AI is analyzing your overall score…
Identifying your key strengths…
Evaluating your skill match against the job requirements…
Assessing your cultural and operational fit
Application Security Consultant with 6+ years in Penetration Testing & DAST
Possess over 6+ years of specialized experience in Application Penetration Testing and Dynamic Application Security Testing (DAST), with expertise in both black box and grey box testing methodologies. Conducted comprehensive security testing of web applications, and APIs to identify various types of vulnerabilities following OWASP guidelines. Analyzed entire applications to perform thorough security testing, ensuring all potential weaknesses were identified and addressed. Identified and categorized vulnerabilities into Critical, High, Medium, and Low based on OWASP Top 10, prioritizing them according to their criticality. Created proof of concept videos and additional documentation where necessary to provide clear evidence of identified vulnerabilities. Managed projects and penetration tests, ensuring timely completion and thorough documentation of findings. Documented and reported all vulnerabilities discovered during security testing, providing detailed reports to stakeholders for remediation and mitigation. Delivered executive-level risk reports with CVSS scoring, exploit scenarios, and business impact analysis to prioritize remediation efforts. Utilizing tools such as OWASP ZAP and Burp Suite, I conduct thorough security assessments to simulate real-world attacks and identify potential security risks.
Jawaharlal Nehru Technological University, KAKINADA
B.Tech
August 1, 2015 – June 30, 2015
Sri Sai Junior college, Terlam
XII
June 1, 2011 – May 31, 2011
Board of Secondary Education Andhra Pradesh
SSC
June 1, 2009 – May 31, 2009
Infosys
Technology Analyst
March 14, 2022 – Present
India
TeamLease
Project Engineer
May 15, 2020 – March 14, 2022
India
Retail E-commerce Security: DAST & PT Initiative
May 1, 2022 – Present
Client is a global retail giant operating an e-commerce platform handling millions of monthly transactions, with features like AI-driven cart recommendations, real-time inventory sync. The project focuses on securing the platform against runtime vulnerabilities and simulating real-world attacks to protect sensitive customer data (PII, payment info) and ensure PCI DSS compliance. Roles & Responsibilities: Conduct DAST scans using Invicti and Burp Suite to identify vulnerabilities in production-ready web applications, including: Payment gateways (Stripe/PayPal integrations). Customer account dashboards and session management systems APIs for real-time inventory tracking across 100+ stores. Perform penetration testing using Metasploit to simulate attacks such as: Credential stuffing on user login workflows. Business logic abuse (e.g., coupon code manipulation, price tampering). Session hijacking in omnichannel support chatbots. Prioritize vulnerabilities using CVSS scoring, focusing on high-risk issues like: Unsecured API endpoints exposing customer purchase history. Insecure direct object references (IDOR) in order-tracking systems. Validate compliance with PCI DSS for payment processing and GDPR for EU customer data: Test encryption of cardholder data during transmission. Ensure proper access controls for employee dashboards managing loyalty programs. Collaborate with developers to remediate flaws in: Third-party vendor integrations (e.g., Shopify, Salesforce CRM).
Inhouse Applications – DAST & API Security
June 1, 2020 – March 1, 2022
Client is a global is an American multinational confectionery company headquartered in Hershey, Pennsylvania, which is also home to Hersheypark and Hershey's Chocolate World. The Hershey Company is one of the largest chocolate manufacturers in the world. Roles & Responsibilities: Uncovered and exploited business-logic flaws, privilege escalation paths, and insecure direct object references that automated scanners consistently missed. Identified and demonstrated proof-of-concept exploits for critical vulnerabilities including SQL Injection, Blind SQLi, SSRF, IDOR, CSRF, Stored/Reflected/DOM-based XSS, and Broken Object Level Authorization. Performed end-to-end REST and SOAP API security assessments covering authentication mechanisms, authorization logic, input validation, and sensitive data exposure. Used Postman, Burp Suite Pro, and Insomnia to build custom API testing workflows enabling thorough and repeatable assessment coverage. Conducted static and dynamic security analysis of Android and iOS applications using MobSF, Frida, and Objection for deep behavioral inspection. Performed manual secure code reviews on Java, Python, and Node.js codebases, identifying injection flaws, insecure cryptographic implementations, and hardcoded credentials. Performed session management testing — validating token entropy, expiry handling, concurrent session behavior, and logout invalidation across authenticated workflows. Detected and reported insecure deserialization vulnerabilities in Java-based enterprise applications with full exploit chain documentation. Assessed file upload functionalities for unrestricted file type bypasses, path traversal, and server-side execution risks. Conducted clickjacking assessments and validated frame-busting controls across high-value transactional pages. Evaluated XML processing endpoints for XXE injection vulnerabilities, including out-of-band data exfiltration vectors. Contributed to the internal vulnerability knowledge base by documenting recurring vulnerability patterns and reusable test cases for team-wide reference.