Aniket Bande

Application Security Optimization: Administered and tuned tools like Black Duck (SCA), BurpSuite Enterprise (DAST), and Checkmarx (SAST) to enhance vulnerability detection accuracy, reducing false positives by 30%.

Secure SDLC Integration: Embedded security gating into SDLC pipelines, collaborating with product teams to meet compliance goals across all releases.

Vulnerability Management: Utilized tools like ServiceNow for tracking, triaging, and resolving critical findings within 48 hours, maintaining a 95% SLA adherence rate.

Penetration Testing Coordination: Managed penetration tests with Offensive Security, ensuring actionable findings and comprehensive coverage of pre-release security assessments.

Final Security Reviews (FSRs): Conducted security evaluations for 15+ product releases, documenting risk assessments and threat model updates for leadership.

Risk Register Oversight: Updated and mitigated risks logged in the Risk Register, ensuring alignment with organizational priorities and timely remediation.

ServiceNow Workflow Management: Streamlined security operations by achieving 100% SLA compliance on all assigned ServiceNow tasks.

Metrics and Reporting: Designed and delivered monthly Secure SDLC maturity assessments, providing stakeholders with actionable insights on security performance.

Developer Enablement: Conducted training sessions on secure coding practices and integrated tools like Checkmarx and BurpSuite into development workflows.

Component Analysis: Ensured accurate tracking of third-party components using Black Duck, enhancing software composition compliance.

Continuous Security Skills Growth: Advanced expertise in application security tools and methodologies, focusing on SAST, DAST, and SCA processes.

Technical RFI Responses: Authored detailed responses to Requests for Information (RFIs), leveraging knowledge of product security architecture and engineering inputs to meet SLA requirements.

DevSecOps Management: Spearhead DevSecOps initiatives, seamlessly integrating security into the SDLC. Implement and manage security measures, automate security testing, and ensure the security of applications and systems from the early stages of development.

Security Validation: Oversee security validation processes, conducting rigorous assessments to identify vulnerabilities and weaknesses in Website, API, Network, and Infrastructure.

Red Team Initiation: Pioneered the initiation of a Red Team, providing a proactive approach to identifying and addressing security weaknesses, and leading Red Team exercises to assess and improve the organization's security readiness.

Vulnerability Assessment and Penetration Testing: Conduct comprehensive assessments, performing web, mobile, and network penetration tests.

Security Vulnerability Communication: Identify security vulnerabilities and communicate findings to stakeholders for remediation.

Collaborative Risk Mitigation: Collaborate closely with cross-functional teams, including IT, Legal, and Compliance, to address security concerns and establish robust security controls.

Policy Development: Develop and enforce information security policies, procedures, and guidelines to safeguard the organization's assets and sensitive data.

Risk Assessments: Regularly conduct risk assessments, identify vulnerabilities, and implement appropriate security measures to proactively reduce security risks.

Automated Patch Management: Developed tools to automate the patch management process, streamlining vulnerability management procedures and ensuring timely updates to mitigate risks.

Audit Evidence Management: Responsible for handling all audit evidence to present to auditors, ensuring a comprehensive and well-organized record of security measures and assessments.

Log and Threat Analysis: Collaborate with the SOC team to perform log and threat analysis, contributing to security validation efforts related to monitoring and responding to security events.

Web Application and API Security: Conduct manual web application and API security assessments, identifying vulnerabilities and weaknesses in these critical areas.

Qualys Expertise: Possess in-depth knowledge of Qualys, a key tool in the vulnerability management process, to ensure effective vulnerability assessments and remediation.

Security Validation Process Development: Successfully developed the complete security validation process from scratch, including policy, procedure, and necessary technologies, enhancing security measures and ensuring a proactive security posture.

Change Management: Developed the change management process for the Security Validation team, enabling efficient handling of security-related changes.

Developer Engagements: Manage developer engagements for DevSecOps, including onboarding developers, providing support to troubleshoot and resolve npm build issues/errors, and educating developers on using security tools such as Synopsys Coverity.

Continuous Learning: Stay updated on emerging threats, industry trends, and best practices, integrating this knowledge into evolving security strategies and practices.

Performed web application, mobile application and network penetration tests

Developed processes and security assessments for the client which was in a banking environment

Communicated technical vulnerabilities and remediation steps to developers and management

Responsible for performing manual penetration testing and communicating findings to both Business and Developers

Experience with vulnerability management, cybersecurity operations, risk management and other related areas

Researched new threats, vulnerabilities, exploit techniques and developed new methods of testing new threats emerging in corporate networks and web applications

Experience in finding business logic bugs according to the flow of the application along with exploiting bugs like SQLi, XSS, XXE OOB, CSRF, SSRF, Broken authentication, Broken authorization, Privilege Escalation and more

Expertise in interpreting and applying information security standards and frameworks like ISO/IEC 27001/27002, PCI DSS, NIST Cybersecurity Framework, etc

In-depth knowledge of finding and exploiting network-related vulnerabilities like NTLM pass-the- hash, Privilege Escalation, Kerberoasting, AS-REP roasting, etc.