Shanmukhi Sruthi KADIYEKAR
Toronto,ON
Summary
With over 7 years in Information Technology, I specialize in Vulnerability Assessment, Penetration Testing, and Security Testing in both automation and Manual testing My expertise includes:
- Web Application Security: DAST, SAST, secure code review, threat analysis, vulnerability scanning, and remediation support.
- Vulnerability Management: Conducting scans, reporting, and integrating security into the SDLC via SAST in DevOps.
- Application Security: Addressing vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak cryptography, and OWASP TOP 10.
- Bug Bounty Programs: Coordinating, validating, and rewarding vulnerabilities submitted by ethical security analysts. Managed and optimized HackerOne's program operations, enhancing security protocols and driving successful vulnerability disclosure initiatives.
- Security Solutions: Developing and recommending preventive and mitigation strategies. Established and integrated comprehensive application security processes across the Software Development Life Cycle (SDLC).
- Security Frameworks : Proficient in implementing and managing security frameworks such as ISO 27001, NIST, GDPR, and HIPAA, ensuring compliance and enhancing organizational security posture.
- Knowledge: IT Governance, Risk and Compliance (GRC) tools, IP protocols (TCP/IP, OSI model), and up-to-date security threats and countermeasures.
I assist senior members with information security tasks, ensuring timely delivery and maintaining comprehensive security solutions.
Overview
8
8
years of professional experience
Work History
Cyber Penetration Tester
Finastra
10.2023 - Current
- Conducted comprehensive web application security assessments, including manual penetration testing, attack surface enumeration, vulnerability analysis, exploit development, server, and API assessments and Manages the end-to-end test execution of designated programs.
- Coordinate and oversee advanced penetration testing activities, including network, web application, and mobile application testing using both automated tools and manual techniques
- Plan, prioritize, and manage multiple penetration testing projects simultaneously, ensuring timely delivery of high-quality results within budget constraints and Executes test programs across various specializations to support effective testing and monitoring of controls within business groups, Line of Business and Vendors.
- Strong understanding of business/group strategy and end-to-end processes, coupled with extensive experience in cultivating strong relationships with internal and external partners/stakeholders, and ensured effective service delivery.
- Implemented ISO 27001 framework, leading to a 30% reduction in security incidents.
- Managed NIST compliance projects, improving data protection and regulatory adherence
- Collaborate with application teams and environment owners to schedule and execute testing
- Record findings in a centralized repository for review, prioritization, and remediation tracking
- Ensure compliance with industry standards, regulations, and best practices
- Prepare detailed penetration testing reports with findings, analysis, and recommendations for internal stakeholders
- Creating and participating in software security activities roadmap and understands the business/group strategy and develops a comprehensive knowledge of end-to-end processes.
- Implementing the SDLC (SAST, DAST, SCA) and guiding program development. Analyzes the root causes of any errors to effectively communicate issues to the appropriate parties.
- Establish, track, and report penetration testing metrics periodically by product, application, and/or domain, review control and issue closure testing activities performed by team members to ensure accuracy.
- Documented and analyzed vulnerability impacts on businesses and customers
- Authored and peer-reviewed detailed reports on vulnerabilities, maintains adequate testing support documentation, such as workpapers and testing reports, to support the results of reviews, including writing up findings/issues/ Vulnerabilities and remediation for reporting
- Act as the primary contact and relationship manager for third-party penetration testing providers, ensuring successful execution and adherence to service level agreements (SLAs)
- Drive initiatives to enhance the effectiveness and efficiency of penetration testing processes, methodologies, and tools
- Contribute to innovative solutions for emerging cybersecurity challenges
- Stay informed about the latest cybersecurity threats, vulnerabilities, and attack techniques, applying this knowledge to improve penetration testing methodologies and tools.
Security Consultant
Optiv
08.2021 - 10.2023
- Conducting web application security assessments, manual penetration tests, attack surface enumeration, vulnerability analysis, exploit development, server assessments, and API assessments for a firm supporting a client list of Fortune 500 companies, global financial institutions, and high-tech startups
- Providing expertise to global corporations to redirect them launch and mature their application security programs by leveraging holistic, scalable, customized approaches based on industry best practices
- Developing and getting involved in a roadmap for software security activities
- Implementing the SDLC (SAST, DAST, SCA) and guide program development
- Create a strategy for multiple projects, including SAST, container scanning, vulnerability assessment and cloud security
- Performing security assessment consistently identified vulnerabilities within these applications
- Performed API assessments and identify vulnerabilities and bad coding practices
- Work closely with engineering teams to understand their application security needs
- Educate engineering teams and security champions in secure coding and development practices
- Analyzing and documenting risk severity levels and impacts of vulnerabilities on businesses and their customers
- Authored and peer reviewed comprehensive assessment reports and project status reports to communicate detailed vulnerability findings, proofs of concept, application analysis, and remediation recommendations
- Communicate with clients to help them understand the vulnerabilities remediate the risk associated, taking in consideration the business requirement of the feature.
Security Analyst
Tech Mahindra (ZEN3 Info Solutions)
07.2018 - 01.2020
- Involved in estimations, risk assessment and test plan preparation
- Performing Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite, Veracode and HP Webinspect against Industry Standards
- Manage the performance management for the direct reports, as per the organization policies
- Training and mentoring of project resources
- Participating in the organization-wide people initiatives.
Security Analyst
SM InfoTek, Corp.
01.2017 - 03.2018
- Application security Assessment by using automated scanner like IBM Appscan Standard edition and other open source tools
- Checked the resilience of the application against identified threats using open source tools like Burp suite, Pinata, SSL Scan
- Performed application security assessment which adheres to OWASP top 10 issues using open source tools & manual techniques for assessment
- Used JIRA tool for defect reporting and tracking
- Security report walk through to development team
- Recommend and Assist the best practices for securing Web application and Network Infrastructure to Network and Development teams
- Provided comprehensive report on findings and action items to fix the identified vulnerabilities.
Education
Masters of Computer Science – Computer Science Engineering - Computer Science
Silicon Valley University
12.2016
Skills
- Security Implementation
- Implementing Security Controls
- Mitigating Security Breach Risks
- Quality Assurance
- Security Enhancement
- Vulnerability Assessment
- Report Creation
- Employee Security training
- Threat Management & Detection
- Risk Mitigation
- IT Risk Management
- PCI- DSS
- HIPAA
- GDPR
- COBIT
- MITRE ATT&CK
- NIST
- ISO 27001
Timeline
Cyber Penetration Tester
Finastra
10.2023 - Current
Security Consultant
Optiv
08.2021 - 10.2023
Security Analyst
Tech Mahindra (ZEN3 Info Solutions)
07.2018 - 01.2020
Security Analyst
SM InfoTek, Corp.
01.2017 - 03.2018
Masters of Computer Science – Computer Science Engineering - Computer Science
Silicon Valley University
Similar Profiles
Akhila K PAkhila K P
Product Owner at FINASTRAProduct Owner at FINASTRA
Anupriya SeksariaAnupriya Seksaria
Senior Revenue Analyst at FinastraSenior Revenue Analyst at Finastra
Calvin DyckCalvin Dyck
Manager, Software License Management at FinastraManager, Software License Management at Finastra
Ryan SmithRyan Smith
Senior Technical Consultant at FinastraSenior Technical Consultant at Finastra
Sinthuja VijayarajSinthuja Vijayaraj
Intern Waitress at Cibo Wine BarIntern Waitress at Cibo Wine Bar