Nilay Singh

• Secure SDLC implementation - Adding security checks at different stages of SDLC.
• Published secure coding guidelines for developers
• Roadmap to safeguard company's internal and external environments.
• Security audits to identify vulnerabilities in products, server and network devices.
• Suggested remediation action to fix identified gaps.
• Setting up CTI platform for continuous monitoring of external attack surfaces.

• Leading a team of five members with primary jobs to review all product, internal / external infrastructure and mobile applications from security perspective.
• Implemented Secure SDLC and mandated security reviews of all commits going into production.
• Revamped complete organization SDLC policy and introduced security reviews at various stages.
• Building CI-CD pipelines from scratch to bring more automation and easy build deployments to production
• Introduced threatmodeling as a process and mandatory requirement for all new platforms and existing major platforms.
• Handling PCI activities and audits. Regularly performs internal audit to identify gaps.
• Streamlined whole public and private bugbounty program to receive submissions from external researcher.
• Does evaluation of third party application before it is made available for other employees.

Major on going projects

• Security Automation
• Integrations Review
• API Security Solution
• Container Security
• Incident Management
• Cyber Threat Intelligence

Achievements

• Received an appreciation from CISO and engineering team for making threatmodel on one of the new platform and identifying the hidden risks.
• Received a global thank you award from PayU global CEO team for reviewing 800+ builds and identifying critical bugs which could have resulted in financial loss to company.

• Worked for a product manufacturing client
• Did complete network infrastructure penetration testing on client location
• Did threat modeling of their in-house applications followed by application PT.
• Identified severe vulnerabilities, and helped internal dev team to fix that.
• Got appreciated by client and was given 9/10 on technical knowledge.
• Was appreciated and received award from Infosys to successfully completing the project within defined timelines

• Worked for a banking client
• Had conducted manual and automated Web Application vulnerability assessments to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures.
• Identified vulnerabilities posing risk to business and communicated them to appropriate stake holder for remediation, resulting in improved security posture and increased attack resiliency.
• Identified application level vulnerabilities like SQL injection, IDOR, Authentication Bypass, CSRF, XSS and other business logic issues for financial applications
• Had worked on tools like IBM AppScan, OWASP ZAP, SOAP UI, Nessus, Metasploit, NeXpose (Rapid 7 vulnerability management tool), SQL Map, Nmap and frameworks like kali.