Test
Rahul Choudhary
Security Signature Engineer
New Delhi
Summary
Experienced Information Security Engineer with 3+ years history in conducting trainings and developing detection logic/signatures for various security vulnerabilities. Demonstrated skill identifying business risks, Vulnerability Management and Penetration Testing. Proven to maintain efficiency in high-stress situations while being motivated to learn, grow and excel in cyber security industry.
Overview
3
3
years of professional experience
6
6
years of post-secondary education
3
3
Certifications
1
1
Language
Work History
Security Signature Engineer
Qualys
Pune
04.2021 - Current
- Added authenticated and unauthenticated based detection that are totally based on regex in initial days of joining.
- Later deployed in resolving False Positives/False Negatives by understanding customer concern and checking debug logs.
- Interact with clients on high and technical levels to discuss findings and resolution.
- Focused in adding remotely exploitable vulnerabilities that also part of CISA by analyzing POCs and checking for detection logic possibilities such as CVE-2016-4437, CVE-2021-35587, CVE-2021-35464 and etc.
- Adding detections proactively for latest vulnerabilities released by looking to cvedetails.com and exploit-db.com.
- Taking care of Blind Elephant module that is used for fingerprint based detection.
- Been part of Microsoft, Adobe and Oracle patch Tuesday where detections are added on advisory release date itself.
- Involved in internal team tool and script development, utilizing bash and python.
Security Analyst
Tata Consultancy Services
Lucknow
09.2019 - 04.2021
- Building team and setting up vulnerable labs for Hands-on exposure to team.
- Conducting trainings over OWASP Top 10 and penetration testing methodologies.
- Creating documents containing steps to identification of vulnerabilities.
- Performed web application security assessments based on OWASP Framework.
- Engaged in variety of web application vulnerability assessments and penetration testing.
- Perform security reviews of application designs and source code review.
- Utilize platforms and tools such as Kali Linux, Metasploit framework and Burpsuite.
- Performed Static and Dynamic analysis of web applications using tools such as Veracode, Nessus and SonarQube.
- Analyze security test results, draw conclusions from results and develop targeted testing as deemed necessary.
Education
Bachelor of Technology - Information Technology
Inderprastha Engineering College
Sahibabad, UP 06.2015 - 04.2019
High School And Intermediate - Science Education
JBM Global School
Greater Noida, UP 03.2013 - 04.2015
Skills
Penetration Testing
Burpsuite
Metasploit
Veracode
OWASP Top 10
Source Code Review
Certification
Offensive Security Web Expert (OSWE)
Accomplishments
Participated in CTF challenge Hacktivitycon by Hackerone.
Following are the vulnerabilities reported in different private programs:
- Parameter Tampering
- SQL Injection
- Cross-Site Scripting (XSS)
- Misconfigured S3 Bucket
Affiliations
- Society of Women Engineers
Additional Information
SAMPLE DATA
Software
Interests
Gaming
Timeline
Offensive Security Web Expert (OSWE)
12-2021
Security Signature Engineer
Qualys
04.2021 - Current
Offensive Security Certified Professional (OSCP)
12-2020
Security Analyst
Tata Consultancy Services
09.2019 - 04.2021
Lucideus Certified Ethical Hacker (LCEH)
08-2015
Bachelor of Technology - Information Technology
Inderprastha Engineering College
06.2015 - 04.2019
High School And Intermediate - Science Education
JBM Global School
03.2013 - 04.2015