PRANAY SHETKAR

Jain University Bangalore

MCA · Information Security Management System

August 1, 2015 – June 30, 2018

Goa University

BCA · Bachelors of Computer Applications

August 1, 2012 – June 30, 2015

Govt Higher Secondary School Khandola

Class XII

June 1, 2010 – May 31, 2010

Vidya Prabodhini College of Commerce, Education, Computer & Management

Class X

June 1, 2008 – May 31, 2008

Intrucept Private Limited

Senior Cloud Security Engineer

September 4, 2023 – Present

Bengaluru, Karnataka, India

Bizcarta / SecureInteli Technologies PVT LTD

Lead Cyber Security Analyst

February 1, 2019 – August 11, 2023

Bengaluru, Karnataka, India

Minkspay

Andriod Developer

July 1, 2018 – January 31, 2019

Bengaluru, Karnataka, India

Cloud Infrastructure Vulnerability Assessment and Threat Detection

September 4, 2023 – Present

Conduct in-depth vulnerability assessments and threat detection for the organization’s cloud infrastructure to proactively identify security risks and implement mitigation strategies. Responsibilities: Conducted regular vulnerability scans and penetration testing on cloud infrastructure using tools such as cloud native GCP Security Command Center to identify security weaknesses. Managed the configuration and deployment of GCP Security Command Center for continuous monitoring of cloud environments. Performed incident response activities, analyzing potential threats and implementing preventive measures to safeguard cloud resources. Worked with development teams to remediate vulnerabilities and applied patches to cloud instances and applications. Created detailed vulnerability assessment reports and presented findings to stakeholders, outlining security gaps and recommended actions.

Cloud Security Implementation for Enterprise Cloud Environment

September 4, 2023 – Present

Design and implement a comprehensive cloud security framework to protect the organization’s sensitive data and ensure compliance with industry regulations across a multi-cloud environment. Responsibilities: Led the deployment of security controls, including Identity and Access Management (IAM), encryption, and firewall configurations across GCP environments. Conducted regular vulnerability assessments using GCP Security Command Center and mitigate security risks. Monitored cloud environments for potential security breaches and responded to incidents in real-time using SIEM tool Chronicle Detect. Designed and implemented multi-factor authentication (MFA) and role-based access controls (RBAC) to strengthen access management.

Deploy application security tool

February 1, 2019 – August 11, 2023

To deploy HCL AppScan in their software testing environment and demonstrate scan on the application and generate vulnerability report. Responsibilities: Deployed HCL AppScan in software development institute for performing security testing on the application Scan performed on the different application like (java, C, C++) of the customer’s internal application. Upon successful scanning of the application generated a vulnerability report. Demonstrated how to mitigate the vulnerability found in the report.

CTI (Cyber Threat Intel) Android app

February 1, 2019 – August 11, 2023

The android app purpose was to bring the latest cybersecurity News and to provide you update on all the cybercrimes, cybersecurity Incidents, Security Breaches, Vulnerability, Malware, blogs, and More Breaking News Updates from Cyber Space straight to your mobile phone. Responsibilities: Creating Splash screen design page, development, and integration with the timer for few seconds and redirecting to the logging page. Designing an interactive logging page and connecting it with the database for the smooth process of login using email id and password. Development and designing of the signup page and storing the data collected by the sign up page in the database. Creating main landing page (Feeds) which will show different news related to latest cybersecurity incident, malware etc. Deigning share button in a way that shares the information on other social media platform. Coding of logout functionality on the app for user logout. Developing On clicking functionality which on clicking takes to other activity and shows all the information about vulnerability, malware, etc

Cyber security risk assessment

February 1, 2019 – August 11, 2023

Project Description: The Objective of this risk assessment activity is to perform simulated attack based on internal and external cyber attacker view point on Christ University to understand the potential attack threat vectors. Cyber Risk Assessment covering Infrastructure, Network, Hosting, Email, Critical Servers from Internal and External perspective. Responsibilities: Network architecture review: Reviewing the current security technology and processes in the organization, determining the critical information assets in the infrastructure, and analyzing the security roles regarding the infrastructure. The assessment also involves a thorough analysis of the existing network architecture and infrastructure and make appropriate recommendations. Identifying Key points of Entry and Critical Public facing Resources from the network architecture. Obtaining publicly available information through in depth internet scanning of identified resources. A Sample of every family of network devices such as router, switch, Wireless Access point was reviewed for misconfiguration, vulnerabilities, bandwidth utilization and for end of support. Evidence gathering, technical report writing and recommendations associated this network architecture review. External Penetration Testing: Identify and thoroughly tests potential points of attack after enumerating every live host, open port, and available service. Includes identification of all vulnerabilities on these Internet accessible systems and explores any identified vulnerabilities to determine whether they can be exploited to gain access to the targeted system or to sensitive information. Performed Internet testing from two attacker perspectives. The first is a zero-knowledge approach, in which our consultants identify the domain names and IP address ranges registered to your organization, along with publicly available information that would assist an attacker in targeting your network. The second is a targeted test in which you provide the target IP address rangesfor the testing to identify and analyze live hosts, open ports, and potential vulnerabilities. Initial Reconnaissance and OS and application finger printing. Perform in-depth Vulnerability Assessment of Public facing websites and Applications. List of Vulnerabilities and Misconfigurations found. Possible attack vectors describing how your systems can be exploited. Business Risks related to the exploitation of those vulnerabilities. Detailed recommendations for Vulnerability Patching. Internal Penetration Testing & Host Vulnerability Assessment: In-depth reconnaissance and fingerprinting of endpoints, internal servers and performing Privilege Escalation of Internal Applications. Performing vulnerability assessment on the endpoints and Non-Public facing Servers for identifying, classifying, and prioritizing vulnerabilities in computer systems and applications. Evidence gathering, detailed technical vulnerability findings & recommendation and technical report writing Email Security Architecture Review: Reviewing of the Email Security policies, Strong passwords, monthly password rotations. Verifying email spam filters enabled for spam emails. Evidence gathering and documenting in the technical report writing. Phishing And Social Engineering: A Phishing attack was simulated on the employees to check whether they can identify and distinguish legitimate emails from phishing scams and whether they will report latter to the TI team. Generated specially crafted emails that claims the user password is about to expire and successfully performed the attack. Documented the evidence collected in the technical report.

Cyber Risk Assessment

February 1, 2019 – August 11, 2023

Project Description: Perform Risk Assessment on ABP Print Media hosting infra and application (android & iOS) to understand the current state of Cyber Risk. Provide recommendation and mitigation strategy in achieving to desired state of matured security. Responsibilities: Application Source Code Review using Veracode and provide recommendation based on the report generated. Performed penetration testing on the internet facing application and found that one of the pages discloses the PII information. Performed assessment activity on the application hosted on AWS instance and found instance vulnerable with most of the CVE’s listed by the CloudSploit tool with High, Medium, Low severity. During the Assessment activity it was able to identify Security Misconfigurations on the AWS instance. Evidence was gathered and documented in the report.

Web Attack Surface Analysis

February 1, 2019 – August 11, 2023

Project Description: To perform a web attack surface analysis for their upcoming business application (www.admissiontree.in) to ensure it is secure. Responsibilities: Performed SAST (Static Application Security Testing) source code analysis testing on the application using Veracode tool. Using Burp Suite tool found api level vulnerabilities like api misconfiguration. Documented the vulnerabilities in the report to publish it to the customer.

Cyber Threat Intelligence Security Advisory (Internal project)

February 1, 2019 – August 11, 2023

To build the process for the internal team and make security advisory Responsibilities: Part of a special team which sends organization wide Security Advisories & Threat Intel to Relevant teams. Building a manual process for sending security advisory to other organization. Researching on the latest vulnerability, zero-day, new patches, data breaches, malware and publishing the security advisories. Creating, Defining, Documenting, and Implementing the security advisory process in the team. Posting on the social media and sending email security advisory to Bizcarta customer to keep customer aware of the new vulnerabilities, malware and zero-days. Maintaining the high level and low-level tracker for advisory sent.

API Security Assessment

February 1, 2019 – August 11, 2023

Application Risk Analysis covering Api testing and SAST Responsibilities: 1. The assessment was performed on the given API using Burp Suite 2. Vulnerable API’s were documented in the technical report writing.

Endpoint vulnerability analysis

February 1, 2019 – August 11, 2023

To perform analysis on the IP address given by the customer and provide recommendation. Responsibilities: Using Nessus tool performed vulnerability analysis on the endpoint machines and found vulnerabilities. Scan performed on the different location of the customer machines using Nessus agent. Documented in the technical report writing.

External Penetration Testing

February 1, 2019 – August 11, 2023

The objective of this project is to perform external penetration testing on the Exela technologies internet facing resources to understand the potential cyber threat vectors from an external attacker viewpoint. Responsibilities: 1. Performed external vulnerability assessment on the Ip addresses using Nessus unauthenticated scan and look for known issues.. 2. Performing discovery scan for information gathering, performing OSINT, Services Enumeration, and discovery of ports Test on Vulnerabilities and break down between exploitable vs un-exploitable/ known vs unknown. Capturing in the vulnerability in the report with screenshot and providing the recommendation. 5. Detailed executive report writing

API Security Assessment

February 1, 2019 – August 11, 2023

The objective of this project was for assess the existing API for vulnerabilities. Responsibilities: API assessment performed using ApiSec tool and found vulnerabilities. Performed manual operation on the api to check the vulnerable api’s. Generated and documented report for vulnerable api’s

External Penetration Testing

February 1, 2019 – August 11, 2023

The Objective of this project was to carry out an External Penetration Testing on Aspire Systems to understand the potential Cyber threat vectors. Highlight potential business impact to the management and support with mitigation strategy. Responsibilities: Performed external vulnerability assessment on the Ip addresses and found Critical, High, Medium, Low severity vulnerabilities. Scan IP addresses for malware, malicious activities, and open vulnerability on the system using Nessus and do port scanning. Provided the impact of vulnerability and recommendation of the vulnerable Ip addresses. Documented in-detail vulnerability report of the vulnerable Ip addresses.

Cybolt Next Gen SIEM

February 1, 2019 – August 11, 2023

To revamp Accel IT’s Security Operation Center with Next Generation Threat Monitoring and Intelligence platform. Responsibilities: Work closely with Accel security organization to constantly monitor security threats and defense of Accel client Beroe Inc. Focused on security incident management, detection, investigation and informing the customer about malicious activity on the monitored servers, endpoints, firewall using SIEM solution. Configuring SIEM solution for log monitoring, deploying sensors and agents for log monitoring. Manage SIEM user accounts (create, delete, modify, etc.) Creating dashboard for (Firewall logs, Antivirus logs, Server application logs, etc). Generating weekly and monthly technical report for the customer.

CERT-In Empanelment

February 1, 2019 – August 11, 2023

To empanelment the organization with CERT-In. Responsibilities: CERT-In Off-line in-house practical skill test. Pentesting the web application for vulnerable points, program bugs/errors, and insecure configuration. Preparing and submitting the proof of concepts, and steps for verification with screenshots for each vulnerability. Reporting the vulnerabilities in the report along with the screenshots, POC steps, and preparing the Executive Summary Report.

Vulnerability Assessment And Penetration Testing (Web & Mobile application)

February 1, 2019 – August 11, 2023

To perform Vulnerability assessment and penetration testing on the given applications and highlight the potential vulnerabilities in the report to the management. Responsibilities: Perform the VAPT of the application in terms of (black box, White Box, and Grey Box). Web application security testing, vulnerability assessment, Network vulnerability scan and Pentesting. Performing the internal Pentesting on the infrastructure, highlighting the risks/vulnerabilities, and preparing the executive report. Pentesting the mobile application (Android), finding the vulnerabilities, and generating the Executive report. Help the developer mitigate the risk and provide necessary suggestions.

Android app development

July 1, 2018 – January 31, 2019

To develop the android app design and revamp of the application design. Responsibilities: Developed native Android applications and frameworks using Java. Optimize the interfacing of the apps with a variety of systems to ensure flexible and agile use. Collaborated with designers, engineers, and product managers to build great experiences. Design and develop the frontend of the application and make it more interactive.

Certified Web Hacking Expert - Level

Unknown

June 1, 2026 – Present

I Cyber Crime and Investigation

Unknown

June 1, 2026 – Present

OPSEC Fundamentals for Remote Red Teams

Unknown

June 1, 2026 – Present

How to play Competitive Backdoors & Breaches

Unknown

June 1, 2026 – Present

Certified DevOps Associate

Unknown

June 1, 2026 – Present

AlienVault Certified Security Engineer (AVSE)

AlienVault

June 1, 2026 – Present

Veracode Certified Advisor

Veracode

June 1, 2026 – Present

Splunk Fundamentals 1

Splunk

June 1, 2026 – Present

Splunk Fundamentals 2

Splunk

June 1, 2026 – Present