Divya G

• Extensive experience in Web, API, Thick Client, Mobile, Container, Network, LLM security testing
• Lead penetration testing engagements with a strong focus on mobile application security (Android & iOS)
• Actively involved in planning, execution, and reporting of complex security assessments
• Mentor and guide team members during mobile security testing projects

Day-to-Day & Strategic Responsibilities

• Perform end-to-end penetration testing: scoping, threat modeling, manual exploitation, validation, and retesting
• Design test strategies and attack scenarios based on application architecture, business logic, and threat landscape
• Conduct manual vulnerability research beyond automated tools to identify complex and chained exploits
• Review the application architecture and provide security recommendations during the early development phases.
• Collaborate with developers, DevOps, and product teams to explain findings, risks, and remediation approaches
• Contribute to testing methodologies, checklists, and internal frameworks, especially for mobile security
• Assist in tool selection, customization, and script development to improve testing efficiency
• Ensure high-quality, actionable technical reports with clear risk impact and proof-of-concepts
• Support continuous improvement of team processes, knowledge sharing, and skill development

Certifications & Training

• Currently preparing for OSCP certification
• Completed professional training in 7CMP Mobile Security Certification

• Conducted web application security testing, vulnerability assessments, and penetration testing using various tools.
• Developed security solution designs and policies to enhance system integrity.
• Performed manual penetration testing, effectively communicating findings to business units and developers.
• Assisted system users with inquiries related to information systems security.
• Collaborated with application developers to validate vulnerabilities and implement remediation strategies.
• Reviewed application vulnerabilities, facilitating discussions with developers to address security concerns.
• Demonstrated expertise in web protocols, common attack vectors, Linux, Windows, and cloud service architectures.
• Provided web application training to developers and cross-functional teams for improved security awareness.

• Maintained and enhanced vulnerability management platform and processes for optimal performance.
• Automated vulnerability management processes to improve efficiency and accuracy.
• Developed metrics and reports on vulnerability findings and remediation compliance.
• Provided technical support to system owners, recommending effective mitigation solutions.
• Demonstrated expertise in basic networking protocols including TCP/IP and UDP.
• Utilized penetration testing concepts and tools, including PTES, Metasploit, and Nmap.
• Classified and prioritized risks of new vulnerabilities based on operating environments.
• Conducted infrastructure and cloud vulnerability scanning to identify security gaps.

• Acted as primary responder for security incidents involving client firewalls and network infrastructure.
• Conducted source code reviews utilizing Veracode and Checkmarx tools.
• Applied knowledge of software development lifecycle to enhance project outcomes.
• Executed web application vulnerability scans using Burp Suite.
• Configured Linux operating systems, utilities, and programming for optimal performance.
• Leveraged extensive knowledge of hardware, software, and networking technologies for comprehensive analysis and support.
• Managed project continuity cycle, reviewed technical work, and ensured high-quality service deliverables.
• Facilitated customer relations by gathering business requirements and organizing meetings.