Nilotpal Gure
Bengaluru,KA
Summary
Product Security Engineer with 2+ years of experience securing web , mobile , and API -based products across CI/CD environments. Proven success in reducing vulnerability risk exposure by 40% through automation and targeted code reviews . Skilled in integrating security controls into development pipelines and collaborating with cross-functional teams to embed security within the product lifecycle.
Overview
3
3
years of professional experience
1
1
Certification
Work History
Assistant Product Security Engineer
Signify Innovation India Limited
07.2023 - Current
- Performed comprehensive vulnerability assessments and penetration tests across 10+ web, mobile, and API services, identifying 25+ high/critical CVSS vulnerabilities prior to release.
- Integrated Trivy scanning into Jenkins CI/CD pipelines, automating image vulnerability checks and eliminating 30% of manual review effort before production.
- Conducted source code reviews ( SAST ) for Android and backend components, uncovering logic flaws and insecure deserialization issues that reduced mobile app risk exposure by ~40%.
- Collaborated with development teams to remediate critical issues within SLA , improving mean time to remediation (MTTR) for critical vulnerability by 25%.
- Delivered detailed security assessment reports and remediation guidance to engineering and product stakeholders, driving risk-based prioritization in release cycles.
R&D Intern
Nokia
09.2022 - 06.2023
- Developed an automated board bring-up system for femto products using Bash and “ expect ” scripting, reducing hardware test setup time by 65%.
- Created and optimized test automation scripts, improving process efficiency and consistency in firmware validation.
- Built Power BI dashboards for visualization of system performance data, accelerating decision-making for product and test teams.
Education
Master of Technology - Cyber Security
Vellore Institute of Technology
Vellore01.2023
Bachelor of Technology - Computer Science
University of Engineering & Management
Kolkata01.2021
Skills
- Security Testing: Web, Mobile, API Security, Vulnerability Assessment, SAST, DAST, Source Code Review
- Tools & Frameworks: Burp Suite, OWASP ZAP, MobSF, Frida, Postman, Nessus, Wireshark, Nmap, Trivy, Jenkins
- Programming & Scripting: Python, Bash, JavaScript
- Security Methodologies: OWASP Top 10, STRIDE, CVSS, MITRE ATT&CK
- DevSecOps: CI/CD Integration, Container Security, Automated Vulnerability Scanning
- Certifications: CEH v13 (in progress, expected 2025)
Certification
CEH v13 (in progress, expected 2025)
Project
Secure Chat Application (Academic Project – VIT): Built a Python-based chat application implementing RSA encryption and secure key management for real-time end-to-end communication.
Timeline
Assistant Product Security Engineer
Signify Innovation India Limited
07.2023 - Current
R&D Intern
Nokia
09.2022 - 06.2023
Bachelor of Technology - Computer Science
University of Engineering & Management
Master of Technology - Cyber Security
Vellore Institute of Technology