Summary
Overview
Work History
Education
Skills
Certification
Accomplishments
Timeline
Generic

NANDIGAMA SAI SHANKAR

Summary

I possess over 4+ years of experience conducting comprehensive Vulnerability Assessments and Penetration Testing across diverse targets, including Web-based Applications, APIs, Mobile Applications, Thick Client Applications, Active Directory, and Infrastructure. Adept at utilizing industry standards such as OWASP Top 10 and SANS Top 25 to ensure stringent security compliance. Specialized in Active Directory security assessments, demonstrating proficiency in identifying and mitigating common attack vectors. Skilled in using an extensive toolkit of application security testing tools, and addressing application-level vulnerabilities. Proven track record of conducting penetration testing on 200+ business applications, contributing significantly to organizational cyber resilience. Experienced in detailed stakeholder discussions for effective vulnerability remediation, and proficient in generating and presenting comprehensive reports. Expert in phishing simulations, diligent follow-up on vulnerabilities, and staying updated on the latest cybersecurity trends. Key contributor to red team assessments, actively participating in simulated attacks and providing actionable recommendations. Committed to maintaining the highest cybersecurity standards in an ever-evolving threat landscape.

Overview

5
5
years of professional experience
1
1
Certification

Work History

Data Security Research Engineer

CBNITS INDIA PRIVATE LIMITED (Payroll)
05.2024 - Current
  • Conduct comprehensive Vulnerability Assessments and Penetration Testing (VAPT) across various applications, infrastructures, and cloud environments, identifying critical security vulnerabilities and ensuring compliance with best practices.
  • Lead SaaS Security Posture Management (SSPM) initiatives, focusing on securing cloud-based applications like Salesforce, AWS, and Microsoft 365 by identifying and mitigating security misconfigurations and vulnerabilities.
  • Perform security assessments for SaaS platforms, identifying configuration issues, weak access controls, and potential data exposure risks.
  • Work with internal teams at Palo Alto Networks to implement security controls and enhance the security posture of cloud-based services and SaaS applications.
  • Utilize security testing tools such as Burp Suite, Nessus, and Metasploit for vulnerability scanning and to identify weaknesses in cloud infrastructure and SaaS apps.
  • Provide actionable recommendations for improving security based on assessment results, focusing on both application security and SaaS-specific risks.
  • Generate detailed reports on vulnerabilities, security risks, and proposed remediation actions, ensuring clear communication of findings to stakeholders.
  • Conduct regular security audits of SaaS configurations to ensure compliance with industry regulations and best practices, preventing potential security risks.
  • Client: Palo Alto Networks

Security Analyst Associate

CyberNX Technologies Pvt Ltd
11.2020 - 05.2024
  • Conduct comprehensive Vulnerability Assessments and Penetration Testing for a wide range of targets, including Web-based Applications, APIs, Mobile Applications, Thick Client Applications, Active Directory, and Infrastructure.
  • Experienced in conducting penetration testing and security assessments for Active Directory environments. Familiar with common attack vectors targeting Active Directory, such as pass-the-hash attacks, Kerberos attacks, and privilege escalation techniques.
  • Proficient in industry standards such as OWASP TOP 10 and SANS Top 25, ensuring a high level of security compliance.
  • Expertise in identifying and addressing application-level vulnerabilities, including XSS, SQL Injection, CSRF, authentication bypass, weak cryptography, and authentication flaws.
  • Utilize an extensive toolkit for application security testing tools, including Acunetix, Metasploit, Burp Suite, SQL map, OWASP ZAP Proxy, Nessus, Nmap, and MobSF, Wireshark.
  • Perform manual security assessments on various platforms, including Web, API, and Thick Client applications.
  • Experience in executing multiple phishing simulations using the GoPhish framework, contributing to enhancing security awareness within organizations.
  • Engage in detailed discussions with stakeholders for effective vulnerability remediation.
  • Conducted application penetration testing on more than 200 business applications, ensuring robust security.
  • Generate and present comprehensive reports on identified vulnerabilities, their potential impact, and recommendations for remediation. Skilled in effectively communicating technical findings to stakeholders in a clear and understandable manner.
  • Diligently follow up on raised vulnerabilities, revalidating and ensuring 100% closure.
  • Stay updated on the latest hacking techniques and vulnerabilities to maintain a proactive security stance.
  • Played a crucial role in multiple red team assessments, contributing significantly to the enhancement of the security posture. Engaged in simulated attacks, identified vulnerabilities, and provided actionable recommendations to fortify the organization's overall security resilience.

Education

Bachelor of Technology -

KL University
Vijayawada
06-2020

Skills

  • SaaS Security Posture Management (SSPM)
  • Vulnerability Assessments and Penetration Testing (VAPT)
  • Application Security (Web, API, Mobile, Infrastructure)
  • Security Audits and Risk Assessments
  • Threat Mitigation and Remediation
  • Security Tools: Burp Suite, Nessus, Metasploit, SQLmap, OWASP ZAP, Nmap, MobSF, Wireshark
  • Security Best Practices (OWASP Top 10, SANS Top 25)
  • Effective Communication of Technical Findings
  • Phishing Simulations and Awareness Programs
  • Vulnerability assessment
  • Penetration testing
  • Application security
  • Risk management

Certification

  • Certified Red Team Professional (CRTP)
  • Certified Ethical Hacker V11 Practical (CEH)
  • Certified Ethical Hacker (CEH)
  • Certified Appsec Practitioner (SecOps Group)

Accomplishments

Recognized in the Hall of Fame for Responsible disclosure of security issues in prestigious organizations, including Microsoft, Nokia, BlackBerry, Dell, Inflectra, Soundcloud, Media Markup, Sophos, and NCIIPC.

Timeline

Data Security Research Engineer

CBNITS INDIA PRIVATE LIMITED (Payroll)
05.2024 - Current

Security Analyst Associate

CyberNX Technologies Pvt Ltd
11.2020 - 05.2024

Bachelor of Technology -

KL University

Similar Profiles

  • Dipannita Bose

    Dipannita BoseDipannita Bose

    HR Manager at CBNITS India Private LimitedHR Manager at CBNITS India Private Limited

  • SOUMYA ADHIKARY

    SOUMYA ADHIKARYSOUMYA ADHIKARY

    Sr.Software Test Engineer at CBNITS INDIA PRIVATE LIMITED(RebelFoods)Sr.Software Test Engineer at CBNITS INDIA PRIVATE LIMITED(RebelFoods)

  • Ramchand Meka

    Ramchand MekaRamchand Meka

    Senior Accountant ( Team Lead) at TATA Sikorsky Aerospace Limited ( Payroll Pulivarthi Consulting India Private Limited)Senior Accountant ( Team Lead) at TATA Sikorsky Aerospace Limited ( Payroll Pulivarthi Consulting India Private Limited)

  • Kenneth Gantt

    Kenneth GanttKenneth Gantt

    SECURITY ENGINEER | Cyber Security and Data Architecture & Engineering at INSIGHT GLOBAL – CISCO SYSTEMS / Bank of AmericaSECURITY ENGINEER | Cyber Security and Data Architecture & Engineering at INSIGHT GLOBAL – CISCO SYSTEMS / Bank of America

  • Anisha Bhatti

    Anisha BhattiAnisha Bhatti

    Research Assistant & Data Engineer at Meerkats Innovative Technotools Pvt LtdResearch Assistant & Data Engineer at Meerkats Innovative Technotools Pvt Ltd

CREATE PROFILE
NANDIGAMA SAI SHANKAR