Summary
Overview
Work History
Skills
Software
Certification
Projects
Academic Qualification
Timeline
Generic
Deepak Modi

Deepak Modi

Adv-Analyst II-VAPT
Bikaner

Summary

An Advance VAPT analyst professional with over 4.8 years of hands-on experience in various domains such as security testing and penetration testing. Strong knowledge of network architectures, operating systems and cybersecurity tools. Confident and communicative professional proficient in scripting paired with familiarity of Unix and Windows. Collaborative team player committed to working with businesses and organizations to identify and resolve security vulnerabilities and weaknesses affecting digital assets and computer networks.

Assisted in more than 70 VAPT consulting assignments and was adjudged as ‘Threat Hunter” by multiple companies for my support in finding vulnerability & security from outside intruders.

Overview

5
5
years of professional experience
3
3
Certifications
2
2
Languages

Work History

Adv-Analyst II-VAPT

Invesco
Hyderabad
05.2021 - Current
  • Performing routine vulnerability scans and penetration tests against specified systems. analyze the results, and works with business units to remediate systems.
  • Providing necessary mitigation for the identified vulnerabilities to the development teams, educate them on the vulnerabilities & their fixes follow up and escalate when necessary.
  • Working on automation process to automate multiple tasks with Python and API queries.
  • Coordinating in remediating the issues reported by 3rd party security sites like BitSight, RiskRecon and Security Scorecard.
  • Working on multiple tools like Qualys, Nexpose, Verodin etc.
  • Working on multiple migration like Nexpose to Qualys and Crowdstrike cobalt to Verodin. • Doing daily BAU tasks activities.
  • Working with Red Hat and Purple team to ensure the false positive request.
  • Creating remediation rule to exempt the vulnerabilities.
  • Recommended IT security improvements to achieve system confidentiality, integrity and availability.
  • Developed risk assessment reports to identify threats and vulnerabilities.
  • Conducted risk analysis, system certifications, auditing, security documentation and security testing.
  • Collaborated with external vendors to perform penetration tests on network devices, operating systems and databases.
  • Used critical thinking to break down problems, evaluate solutions and make decisions.
  • Exceeded goals through effective task prioritization and great work ethic.

Network Engineer

CSS Corp
Chennai
07.2019 - 05.2021
  • Worked as Tier2 TAC engineer for Palo Alto
  • Hands-on experience with troubleshooting PAN-OS 7.0.x, 7.1.x, 8.0.x, 8.1.x, 9.0.X
  • Initiated and managed network test facilities to verify network hardness and resilience.
  • Provided network support services for devices such as hubs, bridges, routers and other hardware.
  • Performed troubleshooting for Juniper, Cisco and packet analysis.
  • Helped customers with debugging issues
  • Proficient handling of Threat and vulnerability signatures
  • Helped customers with debugging issues related APP-ID, USER-ID, GLOBAL PROTECT, SSL-DECRYPTION, IPSEC
  • Provided customized solution for customers security measures
  • Helped identify packet drop, latency using Wireshark captures and debug flow basic, tcp basic, ssl basic, tunnel flow
  • Proficient in handling Panorama related assistance
  • Provided RCA for unexpected reboot, high Management/Data Plane CPU, High Memory, Process Crash
  • Analyze logs, packet captures to resolve support cases escalated from Level 2 support team
  • Title Mobile Application Security Assessment Test VAPT (10+ projects Using OWASP guidelines)
  • Provided detailed network diagrams and procedural guidelines.

Sr. Information Security Analyst

Kantag Solutions
Gurgaon
12.2017 - 07.2019
  • Conducted Vulnerability Assessment and Penetration Testing (VAPT), on various Infrastructure and Applications
  • Internal and external Network VAPT,
  • Conducted source code review, mobile application assessment with Mobsf
  • Identifying all the potential loopholes within the Network and show the potential impact of all those threats & loopholes by exploiting them
  • Ran vulnerability and compliance scanning on test machines and reviewed security standard and minimum-security baseline for the client
  • Performed penetration testing for thin & thick client-based application
  • Performed live packet data capture with Wireshark to examine security flaws
  • Used LDAP injections techniques of exploiting Web application that use client supplied data
  • Port scan servers using NMAP and close all unnecessary ports to reduce the attack surface
  • Performed dynamic and static analysis of web application using IMB Appscan, acunetix
  • Analyze systems for potential vulnerabilities that may result from improper system configuration, hardware, software, operational or network flaws
  • Training / Achievement:
  • Achieved HOF (Hall of Fame) by Accenture for finding vulnerability
  • Achieved Appreciation Letter by Miniorange for finding vulnerability.
  • Conducted security audits to identify vulnerabilities.
  • Performed risk analyses to identify appropriate security countermeasures.

Skills

    Vulnerability Assessment & Penetration Testing

OWASP Top 10

Scripting: Bash & Python

Mobile Penetration Testing

Network Penetration Testing

Vulnerability Management

OSINT

Burp-Suite

Metasploit

Software

VAPT Tools:- Burp Suite, Acunetix, IBM Appscan, HP Fortify Code Analyzer, Nmap, Nessus, Sqlmap, Maltego, OWASP ZAP, Curl, Netcat, Hping3, Metasploit, CheckMarx, Openvas, WPscan, Routersploit, NSE Scripts, DirBuster, MassDNS, Nikto, Nexpose, Verodin, Qualys

Network Analysis Tools:- Wireshark, Snort, TCPDump, Splunk, ELK, AlienVault

Scripting:- Unix Shell Scripting, Python, SQL/MySQL, Java Script

Operating System:- Kali Linux, MS Windows, RedHat, Ubuntu, MAC

Certification

CEH(Certified Ethical Hacker)

Projects

1. Vulnerability Assessment Audit:-

Tools/Technologies: Qualys, Nexpose and Verodin

Responsibilities:

• Performed vulnerability scans by Qualys and compliance scans by Nexpose against entire network and worked with business units to remediate.

• Provided necessary mitigation for the identified vulnerabilities to the development teams, educate them on the vulnerabilities & their fixes follow up and escalate when necessary.

• Scheduled multiple session with platform owner to make sure all the findings remediate as per the ETA.

• Prepared central tracker of findings to track the status of findings.

2. Web Application Vulnerability Assessment & Penetration Testing:-

Tools: Acunetix, HP Fortify Code Analyzer, Nessus Professional, Burp Suite, Metasploit, NSE Script, Python Scripting, Shell Scripting.

Responsibilities:

• Prepared testing checklist, policies, use cases and documented the requirements from the client.

• Developed threat and vulnerability management policies and defined ROE (Rule of engagement).

• Performed validation checks on different servers, found loopholes and customized the code.

• Ensured that the development is at par with the detailed design. Ensured that the code developed is in compliance with quality standards.

• Performed static as well as dynamic vulnerability analysis.

• Manually handled the identification/analysis of critical vulnerabilities and exploited them in a non-destructive manner. Provided vulnerability assessment report to client as per requirement.

3. Internal & External Network Security Assessment:-

Tools/Technologies: Nessus Professional, Burp Suite, TestSSL, RouterSploit, Iotsploit, Metasploit, NSE Script, Python Scripting, Shell Scripting.

Responsibilities:

• Prepared testing checklist, policies, use cases and documenting the requirements from the client.

• Developed threat and vulnerability management policies and define Scope & ROE (Rule of engagement).

• Performed validation checks on different servers and find loopholes and customize the code accordingly.

• Identification of security flaws present in the environment.

• Understanding the level of risk for the organization.

• Help address and fix identified network security flaws. Manually handle the identification/analysis of critical vulnerabilities and exploiting them in a non-destructive manner. Provide vulnerability assessment report to client as per requirement in a non-destructive manner. Provide vulnerability assessment report to client as per requirement.

4. Enterprise Security & Risk Management:-

Tools/Technologies: Rapid7 Insight, Nmap, Burp Suite, Nessus Professional, Metasploit, Kali Linux Tools

Responsibilities:

• Performed static, dynamic, port, process and registry Analysis.

• Prepared testing checklist based on OWASP Top 10 and policies as per the requirement.

• Static and dynamic application security testing (SAST & DAST).

• Identify the Malicious process and trying to kill the process and provide solutions for system flaws.

• Conducted Security Assessment Test for Internal Network, External Network.

• Knowledge of protocols such as HTTP, FTP, DNS, DHCP, SMTP.

• Accomplished project goals on time, on budget and in alignment with corporate objectives.

5. Mobile Application Security Assessment:-

Tools/Technologies: SANTOKU O.S, BURP suite Professional, Genny Motion, Apktool adb, JD-gui, dex2ja,

Andrototak, APKscan, Drozer, MOBSF.

Responsibilities:

• Created the threat model for an application

• Performed static, dynamic testing.

• Prepared testing checklist based on OWASP Top 10 and policies as per the requirement.

• Static and dynamic application security testing.

• Acting upon discovered vulnerabilities for gaining sensitive information or performing malicious activities.

• Demonstration of the identified vulnerability for gaining privileges and attempting to become the super user.

• Created the detailed report about discovered vulnerabilities, such as overall risk rating, the associated technical risk, and description etc.

• Presented the findings with CERTIN team.

• Incident Triage, Evidence Gathering and analysis, Data ingestion and Data Analytics using System logs and event logs

Academic Qualification

Course:- B. Tech. (CSE)

Board:- Madhav University, Rajasthan

Year of Passing:- 2017

Course:- Diploma

University:-Sunrise University

Year of Passing:- 2014

Course:- 12th

School:- Saint N.N RSV

Year of Passing:- 2011

Course:- 10th

School:- Jesus & Marry Sec School

Year of Passing:- 2009

Timeline

Adv-Analyst II-VAPT

Invesco
05.2021 - Current

CEH(Certified Ethical Hacker)

07-2020

Qualys Web Application Scanning & Vulnerability Management

07-2020

PCNSE(PCNSE(Palo Alto Networks Certified Network Security Engineer)

03-2020

Network Engineer

CSS Corp
07.2019 - 05.2021

Sr. Information Security Analyst

Kantag Solutions
12.2017 - 07.2019

Similar Profiles

CREATE PROFILE
Deepak ModiAdv-Analyst II-VAPT