Summary
Overview
Work History
Education
Skills
Professional Achievements Certifications
Personal Information
Languages
Hobbies and Interests
Disclaimer
Timeline
Generic

Prosenjit Sil

Bangalore

Summary

I am an Information Security Researcher with over 11 years of experience in Information Security. Currently I am leading Product Security Team in Thomson Reuters. The role being played is primarily as Security Researcher and Consultant for customers and products in the organization. I have extensive working experience in various domains of Information Security i.e. , Product Security, Red Teaming, Penetration Testing (Infrastructure/Web/Mobile), Application Security Assessment (Dynamic Application Security Testing and Static Application Security Testing), Cloud Security, Automation Scripting, Malware Research.

Overview

12
12
years of professional experience

Work History

Product Security Lead

Thomson Reuters
Bangalore
04.2022 - Current
  • Leading the Product Security Team
  • Managing organization Bug Bounty program and Vulnerability disclosure program
  • Find out vulnerabilities in organization's infrastructure (cloud platforms and containers) and applications, software and also help the developers to remediate those
  • Enhance Product Security scopes and guidelines
  • Prepare and publish various process documents on Organization's public channel, TechToc on current application security program and their future plans
  • Policy Configuration and implementation of Source Code Scanner (Veracode)
  • I work as Individual Contributor and also Manage a team of 9 people
  • Implementing new plans for better application security scrutiny
  • Project the Application Security data on PowerBI platform
  • Using automation scripts (python) and technique (karma, Snowflake) to speed up the manual works
  • Penetration Testing/Application Security: Bug Bounty, Product Security, Cloud Security, Metasploit Pro, MITRE Framework, Snyk, Checkmarx, Burp suite, Kali Linux, Nmap, Wireshark, Burpsuite, Mobile Security, Fuzzing, DAST, SAST
  • Malware Researcher: Malware Analysis (Static and Dynamic), Malware Reverse Engineering, SIEM (Splunk, LogRhythm, Qradar and McAfee Nitro), Nexpose Rapid7, Palo Alto Traps Antivirus.

Application Security Manager

Mindtree
Bangalore
08.2020 - 04.2022
  • Leading the Corporate Security Team under CISO
  • Perform Application Security Testing, Kubernetes - Container, POD Penetration Testing
  • Security Architecture Review, Infra Security Testing, Red Teaming
  • Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST)
  • Malware Researching, performing Static, Dynamic Analysis and Reverse Engineering (Fakenet, File, ExeInfo PE, TrID, Compute Hash, BinText, CFFExplorer, PE Studio, OllyDbg, Ghidra)
  • Performing infra penetration testing (Black box, Gray box and White box)
  • Performing Infra and web application penetration testing (Black box, Gray box and White box) and Social Engineering for Black Box Penetration testing (Tools used: Burpsuite Pro, Nmap, Metasploit Pro, Mitre Framework, Checkmarx, Burp suite, Kali Linux, Wireshark)
  • Perform manual as well as automated pen tests using various open source as well commercial tools.

Red Team Lead

Cognizant
Bangalore
08.2019 - 08.2020
  • Leading the Red Teaming activity following MITRE attack framework on Azure Cloud Environment
  • Created Pythons Scripts for Bruteforce and Nmap scanning for Azure Environment
  • Perform Security Hygiene on monthly basis
  • Using different tools as part of Red Teaming like, Mimicat, Netcat, Upx, PsExec
  • Performing Red Teaming by following, Reconnaissance and Weaponization, Exploitation, Post Exploitation, Establishing Foothold and Maintaining Presence, Lateral Movement, Reporting
  • Removing False Positive results from given report that has been generated by automated scanner
  • Performing infra penetration testing (Black box, Gray box and White box)
  • Perform testing using OWASP, and SANS standards
  • Performing web application penetration testing (Black box, Gray box and White box) and Social Engineering for Black Box Penetration testing.

Senior Penetration Tester (Team Lead)

Tata Consultancy Services
Kolkata
07.2016 - 08.2019
  • Leading the Application Security team
  • Performing Penetration Testing using tools i.e
  • Metasploit, Kali Linux, Nmap, Wireshark, Hping, Nessus, Burpsuite, SQLMap, SQLNinja John the Ripper, BeEF, Maltego, Ettercap, Hydra
  • Creating Phishing Campaign using Rapid7 Metasploit Pro, Knowbe4
  • Removal of false positive and negative analysis
  • Report preparations and updating inventory
  • Conducted kick-off meeting with team to understand the requirement
  • Planned and prepared the effort required to carry out the assignment
  • Automated vulnerability scanning using Nmap and Nessus
  • Manually validate the report for removing false Positive results from given report that has been generated by automated scanner.

Application Security Consultant

Tech Mahindra
Hyderabad
08.2012 - 05.2016
  • Performing Penetration Testing using tools i.e. Metasploit, Kali Linux, Nmap, Wireshark, Hping, Nessus, Burpsuite, SQLMap, SQLNinja John the Ripper, BeEF, Maltego, Ettercap, Hydra
  • Creating Phishing Campaign using Rapid7 Metasploit Pro, Knowbe4.
  • Use Maltego to discover and accumulate data of a potential target in a single instance for a domain.
  • hping3 to TCP/IP packet assembler/analyzer (Network Testing, Security Auditing).
  • Use Burp suite for security testing of Web Application.
  • SQLMap and SQL Ninja to perform SQL Injection testing.
  • John the Ripper to detect weak passwords that could put network security at risk.
  • To launch client-side attacks against target browsers, BeEF is used.
  • Investigate the alerts from the SIEM (Splunk, LogRhythm and McAfee Nitro), analyse the log, take necessary action.
  • Configuration of the co-relation rules in SIEM and the Configuration of the event sources.
  • Configure the Rules and profiles in Palo Alto Traps Antivirus.
  • Create hash exception in Palo Alto Traps Antivirus.
  • Integrate Palo Alto Traps AV with SIEM.
  • IPS and IDS configuration
  • Investigate the events detected on the McAfee IPS and take the necessary action.
  • Worked on Tripwire Enterprise, LogRhythm SIEM, Rapid7.

Education

Bachelor of Computer Application - Computer Application

Annamalai University (Distance)
Bangalore
11-2022

Diploma Engineering - Electronics And Instrumentation Engineering

Birla Institute of Technology - West Bengal State Council of Technical Education
Kolkata
05-2012

Higher Secondary - Science

Newbarraackpore Colony Boys' High School
Kolkata
05-2008

10th -

Madhyamgram Boys' High School
Kolkata
05-2006

Skills

  • Leading Product Security Incident and Response Team where I have been working to find vulnerabilities on all the products of the organization, provide the remediation guidance to fix the those
  • Managing Organization’s Bug Bounty practice
  • Lead the Corporate Security Team under CISO Org
  • Perform Penetration Testing) on organization’s several infrastructures, applications, cloud platforms
  • Lead the Red Teaming work by following Reconnaissance, Weaponization, Exploitation, Post-Exploitation, Establishing Foothold and Maintaining Presence, Lateral Movement, Data Exfiltration and Reporting (MITRE ATT&CK framework)
  • Secure Code Review (Snyk, Checkmarx, Veracode)
  • Worked as a Malware Researcher, where I performed Static, Dynamic Analysis and Reverse Engieering (Fakenet, File, ExeInfo PE, TrID, Compute Hash, BinText, CFFExplorer, PE Studio, OllyDbg, Ghidra
  • Mobile Penetration Testing (Android Studio, Dex2Jar, MobSF)
  • Perform Security Testing by following OWASP, SANS standards (DAST & SAST)
  • Perform web application penetration testing (Black box, Grey box and White box)
  • I am in-depth expertise in the top standards Commercial scanners: Metasploit Pro, Burp Suite Professional, Enterprise, Community), Rapid7 Nexpose, Rapid 7 InsightAppsec, Nessus, IBM Appscan, WebInspect

Professional Achievements Certifications

  • AZ500 (Microsoft Azure-Security)
  • CEHv9 (Certified Ethical Hacker), Rapid7 Insight Appsec
  • LogRhythm SIEM
  • Palo Alto Networks ACE
  • Certified on Infrastructure Management Services (IMS) as Mahindra Satyam Certified Infrastructure Support Professional (MCISP)
  • ITIL
  • CCNA R&S Certified
  • CCNP (Switch) certified

Personal Information

  • Date of Birth: 04/15/90
  • Gender: Male
  • Nationality: INDIAN
  • Marital Status: Married

Languages

  • English
  • Hindi
  • Bengali

Hobbies and Interests

  • Spending time with family
  • Long drive
  • Explore new places
  • CTF Challenges
  • Offensive Security
  • Research and explore new technologies

Disclaimer

I hereby declare that above written particulars are true & correct to the best of my knowledge & belief.

Timeline

Product Security Lead

Thomson Reuters
04.2022 - Current

Application Security Manager

Mindtree
08.2020 - 04.2022

Red Team Lead

Cognizant
08.2019 - 08.2020

Senior Penetration Tester (Team Lead)

Tata Consultancy Services
07.2016 - 08.2019

Application Security Consultant

Tech Mahindra
08.2012 - 05.2016

Bachelor of Computer Application - Computer Application

Annamalai University (Distance)

Diploma Engineering - Electronics And Instrumentation Engineering

Birla Institute of Technology - West Bengal State Council of Technical Education

Higher Secondary - Science

Newbarraackpore Colony Boys' High School

10th -

Madhyamgram Boys' High School

Similar Profiles

CREATE PROFILE
Prosenjit Sil