Shanmukhi Sruthi KADIYEKAR
Toronto,ON
Summary
With over 7 years in Information Technology, I specialize in Vulnerability Assessment, Penetration Testing, and Security Testing. My expertise includes:
- Web Application Security: DAST, SAST, secure code review, threat analysis, vulnerability scanning, and remediation support.
- Vulnerability Management: Conducting scans, reporting, and integrating security into the SDLC via SAST in DevOps.
- Application Security: Addressing vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak cryptography, and OWASP TOP 10.
- Bug Bounty Programs: Coordinating, validating, and rewarding vulnerabilities submitted by ethical security analysts.
- Security Solutions: Developing and recommending preventive and mitigation strategies.
- Knowledge: IT Governance, Risk and Compliance (GRC) tools, IP protocols (TCP/IP, OSI model), and up-to-date security threats and countermeasures.
I assist senior members with information security tasks, ensuring timely delivery and maintaining comprehensive security solutions.
Overview
8
8
years of professional experience
Work History
Penetration Testing Manager
Finastra
Mississauga, CANADA
10.2023 - Current
- Conducted comprehensive web application security assessments, including manual penetration testing, attack surface enumeration, vulnerability analysis, exploit development, server, and API assessments
- Coordinate and oversee advanced penetration testing activities, including network, web application, and mobile application testing using both automated tools and manual techniques
- Plan, prioritize, and manage multiple penetration testing projects simultaneously, ensuring timely delivery of high-quality results within budget constraints
- Collaborate with application teams and environment owners to schedule and execute testing
- Record findings in a centralized repository for review, prioritization, and remediation tracking
- Ensure compliance with industry standards, regulations, and best practices
- Prepare detailed penetration testing reports with findings, analysis, and recommendations for internal stakeholders
- Creating and participating in software security activities roadmap
- Implementing the SDLC (SAST, DAST, SCA) and guiding program development
- Establish, track, and report penetration testing metrics periodically by product, application, and/or domain
- Documented and analyzed vulnerability impacts on businesses and customers
- Authored and peer-reviewed detailed reports on vulnerabilities and remediation
- Act as the primary contact and relationship manager for third-party penetration testing providers, ensuring successful execution and adherence to service level agreements (SLAs)
- Drive initiatives to enhance the effectiveness and efficiency of penetration testing processes, methodologies, and tools
- Contribute to innovative solutions for emerging cybersecurity challenges
- Stay informed about the latest cybersecurity threats, vulnerabilities, and attack techniques, applying this knowledge to improve penetration testing methodologies and tools.
Principal Security Consultant
Optiv
Mississauga, CANADA
08.2021 - 10.2023
- Conducting web application security assessments, manual penetration tests, attack surface enumeration, vulnerability analysis, exploit development, server assessments, and API assessments for a firm supporting a client list of Fortune 500 companies, global financial institutions, and high-tech startups
- Providing expertise to global corporations to redirect them launch and mature their application security programs by leveraging holistic, scalable, customized approaches based on industry best practices
- Developing and getting involved in a roadmap for software security activities
- Implementing the SDLC (SAST, DAST, SCA) and guide program development
- Create a strategy for multiple projects, including SAST, container scanning, vulnerability assessment and cloud security
- Performing security assessment consistently identified vulnerabilities within these applications
- Performed API assessments and identify vulnerabilities and bad coding practices
- Work closely with engineering teams to understand their application security needs
- Educate engineering teams and security champions in secure coding and development practices
- Analysing and documenting risk severity levels and impacts of vulnerabilities on businesses and their customers
- Authored and peer reviewed comprehensive assessment reports and project status reports to communicate detailed vulnerability findings, proofs of concept, application analysis, and remediation recommendations
- Communicate with clients to help them understand the vulnerabilities remediate the risk associated, taking in consideration the business requirement of the feature.
Security Analyst
Tech Mahindra (ZEN3 Info Solutions)
Hyderabad, INDIA
07.2018 - 01.2020
- Involved in estimations, risk assessment and test plan preparation
- Performing Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite, Veracode and HP Webinspect against Industry Standards
- Manage the performance management for the direct reports, as per the organization policies
- Training and mentoring of project resources
- Participating in the organization-wide people initiatives.
Security Analyst
SM InfoTek, Corp.
CALIFORNIA, USA
01.2017 - 03.2018
- Application security Assessment by using automated scanner like IBM Appscan Standard edition and other open source tools
- Checked the resilience of the application against identified threats using open source tools like Burp suite, Pinata, SSL Scan
- Performed application security assessment which adheres to OWASP top 10 issues using open source tools & manual techniques for assessment
- Used JIRA tool for defect reporting and tracking
- Security report walk through to development team
- Recommend and Assist the best practices for securing Web application and Network Infrastructure to Network and Development teams
- Provided comprehensive report on findings and action items to fix the identified vulnerabilities.
Education
Masters of Computer Science – Computer Science Engineering -
Silicon Valley University
California, USA12.2016
Skills
Security Implementation
Security Testing
IT Risk Management
Risk Mitigation
Threat Management & Detection
Employee Security training
Report Creation
Vulnerability Assessment
Security Optimization
Quality Assurance
Managing Security Breaches
Designing Security Controls
Customer Service and Assistance
Timeline
Penetration Testing Manager
Finastra
10.2023 - Current
Principal Security Consultant
Optiv
08.2021 - 10.2023
Security Analyst
Tech Mahindra (ZEN3 Info Solutions)
07.2018 - 01.2020
Security Analyst
SM InfoTek, Corp.
01.2017 - 03.2018
Masters of Computer Science – Computer Science Engineering -
Silicon Valley University