Summary
Overview
Work History
Education
Skills
Certification
Hobbies
Timeline
Generic

Keshava Murthy J

Amsterdam,linkedin.com/in/keshava-murthy-j-1a909810

Summary

Results-focused Penetration Tester with experience of 12 years in penetration testing on various applications in network, web and mobile domains. Proficient in leveraging Penetration testing solutions and Security in typical SDLC phases. Outstanding leadership abilities, marked ability to coordinate and direct all phases of security testing while managing, motivating, and leading project teams. Competent in using technical skills to identify gaps in security controls Detail-oriented team player with strong organizational skills. Ability to handle multiple projects simultaneously with a high degree of accuracy.

Overview

13
13
years of professional experience
1
1
Certification

Work History

Application Security Analyst

Booking.com
Amsterdam, Netherlands
09.2023 - 03.2024
  • Collect, Analyse Non-Functional Requirements, security policies, guidelines and define Security and Performance test goals
  • Conduct SAST, DAST and Manual Pentesting on Travel applications developed internally
  • Investigated information security breaches to identify vulnerabilities and evaluate damage
  • Evaluation of Risk, perform Risk Assessment and rank issues
  • Managing network, intrusion detection and prevention, along with conducting internal and external security audits
  • Verifying security plans with third-party vendors
  • Evaluated third-party vendors to ensure their products and services met organisation's security requirements before integration into existing systems.
  • Managing security policies in compliance with GDPR, PCI-DSS
  • Established strong relationships with cross-functional stakeholders to facilitate communication regarding potential risks and remediation strategies.
  • Developed comprehensive incident response plans for efficient management of security breaches and cyber threats.
  • Communicated findings and strategy to stakeholders, technical staff and executive leadership
  • Strengthened system defences by designing secure architectures that minimised attack surfaces and protected critical assets from unauthorised access.
  • Strengthened system defences by designing secure architectures that minimised attack surfaces and protected critical assets from unauthorised access.
  • Mitigated potential risks by identifying, analysing, and addressing vulnerabilities in applications and networks.
  • Strengthened system defences by designing secure architectures that minimised attack surfaces and protected critical assets from unauthorised access
  • Evaluated third-party vendors to ensure their products and services met the organisation''s security requirements before integration into existing systems
  • Improved application security by conducting regular vulnerability assessments and penetration testing
  • Mitigated potential risks by identifying, analysing, and addressing vulnerabilities in applications and networks
  • Mitigated potential risks by identifying, analysing, and addressing vulnerabilities in applications and networks
  • Mitigated potential risks by identifying, analysing, and addressing vulnerabilities in applications and networks
  • Mitigated potential risks by identifying, analysing, and addressing vulnerabilities in applications and networks
  • Mitigated potential risks by identifying, analysing, and addressing vulnerabilities in applications and networks

Security Testing Engineer

Fremont Bank
  • Implemented Security Testing process, instrumental for Secure SDLC
  • Performed network, application, system and penetration testing across company's product suite
  • Performed SAST, DAST, Manual Pentest and prepared Vulnerability assessment reports
  • Demonstrated advanced understanding of Security processes, internal control risk management, IT controls and related standards
  • Designed and delivered innovative security solutions across security functions with focus on threat detection and network security
  • Performed risk assessments, calculating risk scores based on CVSS scoring system and defining criticality for vulnerabilities
  • Expertise in BurpSuite, kali linux, Checkmarx, WebInspect, OWASP ZAP and associated tools for manual penetration testing
  • Consulted with customers on how to improve security posture and delivered follow-up support during implementation
  • Communicated findings and strategy to stakeholders, technical staff and executive leadership
  • Wrote custom scripts to automate tasks related to finding new vulnerabilities and enhanced toolkits and processes
  • Validated OKTA, MFA solutions for securing IAM solutions
  • Worked successfully with diverse group of coworkers to accomplish goals and address issues related to products and services.
  • Coordinated cross-functional efforts to successfully implement new technologies into existing systems.
  • Enhanced product performance by conducting thorough failure analysis and recommending improvements.
  • Conducted Chaos Engineering, Failover testing and application performance improvements

Performance and Security Architect

Tavant
Bangalore, KA
01.2011 - Current
  • Evaluated existing security architecture and protocols for risk of Vulnerability and recommended improved tools and protocols to management
  • Directed Vulnerability assessments or analysis of information security systems
  • Implementing, and upgrading security controls and measures. The work includes maintaining data, monitoring security access, and protecting information systems and digital assets against unauthorised access, alteration, and destruction
  • Reduced false positives in alert systems through fine-tuning rulesets, resulting in more efficient resource allocation during incident investigations.
  • Analysed security procedure violations and developed plans to prevent re-occurrences
  • Partnered with IT teams to ensure seamless integration of new applications without compromising existing security infrastructure.
  • Ensured regulatory compliance by maintaining accurate documentation supporting organisational adherence to industry standards such as HIPAA, PCI DSS, or GDPR.
  • Streamlined threat intelligence gathering processes through automation tools, enhancing overall situational awareness for timely risk mitigation.
  • Developed and maintained policies, procedures, and guidelines for secure application development in alignment with industry best practices.
  • Collaborated with development teams to integrate security best practices into the software development life cycle.
  • Evaluated emerging technologies and industry trends to stay abreast of advancements in cyber-security best practices.
  • Analysed network traffic and system logs to detect malicious activities.
  • Implemented security measures to reduce threats and damage related to cyber attacks.
  • Drafted security reports and metrics to track security performance and strategic improvements.
  • Executed penetration testing to identify security weaknesses and develop disaster recovery plans.
  • Performed risk assessments, calculating risk scores on CVSS scoring system and defining criticality for vulnerabilities
  • Spearheaded continuous improvement initiatives resulting in increased operational efficiency across multiple departments.
  • Monitored systems for indications of threats, security breaches or intrusions
  • Evaluated performance indicators to assess security control quality
  • Maintained documentation of security and disaster recovery policies and procedures.
  • Developed robust encryption algorithms to protect sensitive data from unauthorised access
  • Developed robust encryption algorithms to protect sensitive data from unauthorised access
  • Designed user authentication systems, ensuring secure access to critical applications and resources
  • Collaborated closely with IT leadership providing expert counsel on key decisions related to information security investments
  • Proactively identified opportunities for process improvement resulting in streamlined operations across multiple departments
  • Developed robust encryption algorithms to protect sensitive data from unauthorised access
  • Developed robust encryption algorithms to protect sensitive data from unauthorised access

Education

Bachelor of Technology -

Electronics And Communication

Skills

  • Vulnerability Assessment, Management and Reporting
  • Vulnerability Scanning - Fortify/Webinspect, Accunetix, OWASP ZAP, Nessus, Kali Linux, NMap, Checkmarx, Sonarqube
  • Encryption/Hashing/PKI Certificates
  • Networking - TCP/UDP/ARP/HTTP(S)
  • OWASP top 10, CVSS scoring system
  • SAST/DAST and secure code reviews
  • DevOps, Chaos Engineering, Resiliency
  • Performance bottleneck detection, Optimisation
  • Proxy tools - Burp Suite, OWASP ZAP
  • Operating Systems - Kali Linux/Metasploit, Linux, Windows, Mac
  • Web application/Network/Mobile security and Penetration testing
  • Cloud Security - AWS, Azure
  • JMeter, Loadrunner, Appdynamics
  • CI/CD pipeline security - Jenkins, Gitlab
  • Threat Modelling - STRIDE, DREAD
  • Scripting languages: Javascript, Scala, Python
  • Risk Assessment/Management, Risk Scoring and Evaluation
  • Methodologies- SCRUM, AGILE, KANBAN, Waterfall
  • Incident Response

Certification

ISTQB Security Certification

Loadrunner Certification

Certified Banking domain

Certified in Supply Chain Management and Manufacturing domain

BS27001

Digital Factory Audit and Compliance

Hobbies

Lawn Tennis

Football

Timeline

Application Security Analyst

Booking.com
09.2023 - 03.2024

Performance and Security Architect

Tavant
01.2011 - Current

Security Testing Engineer

Fremont Bank

Bachelor of Technology -

Electronics And Communication

Similar Profiles

CREATE PROFILE
Keshava Murthy J