Summary
Overview
Work History
Education
Skills
Websites
Extracurricular Activities Hobbies
Accomplishments
Certifications Training
Timeline
Generic

Alfred Nirmal

Bangalore

Summary

Seasoned Lead Consultant specializing in full-spectrum security, including SSLC and DevSecOps. Conducted offensive assessments across web, network, and cloud platforms, enhancing security postures through strategic cloud security and architecture initiatives. Focused on advancing organizational security maturity and driving technical leadership.

Overview

8
8
years of professional experience

Work History

LEAD PRODUCT SECURITY ENGINEER

NeST Digital
Bangalore
09.2024 - Current
  • Automated SAST, SCA, and DAST testing within CI/CD pipelines, enhancing security process efficiency.
  • Reduced vulnerability exposure by 35% using automated SAST and SCA with CI/CD pipeline.
  • Secured cloud environments through comprehensive CNAPP assessments (CSPM + CSPA) to mitigate risks.
  • Led team in implementing DevSecOps processes, including threat modeling and manual pentesting.
  • Conducted comprehensive penetration tests on web, API, mobile, and thick client applications.
  • Pentested next-gen technologies such as AI/ML, LLM, and computer vision.
  • Integrated advanced security tools into workflows, bolstering security posture across multiple projects.
  • Collaborated with cross-functional teams to enhance cybersecurity measures and ensure comprehensive protection.

SENIOR PRODUCT SECURITY ENGINEER

BlackHawk Network
Bangalore
10.2022 - 09.2024
  • Identified critical vulnerabilities in products and applications, enhancing security measures across the organization.
  • Conducted secure architecture review of AWS environment, resulting in improved security posture of applications.
  • Executed external and internal pentests on organizational infrastructure and applications, strengthening overall security framework.
  • Pentest applications to be compliant with the PCI-DSS standards using Burp suite, OWASP ZAP and other Offsec tools.
  • Provides security expertise for cloud-based DevOps development and deployment.
  • Deployed security tools like Datadome, Detectify & Snyk.

SENIOR CYBERSECURITY CONSULTANT

Ernst & Young (GDS)
Chennai
07.2021 - 10.2022
  • Identified and reported vulnerabilities and misconfigurations in web applications, providing actionable remediation suggestions.
  • Pentest Client's Thick Client Applications for Vulnerabilities.
  • Perform Client Infra Pentesting including mass IP scan, DNS and ASN lookups, Service scans, Service misconfiguration etc.
  • Assisted organization in identifying supply chain vulnerabilities by developing a Bash tool.
  • Developed Python tool to automate profiling of organization based on OSINT, enhancing online privacy.
  • Defined project needs by collaborating with the client.

PRODUCT SECURITY ENGINEER

Siemens Technology and Services
Chennai
05.2021 - 07.2021
  • Executed product security testing to identify vulnerabilities and enhance security posture.
  • Evaluated cloud applications for security weaknesses through penetration testing, contributing to risk mitigation efforts.
  • Developed test cases and checklists for network and infrastructure penetration testing to ensure comprehensive assessment.
  • Performed SAST and DAST testing on Applications and did a manual validation on the findings

SENIOR INFORMATION SECURITY ENGINEER (RED TEAM)

Infosys Limited
Chennai
05.2018 - 04.2021
  • Conducted penetration testing to uncover vulnerabilities in internet and intranet systems, networks, and applications, enhancing overall security posture.
  • Executed different stages of MITRE attack framework to uncover weaknesses in network security.
  • Tested security controls including DLP, ATP, and WAF to evaluate detection evasion capabilities, informing strategy for security enhancements.
  • Performed monthly phishing campaigns for Infosys employees to enhance cybersecurity awareness.
  • Developed HTML templates and dashboards for reporting phishing results to management, improving clarity and facilitating informed decision-making.

Education

MASTERS - CYBERS FORENSICS & INFORMATION SECURITY

University of Madras
Chennai
04.2018

BACHELOR OF COMPUTER APPLICATIONS -

Loyola College, University of Madras
Chennai
04.2016

Skills

  • DevSecOps
  • Threat Model
  • Vulnerability assessment
  • Penetration testing
  • SAST/DAST/SCA integration
  • API & Microservices
  • Cloud security review
  • Automated vulnerability scanning
  • Threat analysis
  • Python 3
  • Bash scripting
  • Project management
  • Team leadership

Websites

Extracurricular Activities Hobbies

  • HackTheBox & TryHackMe
  • Bug Bounties, recognized by few companies (BBC, Bosch etc.)

Accomplishments

Multiple times Offensive CTF winner held at the organizational level.

Certifications Training

  • CRTO (Certified Red Team Operator)
  • Certified Ethical Hacker (CEH) v11
  • AWS Security Specialty Trained
  • GCP Security Engineer
  • Azure 900
  • Pentest Training by Mandiant
  • Malware Analysis and Incident Response - Mandiant
  • ICSI Network Security Specialist

Timeline

LEAD PRODUCT SECURITY ENGINEER

NeST Digital
09.2024 - Current

SENIOR PRODUCT SECURITY ENGINEER

BlackHawk Network
10.2022 - 09.2024

SENIOR CYBERSECURITY CONSULTANT

Ernst & Young (GDS)
07.2021 - 10.2022

PRODUCT SECURITY ENGINEER

Siemens Technology and Services
05.2021 - 07.2021

SENIOR INFORMATION SECURITY ENGINEER (RED TEAM)

Infosys Limited
05.2018 - 04.2021

MASTERS - CYBERS FORENSICS & INFORMATION SECURITY

University of Madras

BACHELOR OF COMPUTER APPLICATIONS -

Loyola College, University of Madras

Similar Profiles

CREATE PROFILE
Alfred Nirmal