Summary
Overview
Work History
Education
Skills
Recognition
Timeline
Generic
Gayathri Perumal

Gayathri Perumal

Cyber Security Senior Consultant
Chennai

Summary

Passionate Cyber Security professional working in the Big 4 Audit Firm E&Y GDS with 8 + years of experience in Cybersecurity domain with technical specialization in Source code review (SAST), Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST) and Penetration Testing along with diverse functional experiences in Financial service, Banking service, Health care, Critical infrastructure and Cruise line business.

Overview

9
9
years of professional experience

Work History

Senior Security Consultant

EY GDS
01.2023 - Current
  • I am part of the Application Security team within the Client's Global Information Security department, responsible for securing the environment of the second-largest cruise line operator. As a key reviewer and approver, I oversee the production sign-off for all web, intranet, and mobile applications.
  • I conduct secure code reviews/SAST, including manual inspection of application source code in various programming languages like . Net, JAVA, Python, PHP, etc., software composition analysis/SCA, and dynamic analysis of client applications. Additionally, I provide support by explaining vulnerabilities during report walkthrough to developers, offering continuous assistance in remediating identified issues.
  • I perform manual dynamic analysis/DAST and have discovered vulnerabilities such as SQL injection, XSS, indirect object references, privilege escalation, session replay attacks, and more.
  • For a U.S.-based banking firm, I conducted application security source code reviews for critical banking applications. This included malicious code detection, where I identified backdoors and vulnerabilities within the application source code. I was also directly involved with the client’s development team to assist in the remediation of vulnerabilities.
  • I have independently conducted manual source code reviews on open-source applications and managed the project.
  • I carried out automation tasks by automating certain manual activities for a specific banking client.
  • Performed penetration testing to identify potential weaknesses in client systems and recommended remediation actions.
  • Managed a team of security professionals, ensuring timely project completion and high-quality deliverables.
  • Played a Critical role in post-breach investigations providing insights to help clients understand the root cause of incidents and prevent future occurrences.
  • Worked on different SAST scanning tools like Veracode, Checkmarx, Snyk, HCL App Scan Source, Fortify, etc., DAST scanning tools like Web Inspect, Acunetix, HCL App Scan and Burp Suite Professional.

Security Delivery Senior Analyst

Accenture
06.2018 - 01.2023
  • Worked as an Application security analyst and Penetration tester for insurance based and telecommunication clients.
  • Performed SAST, SCA, DAST and Penetration testing on web, intranet and mobile based applications
  • Performed manual source code review for web applications and reported vulnerabilities like SQL injection, XSS, XXE, Insecure Deserialization, IDOR and Security configuration vulnerabilities.
  • Performed manual testing irrespective of VAPT assessment and reported vulnerabilities like Privilege Escalation, IDOR, Session Replay attack, Broken Access Control, etc.,
  • Experience in revalidation of reported vulnerabilities and suggested remediation to the developer for the vulnerabilities.
  • Mentored junior team members, fostering professional development while enhancing overall team performance and taken multiple sessions on how to perform manual source code review effectively.
  • Nurtured strong working relationships with clients, ensuring their needs were met while exceeding expectations on deliverables.
  • Conducted container security assessment for one of the insurance based client.
  • Enhanced team productivity by streamlining workflow processes and implementing time-saving strategies.
  • Got Star of the Year award and Accenture Celebrates Excellence award recognizing my efforts and value addition in Client delivery.

Software Engineer

Byval Technologies Pvt Ltd
12.2015 - 06.2018
  • Worked as part of development team to work on end to end applications then pursue my career into Security domain.
  • Experience in complete end to end development in .Net with performing security audits on the applications developed.
  • Providing top to bottom support and development Process for Enterprise Reconciliation Utility (ERU) process
  • Consistently met project deadlines by effectively managing time and prioritizing tasks according to importance.
  • Worked on automation scripts for fixing on going issue and for reducing the daily work.
  • Professional Experience in scanning the web application for the OWASP related Vulnerabilities.
  • With the help OWASP Techniques recommendation, all the issues are resolved by applying the specific patches to the code in a priority manner.
  • Vulnerability assessment and Secure source code analysis is performed for Bank oriented application in HCL AppScan and Burp Suite.
  • Rewarded as a Best Developer in ByVal Technologies Pvt Ltd.

Education

Bachelor of Information Technology - Information Technology

Anna University
Chennai
04.2001 -

Skills

Manual Source Code review

Dynamic Application Security Testing / DASTg

Software Composition Analysis / SCA

Static Application Security Testing / SAST

Penetration Testing / PT

Threat and Vulnerability Analysis

DevSecOps

Application security

Secure coding

Recognition

  • Recognized with multiple SPOT AWARD in EY for continuous and outstanding contributions in projects and business initiatives.
  • Got Star of the Year award and Accenture Celebrates Excellence award recognizing my efforts and value addition in Client delivery.
  • Recognized as the STAR of the Month multiple times and rewarded as the Best Developer.

Timeline

Senior Security Consultant

EY GDS
01.2023 - Current

Security Delivery Senior Analyst

Accenture
06.2018 - 01.2023

Software Engineer

Byval Technologies Pvt Ltd
12.2015 - 06.2018

Bachelor of Information Technology - Information Technology

Anna University
04.2001 -
Gayathri PerumalCyber Security Senior Consultant