Bhanu Prakash G

• I am working as a security analyst. We are using AppScan for scanning purposes. As a Security Delivery Analyst, my role description is as follows:
• Performed end-to-end DAST scans on over 60 Web and 30 API applications quarterly using HCL AppScan, identifying and mitigating OWASP Top 10 vulnerabilities, and reducing critical security risks by 35% within internal platforms.
• Authored detailed technical reports outlining identified vulnerabilities, risk severity, exploitation ease, and remediation steps.
• Worked closely with application teams to explain risk levels, promote understanding of security flaws, and ensure timely closure of vulnerabilities.
• Delivered knowledge transfers (KT) to junior team members, and served as an SME, reviewing their assessment documents, and mentoring them toward independent contributions.
• Hands-on experience with SAST for mobile applications using Fortify, including detailed documentation and demonstrations of newly identified vulnerabilities.
• Authored new assessment templates and conducted KT sessions on recently discovered threats, like Robots.txt file, Web Site Structure Exposure, following tool upgrades.
• Acted as a False Positive Reviewer for API vulnerabilities, validating claims using submitted artifacts, and approving or rejecting assessments based on technical judgment.
• Provided team-wide demos and reports on tool upgrades and evolving vulnerabilities, enhancing team awareness and response capability.
• Reduced order processing time with thorough data analysis and workflow optimization.
• Monitored delivery performance metrics, identifying areas for improvement and implementing corrective actions.

As a Security Associate, my role description is as follows:

• Conducted vulnerability assessments and executed DAST scans on web and API applications using HCL AppScan, identifying security flaws and potential risks.
• Assessed vulnerabilities to evaluate their impact and risk levels, and provided clear, actionable remediation guidance to development teams.
• Authored detailed technical reports outlining security findings, exploitation methods, and mitigation strategies for application stakeholders.
• Collaborated with development teams to communicate risk severity, explain exploitation scenarios, and ensure timely closure of reported vulnerabilities.
• Facilitated vulnerability scanning and threat assessments, contributing to the overall application security posture.
• Supported the detection, analysis, and response to security incidents, aiding in containment and root cause analysis.
• Maintained comprehensive incident logs and documentation for auditing and compliance tracking purposes.

• Aggregate in the year 2021.
• GPA: 76%