Summary
Overview
Work History
Education
Skills
Timeline
Generic

Hitanshu Joshi

SF Bay Area

Summary

Results-driven information security analyst with expertise in OWASP Top 10, skilled in security audits, vulnerability detection, and Python automation for efficient security analysis.

Overview

3
3
years of professional experience

Work History

Risk and Financial Analyst

Deloitte
09.2021 - 07.2023
  • Implemented dynamic application security testing (DAST), static application security testing (SAST), and conducted thorough manual testing, fortifying security posture by 40% and ensuring compliance with industry standards
  • Rated vulnerabilities using CVSS scores and employed a manual approach based on the OWASP methodology, utilizing Burp Suite for comprehensive identification and mitigation of security vulnerabilities, thereby enhancing the product's overall security
  • Collaborated with security engineers for static application security testing, addressing threats and vulnerabilities, and provided project management support with recommendations, resulting in a 20% improvement in project stability post-remediation
  • Conducted information security control audits by analyzing client-provided documentation, generating comprehensive audit reports with control compliance scores, and actionable recommendations
  • Contributed as a team member in FedRAMP’s continuous monitoring team, developing a Python automation tool to streamline processing of extensive vulnerability datasets
  • Leveraged Google Cloud Storage API for data retrieval, including Vulnerability Scan Reports, Plan of Action and Milestones files, and false positives
  • Applied a fundamental understanding of the NIST framework and other security frameworks in various initiatives
  • Took on on-call responsibilities for a brief period, contributing to the team's responsiveness and adaptability.

IT Security Analyst

Cerebras Systems
06.2021 - 09.2021
  • Implemented and configured Nessus for routine vulnerability scanning, conducting thorough network assessments resulting in identification of 50+ security threats, enabling proactive mitigation strategies
  • Adopted Jira for ticket management, enabling efficient task delegation, progress tracking, and resolution of network vulnerabilities, leading to a 15% increase in issue resolution rate
  • Developed and implemented Python automation scripts to systematically identify and disable inactive accounts across diverse systems, achieving a remarkable 10% reduction in associated operational costs and enhancing overall system security.

Software Security Engineering Intern

Informatica
09.2020 - 04.2021
  • Utilized Black Duck and Veracode security scans (SCA) for proactive identification and resolution of vulnerabilities in both cloud and on-premises solutions
  • Managed JIRA tickets and exceptions related to vulnerabilities, collaborating with developers for the swift resolution of issues identified through Black Duck scans
  • Played a key role in identifying and mitigating 15% of existing vulnerabilities by efficiently handling security scans and resolving related issues
  • Led the development of a Python automation solution to systematically generate advisories for over 50 products, 1500+ versions, and 1000+ components
  • These advisories outlined efficient short-term and long-term remediation strategies, contributing to a noteworthy 20% reduction in resolution time and substantial time savings for the security team.

Education

Master of Computer Information Systems -

University of Houston, Clearlake
Clearlake, TX
01.2021

B.Tech. Computer Engineering -

Gujarat University
Ahmedabad, India
01.2018

Skills

Pen Testing: Burp Suite Nmap Metasploit SQL Map Wireshark Nessus John the Ripper Hydra

Program language: Python Windows PowerShell SQL Bash Google App Script

Data Analysis: Pandas SQL tableau Microsoft Excel Google Sheet

Operating Systems: Kali Linux Ubuntu Windows MacOS

Software Composition Analysis (SCA) and Static Application Security Testing (SAST): Black Duck Veracode

Dev and DevOps: Git Jira Docker Grafana

Certification: Hacking Web Applications & Penetration Testing: Web hacking, The Art of Threat Modeling

Timeline

Risk and Financial Analyst

Deloitte
09.2021 - 07.2023

IT Security Analyst

Cerebras Systems
06.2021 - 09.2021

Software Security Engineering Intern

Informatica
09.2020 - 04.2021

Master of Computer Information Systems -

University of Houston, Clearlake

B.Tech. Computer Engineering -

Gujarat University

Similar Profiles

CREATE PROFILE
Hitanshu Joshi