Radhika Sreelatha Balachandran

As a Penetration Tester, I was involved in testing web applications and network infrastructure, triaging vulnerabilities, exploiting the vulnerabilities to generate proof-of-concept, suggesting countermeasures to produce a detailed security test report in adherence to industry standards such as CVSS. Reports are generated with the risk analysis and justification for vulnerabilities in a client customized format

Responsibilities:

• Performed Network and Web-Application Penetration testing comprehensively using open source and commercial tools
• Strong exposure to automated scanners such as Nessus, Netsparker for assessments
• In-depth understanding on the assessments for web applications using manual and automated techniques aligned with industry standards such as OWASP and PTES
• Involved in the development of MSB of Linux based and windows based servers based on industry standards such as CIS benchmarks, NIST etc
• Triaging automated scanner results to eliminate false positives and socializing the risk profile with stake holders
• Expertise in rendering security services for diverse clients in ecommerce, finance, and healthcare sector clients under strict deadlines, multitasking and precision planning helped me in timely delivery, frequently gaining appreciation from senior management
• Extensively worked in identification and exploitation of high risk vulnerabilities like Cross-Site Scripting (XSS), SQL Injection, Authentication Bypass, Cross-Site Request Forgery (CSRF) and XML External Entity (XXE) attacks
• Assessing vendors as per client requirement for Information security, not limited to network architecture, password management, access management, VA/PT, secure application development methodology, data protection, etc
• Developed a comprehensive framework for practical evaluation for candidates for Attack and Penetration Testing Team
• This platform was later approved by senior management and successfully inducted in multiple recruitment drives

During my internship I gained knowledge in OWASP Top 10 Vulnerabilities, presentations were carried out to understand in depth about the vulnerabilities as a part of the career assessment and assisted the team in many projects to learn more about the process carried out during the security assessments

Responsibilities:

• Programmed Web application Security Testing Sandbox in PHP emulating OWASP Top 10 Vulnerabilities for learning Penetration testing
• Developed expertise in using security and Vulnerability Management tools such as Kali Linux, Nmap, Metasploit, Wireshark, Nessus, Burp Suite Pro, Netsparker