PIYUSH CHOURASIA
Lead Cyber Security Engineer
Hyderabad
Summary
Information Security professional with 6 years of experience in Web Application Security, VAPT, SAST/DAST, Secure Code Review, Vulnerability Management, GRC, and Network Security. Skilled in identifying vulnerabilities, assessing risks, and implementing effective security controls to protect critical assets.
Vulnerability Management Tools: Qualys, Nessus, Rapid7, CrowdStrike Network Security Tools: Nmap, Wireshark, Metasploit, Kali Linux Source Code Review & Application Security Tools: Burp Suite Pro, SonarQube, Checkmarx. Strong analytical and problem-solving skills with a proactive and detail-oriented approach. Holds a B.Tech in Electronics Engineering and is passionate about improving security posture in dynamic and complex environments.
Overview
6
6
years of professional experience
3
3
Certifications
Work History
Lead Security Engineer
Mphasis
03.2025 - Current
- Company Overview: An experienced IT security professional with a focus on application security and migration at Mphasis.
- Experienced IT security professional with a focus on application security and migration at Mphasis.
- Implemented pre- and post-migration security controls for applications during cloud-to-on-premises (lift-and-shift) migrations, and on-premises-to-on-premises migrations.
- Hands-on experience with SAST and DAST tools, primarily using Checkmarx, to identify and mitigate application vulnerabilities.
- Analyzed scan results, identified false positives, and shared detailed security reports with the development and security teams.
- Actively collaborated to remediate vulnerabilities, ensuring secure code practices, and compliance with security standards.
- Strong understanding of secure SDLC, application risk management, and compliance frameworks.
- Worked closely with cross-functional teams to integrate security best practices across the software development lifecycle.
- Experienced IT security professional with a focus on application security and migration at Mphasis.
Software Engineer
Code Icons
01.2023 - 08.2024
- Managed security service for a leading financial institution, and performed VAPT (Vulnerability Assessments and Penetration Testing) on web applications, SAST, DAST, and web services.
- Conducted Vulnerability Assessments (VAs), Risk Assessments, and remediation tracking via ServiceNow, ensuring SLA compliance and effective patch management using tools like Rapid7, Nessus, and CrowdStrike.
- Knowledge of the OWASP Top 10, SANS Top 25, and other web-related vulnerabilities.
- Providing awareness and solutions to the developers for the reported vulnerabilities.
- Implemented cloud security best practices to secure SaaS, PaaS, and IaaS environments; proactively monitored, assessed, and remediated security vulnerabilities across AWS and Azure using tools such as AWS Security Hub, Azure Security Center, and AWS CloudTrail.
Software Analyst
Tech Mahindra
05.2019 - 07.2022
- Conducted Vulnerability Assessment and Penetration Testing (VAPT) on web applications, REST APIs, and network infrastructure, identifying security flaws, and assisting in remediation efforts.
- Performed Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to detect vulnerabilities in source code and runtime environments.
- Specialized in API security testing, focusing on issues like broken authentication, insecure data transmission, excessive data exposure, and logic flaws.
- Hands-on experience with industry-standard tools, including: Vulnerability Assessment and Pentesting: Burp Suite Pro, Code Analysis and SAST Tools: Checkmarx, API Testing: Postman, and Burp Suite (with extensions).
- Applied comprehensive knowledge of OWASP Top 10, SANS Top 25, CWE, and CVSS v3 to assess and prioritize vulnerabilities based on severity and business impact.
- Assisted in the creation of security test cases and validation of remediation activities to ensure full resolution before ticket closure.
- Handled threat assessment by detecting, analyzing, and mitigating internal and external security risks using and Qualys, and coordinated remediation through ServiceNow.
- Collaborated with developers and system owners to promote secure coding practices, and integrate security early into the SDLC.
- Created technical reports, vulnerability summaries, and dashboards for internal review and audit readiness.
- Delivered presentations and walkthroughs of security findings to technical and non-technical stakeholders.
Education
Bachelor of Engineering - Electronics and Communication Engineering
Rajiv Gandhi Proudyogiki Vishwavidyalaya
Post-Graduate Certificate - Post Graduate Diploma In Computer Application PGDC
Skills
- Web Application Penetration Testing
- BurpSuit Pro
- SQLMAP
- API Testing
- Postman
- Network Security
- Metasploit
- Wireshark
- NMAP
- Incident Response
- LogRhythm
- Vulnerability Assessment VAPT
- Nessus
Certification
Certified Ethical Hacker
General Competencies
- Python
- JavaScript
- HTML
- CSS
Achievements Awards
- Appreciation certificate from 'intel.com' for XSS vulnerability.
- Actively participate in public/private bug bounty programs on YesWeHack.
- Reading cyber security updates, red team assessment, CTF and vulnerability exploits.
Timeline
Lead Security Engineer
Mphasis
03.2025 - Current
Software Engineer
Code Icons
01.2023 - 08.2024
Software Analyst
Tech Mahindra
05.2019 - 07.2022
Post-Graduate Certificate - Post Graduate Diploma In Computer Application PGDC
Bachelor of Engineering - Electronics and Communication Engineering
Rajiv Gandhi Proudyogiki Vishwavidyalaya
Similar Profiles
Soumya Sekhar MisraSoumya Sekhar Misra
Technical Support Engineer L2 at MphasisTechnical Support Engineer L2 at Mphasis
Rishi ShekharRishi Shekhar
Intern at MphasisIntern at Mphasis
Mehdi Mohi Ud DinMehdi Mohi Ud Din
Delivery Lead at MphasisDelivery Lead at Mphasis
Vaibhav PatilVaibhav Patil
Salesforce Developer at MphasisSalesforce Developer at Mphasis
Nithin SaraNithin Sara
Sr. Product Engineer at TECHMAHINDRA LTDSr. Product Engineer at TECHMAHINDRA LTD