing

Postman, REST API, GraphQL

Cloud Security

Azure , AWS

Frameworks -

NIST, ISO 27001, PCI DSS

Security Tools -

Burp Suite, Cobalt, Postman, Splunk, ZAP & Others

Additional Skills -

Red Teaming , SIEM, Python, Bash

Web Development -

HTML, CSS, JS, Bootstrap, PHP, NodeJS

Organizational Skills -

SDLC, Blockchain, Quality Assurance, Quality Control, Crypto, Market Speculation, Trading, Micro & Macro Economics

Wall of Fame

I have secured more than 150+ global reputed companies, Some of my acknowledgements are -

Facebook

Uber

MasterCard

Paypal

Intel

Avast

Google

Cambridge University

More 150+ organizations

Memories

" Connecting my dots by looking backwards "

Nasscom, Bangalore

With Vijetha Shastry

Lead Product Innovator for Nasscom India & Executive Director of TIE.

Google India, Bangalore

Google Developers Group

I have been a part of google development program for 1.5 years.Its been a great journey to work together and finding creative solutions for reshaping the world and being part of the future.

Cowrks, Bangalore

With Senior Manager of Cowrks, CEO of Reinvent Startups, Venture Capitalist & other creative minds

Had some great discussion regarding Indian Startup Ecosystem.

Trainer & Speaker

Trainer @ hackathon

Trained more than 300+ people in CyberSecurity where reputed companies like SAS, Accenture, Intel, Google & others were present in the hackathon.

Goa

With Aseem Jakhar - CoFounder of Payatu, Hardwear.io, Nullcon

Meeting Great minds across the country.He is one the inspiration and influenctial for infosec community.

Global

Featured by 30+ global companies in their virtual sessions.

Recently featured by one of the fast pace SaaS company in their daily show.

Cambridge University

Appreciation from Cambridge University

I have secured and delivered my talks in many reputed universities and one of my wishes came true being acknowledged from Cambridge University.

   

Google , India

Provided apprenticeship training to Google India

I have provided my training on emerging cyber attacks & Code Exploitation in Google India.

Media Coverages

20+ Media Coverages

Media Coverages from many organisations, Shared my long road story.

   

Summarizing My Hardwork

Not Easy though !

Projects I have worked on 0
Trained professionals more than 0
Late Nights & Cups of coffee 0

Copyright © All rights reserved