Summary
Overview
Work History
Education
Skills
Certification
Programming Skills
University Projects
Security Tools
Timeline
Generic

Lakshmi Pulichari

Troy

Summary

Having four years of hands-on experience in Penetration Testing focused on API's and web applications, and backed by a robust academic foundation with a Master's degree in IT Security, I am a dedicated cybersecurity professional adept at identifying and mitigating digital threats. My expertise extends to employing a wide array of industry-standard tools and methodologies to rigorously assess the security of web applications and APIs. Through a combination of automated scanning and manual testing, I excel in uncovering vulnerabilities and weaknesses within complex systems. My proficiency includes assessing authentication mechanisms, encryption protocols, and authorization controls to ensure the confidentiality, integrity, and availability of sensitive data. I have a strong track record of working with development teams to implement secure coding practices and bolster defenses against emerging threats. As a Penetration Tester specializing in API's and web applications, and mobile applications and infrastructure testing, I am poised to contribute my expertise to enhance your organization's digital security posture.

4 years of IT experience in working & on Web application security testing (2 years), web services security testing and manual testing. API Security Testing (2 years) Vulnerability Assessment and Penetration testing.

Overview

7
7
years of professional experience
1
1
Certification

Work History

Data Receptionist

S And P Consulting Services
11.2022 - 04.2023
  • Perform manual penetration testing on computer systems, networks and applications
  • Creating Detection use cases and writing detection scripts
  • Threat hunting using Burpsuite professional, & Vulnerability scanning
  • Threat hunting with Red Team and Penetration Testing
  • Vulnerability Assessment of various web applications
  • Use BurpSuite professional for scanning automated tools to pinpoint vulnerabilities and reduce time-consuming tasks
  • Research, analyses and provide reports on attacker campaigns as required
  • Analyst develops, documents, and presents general and technical presentations on security threats to business units and Information Security Risk Management personnel
  • Provide comprehensive written reports to investigators, supervisors, human resources specialists, personnel security specialists, etc
  • Configuring web applications for dynamic scanning using any of the authentication methods like Basic authentication, Forms authentication etc
  • Running the web applications in multiple scanners by using automated tools and parallel working on Manual approach of hunting by using Threat modeling and different attack vectors to find the critical vulnerabilities
  • Executing all the Testcases of Major Security issues of OWASP Top 10 and Identifying the Critical Vulnerabilities with Manual approach
  • Creating a Pen testing Reports with POC for the identified Vulnerabilities and sending to the relevant time within delivery of time.

Security Engineer

SITEL Limited
09.2021 - 01.2022
  • Performed grey box manual pen testing of the web applications
  • Conducting manual penetration testing on various applications, including web, mobile, and cloud-based applications, to identify and exploit security vulnerabilities
  • Skilled in performing vulnerability assessments and identifying security gaps and weaknesses in applications, systems, and infrastructure
  • Executed and crafted different payloads to attack the system for finding vulnerabilities with respect to Input validation, authorization checks, and more
  • Reviewed the requirements for privileged access on an everyday basis
  • Reviewed and validate the privileged users and groups at Active Directory, Databases and application on a periodic basis
  • Developed and customized JAVA applications to meet specific business needs and integrate with existing systems
  • Led the migration of multiple applications to the Google Cloud Platform, achieving improved scalability and cost-efficiency
  • Configured OAuth, OIDC, and SAML integration patterns for seamless onboarding and secure authentication of systems
  • Management of system security and file system security policies and analyzing systems to determine ways of improving performance
  • Conducting routine checks, warranty claims, hardware failure, replacement, software up-gradation, download patches and hotfixes
  • Infrastructure deployment from the very basis to complete function and Information Security Policy as per PCI-DSS Audit Compliance
  • Performing OS updates and upgrading application.

Cyber Security Analyst

Nzoneweb software private limited
08.2016 - 07.2019
  • Penetration testing of scoped systems and applications to identify system vulnerabilities
  • Internal Network penetration testing to enhance the Information Security culture of an organization
  • Through identifying, analyzing and reporting the gaps which may be used to threaten the CIA of information
  • Provide recommendations to the organization/client to help balance cyber risks and business needs
  • Experience on Burp Suite Professional
  • The scope of the duties includes researching security weaknesses within the APIs, developing automated tests, preparing reports and recommendations, collaborating with technical and non-technical staff
  • Reviewing code to maintain correctness and quality while ensuring security best practices are followed
  • Create repeatable methods to assess, measure, and communicate the overall quality of a project and deliver key metrics to assess the overall effectiveness of the API security
  • Perform continuous security testing on the on-prem, cloud, mobile applications, and APIs
  • Performed Static Application Security Testing Assessments for the Web Applications, Microservices and Mobile Applications using Checkmarx
  • Generated executive summary reports showing the security assessments results, recommendations and risk mitigation plans and presented them to the respective business sponsors and senior management
  • Configuring, customizing and deploying the SAST tools to analyze the source code
  • Analyzing the source code to identify vulnerabilities, coding defects, and maintainability issues
  • Providing guidance on remediation steps for the identified issues to developers and management
  • Managed security assessment to ensure compliance to firm’s security standards (i.e., OWASP Top 10)
  • Specifically, manual testing has been performed to identify Cross-Site Scripting and SQL Injection related attacks within the code
  • Performed Application Security program (DAST and SAST) at the enterprise level to identify, report and remediate security vulnerabilities from applications deployed in DEV, PRE-PROD and PROD environments
  • Performed Automated, Manual Dynamic and static Scans.

Education

Masters in IT security -

UNIVERSITY OF CENTRAL LANCASHIRE, UNIVERSITY OF CENTRAL LANCASHIRE

B. Tech (CSE) -

S.V. colleges of Engineering, Jawaharlal Nehru Technological University - AP

Masters in IT security -

UNIVERSITY OF CENTRAL LANCASHIRE, UNIVERSITY OF CENTRAL LANCASHIRE

B. Tech (CSE) -

S.V. colleges of Engineering, Jawaharlal Nehru Technological University - AP

Skills

  • Experience in information Security such as Penetration Testing for web applications, API, Network
  • Experience in working healthcare-based environment
  • Good in analyzing the technology on which the application is built, & gathering the information regarding the web server, database server etc
  • Good exposure in designing & executing security test cases based on the requirements
  • Designing the test cases as per OWASP methodologies for Web application
  • Identifying the security threats by performing black box penetration testing on web application
  • Proficient in using proxy tools like Burp suite and OWASP Zap
  • Proficient in using plugins in browsers like Retirejs, Wappalyzer, Hackbar
  • Ability to run the security scanning tools like Burpsuite Professional, OWASP Zap, HCL app scan, Nessus
  • Effectively utilizes tools (commercial, open source) into testing process to obtain optimum results
  • Excellent communication skills, both oral and written
  • Familiar with all the stages of Software Development Life Cycle (SDLC) & Software Test Life Cycle (STLC), with good exposure towards testing techniques and methodologies
  • Knowledge of Test Case Preparation, Test Case Execution, Defect Reporting, Defect Tracking & Defect Analysis

Certification

CEH - Certified Ethical Hacker from EC council

Programming Skills

Java, phyton, JavaScript, HTML, Windows, Kali linux

University Projects

  • Cracking the Password for widgets File university of central Lancashire, During my university project, I undertook a comprehensive assessment of Computer security for a specific application, focusing on the identification of vulnerabilities and the enhancement of security measures. The project involved the use of advanced password analysis techniques, such as utilizing tools like John the Ripper, to evaluate the strength of password protection for a file named 'Widgets.' This effort was carried out with the goal of enhancing security awareness and knowledge. In addition to password analysis, I conducted both automated and manual vulnerability assessments on the application. The objective was to identify potential weaknesses and security gaps that could pose risks to the system. The outcomes of these assessments were meticulously documented, including the vulnerabilities found and recommendations for remediation. The project reinforced my understanding of security best practices and the importance of safeguarding digital assets. My academic experience in cybersecurity has equipped me with the skills and knowledge necessary to conduct ethical security assessments and contribute to the development of robust security measures in real-world scenarios.
  • Machine learning model to detect Phishing URLs university of central Lancashire, During the challenging period of the COVID-19 pandemic, I spearheaded an initiative to combat the escalating threat of phishing attacks. In response, I undertook the development of a machine learning based system designed to proactively identify and mitigate phishing URLs. The project involved the systematic collection of data from reputable open-source repositories and the application of sophisticated machine learning algorithms, including Decision Trees, K-Nearest Neighbors (KNN), and Random Forest, to create an effective detection model. The machine learning model was meticulously developed and meticulously fine-tuned through a rigorous training process, utilizing salient features indicative of phishing attempts. The model underwent extensive testing and validation procedures to ensure its efficacy in accurately detecting phishing URLs while minimizing false positives. The successful deployment of this model has contributed significantly to enhancing cybersecurity resilience, particularly during the unprecedented challenges posed by the COVID-19 pandemic. This project underscores my proficiency in machine learning, data analysis, and proactive problem-solving, addressing critical cybersecurity issues during a time of heightened vulnerability. It serves as a testament to my dedication to mitigating cyber threats and safeguarding digital environments.

Security Tools

  • Industry Standards: OWASP – Top 10
  • Proxy Tools: Burpsuite, Postman, swagger.
  • Web Vulnerability Scanner: OWASP ZAP, Burpsuite Professional, HCL app scan, Netsparker, Checkmarx, Qualys
  • Network Security Scanner: Nmap, Nikto, Wireshark
  • Extensions: Foxyproxy, Wappalyzer

Timeline

Data Receptionist

S And P Consulting Services
11.2022 - 04.2023

Security Engineer

SITEL Limited
09.2021 - 01.2022

Cyber Security Analyst

Nzoneweb software private limited
08.2016 - 07.2019

Masters in IT security -

UNIVERSITY OF CENTRAL LANCASHIRE, UNIVERSITY OF CENTRAL LANCASHIRE

B. Tech (CSE) -

S.V. colleges of Engineering, Jawaharlal Nehru Technological University - AP

Masters in IT security -

UNIVERSITY OF CENTRAL LANCASHIRE, UNIVERSITY OF CENTRAL LANCASHIRE

B. Tech (CSE) -

S.V. colleges of Engineering, Jawaharlal Nehru Technological University - AP

Similar Profiles

  • Ramanathan Venkatraman

    Ramanathan VenkatramanRamanathan Venkatraman

    Test Manager at GDS Consulting Ernst & Young Global Consulting ServicesTest Manager at GDS Consulting Ernst & Young Global Consulting Services

  • Sharath Chandra Kujala

    Sharath Chandra KujalaSharath Chandra Kujala

    Senior Business Analyst at IndraSur Consulting Services, Pvt. Ltd (Akytech Consulting LLC & ProGov Partners LLC)Senior Business Analyst at IndraSur Consulting Services, Pvt. Ltd (Akytech Consulting LLC & ProGov Partners LLC)

  • Nelson Guardado

    Nelson GuardadoNelson Guardado

    Director for US and Mexico Operations at MAG Consulting Services and Management Services LLCDirector for US and Mexico Operations at MAG Consulting Services and Management Services LLC

  • Mohammad Rahamatullah

    Mohammad RahamatullahMohammad Rahamatullah

    Servicenow Developer at Deloitte Consulting Services Pvt Ltd.Servicenow Developer at Deloitte Consulting Services Pvt Ltd.

  • Amber Gross

    Amber GrossAmber Gross

    Medical Front Office Receptionist at Charles Henderson Child Health CenterMedical Front Office Receptionist at Charles Henderson Child Health Center

CREATE PROFILE
Lakshmi Pulichari