Security Analyst with 4+ years in Vulnerability Assessment and Penetration Testing
AI is analyzing your overall score…
Identifying your key strengths…
Evaluating your skill match against the job requirements…
Assessing your cultural and operational fit
Security Engineer with hands on experience on vulnerability Assessment and Penetration Testing, Web Security, Network Security, Threat, Mobile Security, End Point Management and SecurityStandards – OWASP Top 10, SANS 25, GDPR etc.
SRI KRISHNADEVAYARA UNIVERSITY
B.COM
N/A – June 30, 2021
DCM INFOTECH PVT LTD
Security Specialist
July 1, 2025 – Present
India
Stemps Software OPC Pvt Ltd
Security Engineer
September 10, 2024 – June 30, 2025
Bengaluru, Karnataka, India
Lancesoft India Pvt Ltd
Security Engineer
September 1, 2021 – August 30, 2024
Bengaluru, Karnataka, India
CICG INDIAN ARMY
July 1, 2025 – June 30, 2026
Web Application and API Penetration Testing for the CICG INDIAN ARMY DEFENCE. Performed Vulnerability Scanning using Web vulnerability scanner Nessus. Executed regular vulnerability scans using Tenable Nessus on servers, network devices, and applications. Conducted credentialed and non-credentialed scans to identify OS, middleware, and configuration vulnerabilities. Analyzed scan results using CVSS scores to prioritize critical and high-risk vulnerabilities. Coordinated with IT, Server, and Application teams to remediate vulnerabilities within SLA timelines. Validated vulnerability fixes through rescan and verification. Managed plugin updates, Nessus upgrades, and scanner health monitoring. Identified and documented false positives and supported risk acceptance processes. Generated executive and technical reports for audits and management reviews. Supported internal and external audits (ACG, CICG, ISO, PCI). Ensured compliance with security standards and best practices.
Logistics Portal
September 1, 2024 – June 30, 2025
Web Application and API Penetration Testing for the Logistics portal. Performed Vulnerability Scanning using Web vulnerability scanner Veracode, Qualys and Burpsuite Pro. Manual Verification of automated scan reports. Analysis of vulnerabilities and executions to meet the compliance. Prepared Security Test Strategy and approvals. Executed Security Test and reported as per the CVSS Standards. Collaborated with cross functional teams to resolve dependencies and risks. Logged and tracked defects in QC and JIRA. Created test cases as per OWASP top 10 standards and participated in execution. Performed API Pen Testing using POSTMAN and Burpsuite.
Ecommerce - VAPT
September 1, 2021 – August 30, 2024
Web application VAPT -Vulnerability Assessment and Penetration Testing for Insurance based client portal. Involved in Vulnerability Assessment and Penetration Testing for Web application and API. Secured designing and Architecture. Created use cases based on the Secure design. Prepared Test Strategy based on the Security use cases. Participated in user story understanding. Performed threat modeling session using STRIDE methodology with the development team and identifying threats before development work on story begins. Added the identified threats as user stories in backlog along with main functional story. Created test cases for user stories identified as threats with OWASP top 10 standards, testing using Burp Suite, and SOAP UI. Executed the threat user stories test cases once the security requirement is developed. Trained other test engineer/QA member on threat modeling process and creating test case using OWASP top 10 standards.
CEH- Certified Ethical Hacker
Unknown
June 1, 2026 – Present
Cultural Fit Analysis
The candidate's project experience spans different domains (Ecommerce, Logistics, Defense), indicating adaptability and a broad understanding of security challenges across various industries. Their roles consistently align with security engineering and analysis, demonstrating a clear career path and commitment to the field. The breadth of tools and standards they have worked with suggests a willingness to learn and adapt to different technological environments. The experience in training others also points to a collaborative and knowledge-sharing attitude, which is positive for cultural fit.
Soft Skills & Operational Fit
The candidate demonstrates a structured approach to security testing, including strategy preparation, test case creation (OWASP Top 10), defect tracking (JIRA, QC), and training junior team members. Their experience in coordinating with various teams (IT, Server, Application, Development) for remediation and compliance indicates good collaboration and communication skills. The ability to manage vulnerability scanning tools and processes, including false positive analysis and plugin updates, suggests strong operational capabilities. The candidate's involvement in threat modeling early in the development cycle shows a proactive security mindset.