JAYASHREE DIGAMBARMATH
Bangalore
Summary
With 10+ years of hands-on penetration testing and vulnerability assessment experience in fast-paced product and services environments. Skilled in securing web, mobile, and API ecosystems with emerging expertise in AI/LLM security. Ready to transition to Application Security leadership roles with demonstrated mentorship capabilities and strategic program management experience.
Overview
10
10
years of professional experience
1
1
Certification
Work History
Lead Analyst - Cyber Security
MPHASIS Ltd
10.2021 - Current
- Direct end-to-end security penetration testing for web, mobile, API, cloud, container, and thick client applications aligned with project deliverables and business risk appetite
- Perform comprehensive automated and manual security assessments to uncover complex vulnerabilities beyond tool-reported findings
- Develop and maintain security assessment methodologies adhering to OWASP, SANS, and industry-standard frameworks
- Serve as technical escalation point for security findings, proposing risk-based mitigation strategies and translating technical security concepts into business context
- Team Collaboration & Knowledge Leadership:
- Collaborate with cross-functional penetration testing teams to align on testing methodologies, techniques, tools, and vulnerability validation approaches
- Demonstrate proactive interest in emerging technologies and attack vectors, including Offensive AI and advanced prompt injection techniques
- Mentor team members on complex security testing scenarios and vulnerability validation
- Technical Specializations:
- Advanced Web Application Testing: Business logic vulnerabilities, race conditions, authentication/authorization flaws, injection attacks
- API Security: Web service endpoint testing, API gateway security, authentication protocol analysis (OAuth, JWT, mTLS)
- Mobile Application Penetration Testing: iOS and Android assessment, binary analysis, runtime behavior analysis
- Container and Cloud Security: Assessment of containerized applications and cloud-deployed services
- Emerging AI Security: Active research and testing of LLM-powered applications for prompt injection and jailbreak vulnerabilities
System Engineer - Penetration Testing & Security
BRILLIO TECHNOLOGIES Pvt Ltd
11.2018 - 11.2021
- Performed end-to-end security penetration tests on web applications, identifying and documenting complex vulnerabilities with business impact analysis
- Designed and updated comprehensive web application security checklists aligned with evolving security standards (OWASP Top 10, CWE updates, emerging CVEs)
- Developed and executed security test plans tailored to client-specific security standards and risk profiles
- Created standardized process documentation for Annual Attack & Penetration (A&P) testing projects, improving repeatability and consistency
- Mobile & API Security Leadership:
- Conducted in-depth penetration tests for iOS and Android applications, covering architecture flaws, insecure storage, runtime vulnerabilities
- Performed comprehensive penetration testing on API endpoints and web services, identifying injection flaws, authentication bypasses, rate limiting issues
- Analyzed vulnerability assessment (VA) reports, validating findings to eliminate false positives and ensure accuracy
- Incident Reporting & Stakeholder Communication:
- Logged and managed security incident tickets with detailed analysis and context-aware mitigation recommendations
- Prepared executive-level reports and presentations for security findings, translating technical vulnerabilities into business risk language
- Communicated security assessments to stakeholders including developers, architects, and business leaders
Technical Associate - Security Assessment & Binary Analysis
CAPGEMINI TECH SERVICES INDIA Ltd
08.2016 - 10.2018
- Performed automated vulnerability assessments on infrastructure and web applications using IBM AppScan, ASOC, Acunetix, and complementary tools
- Conducted manual analysis of automated findings to identify and eliminate false positives, improving assessment accuracy
- Developed expertise in tool configuration, baseline setting, and policy management for security scanning
- Mobile Application Security:
- Performed binary and behavioral analysis on mobile applications using AppUse, MobSF, iExplorer, and Android reverse engineering tools
- Created and maintained mobile application security checklists aligned with evolving security standards and vulnerability taxonomies
- Identified architecture-level flaws and insecure component interactions in iOS and Android applications
- Team Leadership & Knowledge Development:
- Conducted team knowledge-sharing sessions to address technical challenges and develop team expertise
- Hosted scoping calls with stakeholders to define test plans, scope, and security assessment objectives
Technical Associate - IT Support Services
MINACS Pvt Ltd
08.2015 - 07.2016
- Foundation experience in IT service delivery and technical support operations
Education
Bachelor of Engineering - Electronics and Communication Engineering
Visvesvaraya Technological University
BelagaviSkills
- Application Security & Penetration Testing
- Web Application Security: XSS, SQL injection, XPath injection, SOQL injection, CSRF, authentication/authorization bypasses, race conditions, business logic flaws
- API Security: RESTful and SOAP services testing, GraphQL security, API gateway security, OAuth 21, OpenID Connect, mTLS, JWT analysis, API rate limiting and brute force mitigation
- Mobile Application Security: iOS (Xcode, emulation) and Android testing, binary analysis, runtime behavior analysis, jailbreak/rooting detection, secure storage validation
- Advanced Attack Vectors: Browser extension vulnerabilities, CAPTCHA bypasses, WAF evasion techniques, prompt injection and LLM attack methodologies
- Strategic & Leadership Competencies
- Application Security Program Building: End-to-end AppSec roadmap development, secure SDLC integration, risk-based prioritization, alignment with business velocity
- Threat Modeling Leadership: Systematic threat modeling practices, modeling for AI/ML-powered applications, high-risk feature assessments
- Team Building & Mentorship: Lead analyst experience, team collaboration on penetration testing methodologies, knowledge sharing and skill development
- Standards & Compliance: OWASP ASVS, OWASP Top 10 (Web & LLM), NIST SSDF, emerging AI security regulations
- Security Tools & Automation
- Application Scanning: IBM ASOC, Acunetix, IBM AppScan, Tenable Nessus, Traceable API security
- Penetration Testing: Burp Suite Professional, Metasploit, SQLMap, Kali Linux
- Mobile Testing: Android Studio, adb, MobSF, Corellium, iExplorer
- API Testing: SoapUI, Postman, Traceable, custom payload development
- CI/CD Integration: Familiarity with automated security checks, policy enforcement pipelines
- Programming & Scripting
- JavaScript, Python, custom exploitation and validation script development
- Secure code analysis and production code auditing capabilities
- Security Testing Domains
- Web Application Mobile (iOS/Android) API/Web Services Cloud & Container Browser Extensions Thick Client Applications
- Python, JavaScript, custom exploitation script development, secure code analysis
- Penetration Testing & Exploitation
- Burp Suite Professional, Metasploit, SQLMap, Kali Linux, binary analysis tools
- Vulnerability Assessment & SAST/DAST
- IBM ASOC, Acunetix, AppScan, Tenable Nessus, MobSF, Traceable, SoapUI, Postman
- Standards & Frameworks
- OWASP Top 10 (Web & LLM), OWASP ASVS, OWASP Testing Guide, NIST SSDF, SANS methodologies, CWE
Accomplishments
- Elevated Security Standards: Updated and maintained security checklists reflecting OWASP Top 10 evolution, CWE updates, and emerging threat landscapes—ensuring assessments remain current and effective
- Reduced False Positives: Developed expertise in automated tool analysis, eliminating false positives and improving assessment accuracy by ~30%
- Scaled Testing Practices: Documented standardized penetration testing processes enabling consistent, repeatable security assessments across multiple projects
- Team Collaboration & Knowledge: Fostered cross-team security knowledge through collaborative assessments, scoping calls, and knowledge-sharing sessions
- Business-Aligned Communication: Translated technical security findings into executive-level reports, enabling business stakeholders to make informed risk decisions
- Emerging Technology Leadership: Proactively researched and tested emerging threats (Offensive AI, prompt injection, AI-specific vulnerabilities) demonstrating initiative in staying ahead of threats
Certification
- Security Certifications
- Certified Ethical Hacker (CEHv12) – EC-Council
- CNSS Certified Network Security Specialist (ICSI)
- Fortinet Network Security Certifications – NSE 1 & NSE 2
- Professional Training & Development
- Corporate training in Cloud Security (Azure and AWS)
- Advanced API Security Testing and Penetration Testing methodologies
- Continuous professional development in emerging security technologies and attack vectors
References
Available upon request. LinkedIn and professional references available through Mphasis Ltd and Brillio Technologies.
Timeline
Lead Analyst - Cyber Security
MPHASIS Ltd
10.2021 - Current
System Engineer - Penetration Testing & Security
BRILLIO TECHNOLOGIES Pvt Ltd
11.2018 - 11.2021
Technical Associate - Security Assessment & Binary Analysis
CAPGEMINI TECH SERVICES INDIA Ltd
08.2016 - 10.2018
Technical Associate - IT Support Services
MINACS Pvt Ltd
08.2015 - 07.2016
Bachelor of Engineering - Electronics and Communication Engineering
Visvesvaraya Technological University