PRATIMA KADYAN
Technical Lead - IMSS
New Delhi
Summary
OSCP certified Technical Lead with 6.5 years of increasing responsibilities in technical leadership, business-critical management, Penetration Testing of App/Network Infra, Comprehensive Security Review, Red Teaming.
Expertise in VAPT, Red Teaming, Threat Modeling, DevSecOps, Kubernetes Security, Container Security along with sound networking concepts, TCP/IP protocol, network security.
Proven diagnostic abilities with attention to detail and ability to work effectively in a fast-paced environment.
Leveraging skills honed in the Telecom (DU, Dubai), Banking, Financial Services sectors, as well as E-commerce, Food and Beverage, and Media, I've successfully delivered to multinational clients.
#THMDubaiCoreTeamMember
Overview
6
6
years of professional experience
1
1
Certification
Work History
Senior Information Security Consultant II
Aujas Cybersecurity
- Worked for multinational client (Airtel Africa) and HP
- Key Responsibilities Penetration Testing of Infrastructure Network and servers
- VA/PT, SAST, DAST of Web, Mobile (Android & iOS), API using OWASP Standard
- Performed AD Environment PT for another client
- Performed Thick Client Assessments for short-term projects
- Prepared Pentest Reports and presented findings to technical audiences, for HP
- Worked as Team lead for Airtel Africa and managed and mentored a team of 12 security professionals
- Responsible for Deliverables, project scoping, resource assignment, Report reviewing, and Client interaction
- Responsible for mentoring team of 5 who were working for Banking client for SAST, DAST of Web and Mobile (Android & iOS).
Technical Lead - IMSS
Aujas Cybersecurity
01.2022 - 11.2022
- Have worked for one of the leading telecom provider clients (DU, Dubai) and other clients in the UAE, UK
- Key responsibilities: Penetration Testing of Infrastructure Network and servers
- VA/PT, SAST, DAST of Web, Mobile (Android & iOS), API using OWASP Standard
- Comprehensive security review in compliance with OWASP ASVS, WiFi Pentesting for Oman Clients
- Preparing comprehensive Pentest Reports and presenting findings to technical audiences in meetings
- Responsible for Deliverables, project scoping, Report Reading to Client, and Client interaction
- DevSecOps consulting to UK based client, with Threat Modeling
- Gitlab #CICD #PipelineSecurity #ThreatModeling Red Team/VA/PT tools: Nessus, Metasploit, Tenable (io/Sc), Burp Suite Professional, Nikto, ZAP, OpenVAS, , Nmap, SQLMap, Wireshark, hydra, Ncrack, John the ripper, Kali Linux, Dirb, Dirbuster, Gobuster, SSLScan, SSL Labs, sslyze, MobSF, apktool, jadx, Frida, Objection, Magisk, adb, adb logcat, WiFi Pineapple, etc.
Senior Information Security Consultant
Condeco Software
02.2019 - 01.2022
- Responsible for end-to-end Product Security
- Penetration Testing of Infrastructure Network and servers
- VA/PT, SAST, DAST of Web, Mobile (Android & iOS), API using OWASP Standard
- Performed AD Environment PT Prepared Pentest Reports and presented findings to technical audiences
- Incorporated security in each phase of SDLC (DevSecOps) by integrating security tools in the CI/CD pipeline
- Created OWASP Zed Attack Proxy Task using Visual Studio Team Services to automate security testing and added it to the release pipeline.
Infosec Consultant
AKS IT Services
08.2017 - 02.2019
- Client-Side Work Experience Project: E-commerce Duration: 1 year Penetration Testing of Infrastructure Network and servers
- VA/PT, SAST, DAST of Web, Mobile (Android & iOS), API using OWASP Standard, Report reading to Client, providing remediation for the identified vulnerabilities.
Information Security Associate
Lucideus Tech
06.2016 - 06.2017
- Core member of the Web Application Security Team
- Independently managed and performed VAPT on various Web Applications including Banking, E-commerce, Food and Beverages, other financial applications, and Government applications, Mobile Applications and APIs, Black box assessment of banking applications
- Provide remediation for the vulnerabilities identified to fix the open gaps, take Walkthroughs of applications
- Work on Master Web Control List and add new controls every month.
Education
M. SC INFORMATICS -
University of Delhi, Institute of Informatics and Communication (IIC)
B. SC( HONS) COMPUTER SCIENCE -
University of Delhi, Shyama Prasad Mukherji College
Skills
NETWORK INFRASTRUCTURE VAPT (INTERNAL & EXTERNAL)
RED TEAMING
VA/PT, SAST, DAST of Web, Mobile (Android & iOS), APIs
OWASP TOP 10 (WEB & MOBILE)
ASVS Compliance
Threat Modeling
DevSecOps
GitLab Security
Application Architecture Review
Kubernetes Security
Container Security
Active Directory Env PT
Certification
OFFENSIVE SECURITY CERTIFIED PROFESSIONAL (OSCP)
Timeline
Technical Lead - IMSS
Aujas Cybersecurity
01.2022 - 11.2022
Senior Information Security Consultant
Condeco Software
02.2019 - 01.2022
Infosec Consultant
AKS IT Services
08.2017 - 02.2019
Information Security Associate
Lucideus Tech
06.2016 - 06.2017
Senior Information Security Consultant II
Aujas Cybersecurity
M. SC INFORMATICS -
University of Delhi, Institute of Informatics and Communication (IIC)
B. SC( HONS) COMPUTER SCIENCE -
University of Delhi, Shyama Prasad Mukherji College