Summary
Overview
Work History
Education
Skills
Certification
Scholastics
Personal Information
Languages
Languages
Timeline
Generic

GopalaKrishna Kaja

HYDERABAD

Summary

Experienced results-driven Cybersecurity Professional with 10+ years of expertise, specializing in Penetration Testing, Threat Intelligence, and comprehensive cybersecurity practices. Adept at leading teams, conducting thorough penetration testing, managing vulnerabilities, and ensuring the highest standards of security across various platforms. Proven proficiency in threat intelligence, demonstrating a strong background in security architecture to address evolving cyber threats effectively.

Overview

11
11
years of professional experience
1
1
Certification

Work History

Senior Product Security Engineer

Medtronic Engineering and Innovation Center Pvt. Ltd
08.2022 - Current
  • Design and implement comprehensive cybersecurity strategies to protect organizational assets
  • Assess and analyze potential vulnerabilities in systems, networks, and applications
  • Develop and enforce security policies, procedures, and standards
  • Collaborate with cross-functional teams to integrate security measures into technology solutions
  • Stay abreast of emerging threats, industry best practices, and compliance requirements
  • Conduct security risk assessments and provide mitigation recommendations
  • Implement and manage security tools and technologies for continuous monitoring
  • Lead incident response efforts and investigations in the event of security breaches
  • Ensure compliance with relevant regulations and standards
  • Provide expertise and guidance to stakeholders on security-related matters
  • Provide expert guidance to a technical testing team, fostering autonomy and collaboration
  • Conduct thorough analysis of penetration testing results, producing detailed reports delineating findings, exploits, risks, and recommendations
  • Execute projects adhering to established methodologies, tools, and rules of engagement
  • Effectively communicate complex findings and solutions to both technical and non-technical stakeholders
  • Collaborate with cross-functional teams, integrating security measures and addressing vulnerabilities alongside security engineers and developers
  • Spearhead penetration testing initiatives across diverse domains, spanning web and mobile applications, API endpoints, and network/cloud infrastructure
  • Contribute to the evolution of testing methodologies, processes, and tools, staying abreast of the latest threats, vulnerabilities, and exploits
  • Conduct threat modeling and penetration testing for medical devices, employing frameworks such as MITRE ATT&CK and Cyber Kill Chain
  • Establish and execute a comprehensive threat intelligence strategy, coordinating CVE programs with entities like CISA and HISAC
  • Develop ISO-27001 and GDPR concepts, ensuring compliance, conducting audits, and actively managing security awareness initiatives and operational activities related to information security and privacy

Security Specialist (Team Lead)

Accenture Solutions Pvt Ltd
01.2020 - 08.2022
  • Orchestrated a team specializing in Dynamic Application Security Testing (DAST), Manual Penetration Testing (PT), API testing, Mobile Testing, and Thick client testing
  • Engaged with diverse clients for the execution of penetration testing assignments
  • Generated Impact Assessment documents for Security testing aligned with release cycles
  • Submitted comprehensive test approaches, scope components, test plans, and execution timelines
  • Supervised the team to ensure the punctual execution of security assessments
  • Conducted penetration testing for both internal and external applications of Accenture and clients
  • Executed Nessus scanning for all web applications, encompassing e-commerce and non-e-commerce platforms
  • Shared vulnerability reports with application business owners and addressed false positives
  • Facilitated client meetings to discuss high and critical vulnerabilities, presenting effective mitigation strategies

Senior Analyst

WIPRO Technologies
06.2018 - 01.2020
  • Executed penetration testing for Wipro Intellectual properties, encompassing Web Applications, APIs, and Thick clients
  • Conducted manual testing utilizing OWASP top attacks, employing advanced detection and prevention techniques
  • Thoroughly analyzed reports to filter out False Positives, reported identified vulnerabilities, and updated them in the tracker
  • Developed Daily/Weekly/Monthly dashboards to depict the Vulnerability Posture across enterprise assets, presenting comprehensive insights to the management
  • Collaborated with stakeholders in the remediation of vulnerabilities, providing clarifications on notified vulnerabilities
  • Worked closely with the Application Team throughout the remediation process
  • Participated in client meetings and discussions to effectively present identified vulnerabilities related to the application under test

Analyst

Deutsche Bank Group (DBOI)
08.2015 - 11.2016
  • Conducting Android mobile application scans using specialized tools
  • Evaluating applications in practical and simulated environments for comprehensive testing
  • Thorough documentation of identified vulnerabilities along with recommended mitigations
  • Articulating the impact of vulnerabilities to both developers and managerial stakeholders
  • Developing Proof of Concepts (POCs) to enhance application development and facilitate a deeper understanding of vulnerabilities
  • Executing dynamic web application testing procedures
  • Performing dynamic, static, and system-level testing for Thick client applications

Consultant

Capgemini India Pvt Ltd
11.2012 - 08.2015
  • Initiated secure source code reviews utilizing IBM AppScan and HP Fortify during the early phases of the Software Development Life Cycle (SDLC)
  • Detected vulnerabilities and automated the generation of comprehensive vulnerability summary reports
  • Validated and verified fixes, extending support and assistance to team members throughout the remediation process
  • Executed Authenticated Vulnerability Assessment scans employing Qualys, Nmap, and MetaSploit tools
  • Generated and disseminated customized vulnerability assessment reports to relevant stakeholders
  • Conducted API security testing for SOAP and REST protocols using specialized tools such as Burp Suite, SoapUI, and Postman
  • Integrated SoapUI with Burp and IBM AppScan to optimize web services testing, minimizing false positives
  • Produced tailored incident reports for customers and implemented continuous scanning protocols for web applications using Nessus
  • Orchestrated ITIL processes, encompassing Incident, Change, and Problem Management, leveraging ticketing tools like HPSM
  • Formulated Standard Operations Procedures (SOPs) for intricate tasks, meticulously evaluating their performance.

Education

B.Tech - Computer And Information Sciences

Jntu
Kakinada
05-2011

Skills

Information Security Management

Risk Assessment and Management

Security Architecture and Design

Incident Response and Forensics

Compliance and Regulatory Standards

Network Security

Encryption Technologies

Security Policies and Procedures

Vulnerability Management, Assessment

Penetration Testing (DAST & SAST)

Web Application Pentesting

API Security (SOAP & REST)

Thick Client Security

Mobile Application Security (Android & iOS)

Network Pentesting (OSCP Certified)

Threat Modelling (STRIDE, DREAD)

Cyber Threat Intelligence (CTIA)

Auditing (ISO 27001:2022 LA)

Ø Auditing (ISO 27001:2022 LA)

Certification

  • CISSP
  • OSCP
  • ISO 27001: 2022 LA (CQI)
  • CTIA
  • CEH
  • ECSA
  • CCNP
  • ITIL v3
  • MCITP

Scholastics

B.Tech in Computer Science Engineering from JNTUK.

Personal Information

  • Date of Birth: 08/08/88
  • Nationality: Indian

Languages

  • English
  • Hindi
  • Telugu

Languages

English
First Language

Timeline

Senior Product Security Engineer

Medtronic Engineering and Innovation Center Pvt. Ltd
08.2022 - Current

Security Specialist (Team Lead)

Accenture Solutions Pvt Ltd
01.2020 - 08.2022

Senior Analyst

WIPRO Technologies
06.2018 - 01.2020

Analyst

Deutsche Bank Group (DBOI)
08.2015 - 11.2016

Consultant

Capgemini India Pvt Ltd
11.2012 - 08.2015

B.Tech - Computer And Information Sciences

Jntu
  • CISSP
  • OSCP
  • ISO 27001: 2022 LA (CQI)
  • CTIA
  • CEH
  • ECSA
  • CCNP
  • ITIL v3
  • MCITP

Similar Profiles

  • Bharat Kumar Puppala

    Bharat Kumar PuppalaBharat Kumar Puppala

    Sr. Strategic Sourcing Specialist at Medtronic Engineering and Innovation CenterSr. Strategic Sourcing Specialist at Medtronic Engineering and Innovation Center

    View Profile
  • Harish Marupudi

    Harish MarupudiHarish Marupudi

    Software Engineer I at Medtronic Engineering and Innovation CentreSoftware Engineer I at Medtronic Engineering and Innovation Centre

    View Profile
  • Dharamendra Kumar

    Dharamendra KumarDharamendra Kumar

    Senior Mechanical Engineer (Senior MDR/ Vigilance Specialist) at Medtronic Engineering Innovation CentreSenior Mechanical Engineer (Senior MDR/ Vigilance Specialist) at Medtronic Engineering Innovation Centre

    View Profile
GopalaKrishna Kaja