Summary
Overview
Work History
Education
Skills
Timeline
Generic

Ravi Ranjan

Security Researcher
Pune,MH

Summary

“Every breath is a giveaway dance between you and the plants.” Objectve To secure a challenging job as a security Consultant and utilize my proven IT Security experience to help organization become more secure and efficient. With over 12+ years of experience as a security expert, specializing in vulnerability assessment and penetration testing, I have a proven track record of detecting server, web, API, embedded and Mobile vulnerabilities while adhering to OWASP guidelines. I consult on complex security issues, providing strategic advice to leadership to resolve escalated challenges, and take ownership of managing risk and strengthening controls within projects. I actively contribute to the development of new policies and procedures to support governance and mitigate risks. Skilled in cross-functional collaboration, I ensure alignment with business objectives and strategy. I conduct complex analysis using internal and external data sources, creatively solving problems, and communicating sensitive or technical information effectively to diverse audiences. Professional Summary Techno-savvy professional with 13 years of experience Engage Actively in Vulnerability Assessment and Penetration Testing Conduct regular evaluations on servers, web applications, and APIs to identify vulnerabilities. Provide real-time advice on technical aspects of cyber defense and response during assessments. Perform Meticulous Vulnerability Assessments Conduct thorough vulnerability assessments on web and APIs to ensure compliance with PCI-DSS, GDPR, and other standards. Optimize technical cyber defense controls based on assessment findings. Efficiently Manage Projects Lead project management efforts from initiation to completion, ensuring adherence to timelines, budgets, and quality standards. Address various applications across different categories with dedicated efforts. Emphasize Manual Penetration Testing Conduct penetration testing through manual analysis, creating tailored checklist scenarios for each application's requirements. Assist in business development activities leveraging assessment results. Produce Comprehensive Reports and Build Client Relationships Generate detailed reports on penetration test and scan results, including recommendations for remediation. Establish and maintain strong client relationships, understanding their needs and providing strategic solutions. Conduct Detailed Analysis and Deliver High-Quality Work Analyze reports to filter out false positives and highlight true positives in SAST and DAST reports. Deliver high-quality technical work related to cyber defense and response. Collaborate with Stakeholders and Improve Technical Work Work closely with product owners and applications to address and remediate vulnerabilities, providing necessary clarifications. Review and enhance technical work delivered by the team. Utilize Industry-Leading Tools and Mentor Junior Staff Utilize tools like BurpSuite, Fortify SCA, and Nessus proficiently, showcasing expertise in Kali Linux OS. Provide guidance, training, and support to junior staff for skill development and project achievement. Technical Skills Security: Web Application Security, Web Services Security, Source Code Review, Mobile Application Security, Thick Client Security, Embedded Security, Network Security, Application Dependency Check, Red Team, Threat Modeling, CIS Hardening and Security Architecture Review.

Overview

12
12
years of professional experience

Work History

Senior Product Security Engineer

03.2023
  • II | Web, Web-Service, CIS Hardening & Threat Modeling
  • Emerson, – on going
  • Lab Accreditation Audit – Performing as Auditee in NABL – 137, ISO 17025 for cyber Security Lab Accreditation
  • For cyber security test environment to maintain highly secure and giving the best output, enabling ISA/IEC 62443
  • CIS Hardening- Performing CIS (Center for Information Security) Hardening for Rosemount
  • CIS Policy- Execute Level-1 and Level-2 Hardening procedures and assess the performance of OT (Operation Technology) devices in accordance with security requirements
  • Implemented CIS hardening on Windows 10 and 11 and server 2022
  • Developed Tools: Detection and Prevention tools developed for the thick client application from ransomware, Data Breach, EDR, Antivirus, windows defender and malware via automated tool and manual implementation of security policies
  • Conducting security assessments for web, API, Mobile, Embedded, Docker applications based on OWASP, ASVS, MASVS and other security standards
  • Develop New Security Test Case and Providing Code Level Logic Solutions to Developers
  • Work closely with developers, Business unit head and other team members throughout the audit iterations, tracking/reporting results, troubleshooting and coordinating defect resolution
  • Performing secure code reviews using Coverity and eliminating false positives
  • Conducting manual penetration testing on Emerson's products along with the use of automated tools like Burp Suite, HCL AppScan, Postman, binwalk, IDA pro, binary ninja etc
  • This testing encompasses Industrial Internet of Things (IIoT) and internet-connected products, including field devices, PLCs, SCADA systems, DCS, HMIs, and other devices commonly found in industrial setups, following the Purdue model for industrial network layering architecture
  • Engaging in the audit process as the entity being audited for the purpose of obtaining NABL-137, ISO 17025 accreditation for a cybersecurity laboratory process
  • This accreditation aims to ensure a highly secure and optimized cybersecurity testing environment, aligning with the standards set forth in ISA/IEC 62443-4-1 for helping the product owner to achieve the IEC 62443 certification and fulfilling the requirements of Cyber Resilience Act (CRA)
  • Explaining the identified vulnerabilities to the development team and suggested remediation’s, resulting in improved security as well as increased attack resiliency
  • Conducting security assessment for native and hybrid mobile applications across various domain based on OWASP and other security standards
  • Creating reports for Test area coverage definitions, Test Plans and test cases for new features and implementations
  • Delivering a detailed assessment reports containing all found vulnerabilities with their PoCs and explaining their impact to respective clients
  • Give demos, presentation to the Business unit, developers & explain the threat and impact of different attacks and vulnerabilities
  • Updating Pentesting Process on regular basis
  • Maintain the team performance in the process of Bug Identification in the client application, Azure project tracking, skill enhancement, project deliverables and timelines.

Security Specialist

Mobile Application Wipro Ltd
05.2019 - 03.2023
  • Web, Web-Service &, Lead and manage a team of information security consultants, overseeing project delivery and ensuring alignment with industry best practices
  • Conduct risk assessments and vulnerability assessments to identify security gaps and recommend appropriate remediation strategies
  • Mentor and train junior team members, fostering a culture of continuous learning and professional development
  • Develop and implement security policies, procedures, and standards to protect organizational assets and sensitive information in compliance with frameworks like ISO 27001
  • Conduct comprehensive risk assessments and vulnerability assessments to identify security gaps, utilizing tools such as Nessus, Qualys, or OWASP ZAP
  • Stay updated on emerging threats and security trends, sharing insights with team members and stakeholders through regular training sessions and workshops
  • Conducting security assessments for web applications across various domains such as Banking, Insurance, Automobile, Healthcare, Retail etc
  • Based on OWASP and other security standards
  • Performing secure code reviews using Check Marx and eliminating false positives
  • Explaining the identified vulnerabilities to the development team and suggested remediation’s, resulting in improved security as well as increased attack resiliency
  • Conducting security assessment for native and hybrid mobile applications across various domain based on OWASP and other security standards
  • Performing static source code analysis, automated dynamic testing and manual testing for mobile apps
  • Security Testing for Android and iOS applications based on OWASP Mobile Application Security Verification Standard (MASVS) checklist
  • Hands on experience with reverse engineering tools such as Drozer, SQLite Browser, ApkTool, Dex2Jar, adb etc for Android
  • Hands on experience with reverse engineering tools such as Keychain dumper, Hopper, Xcon, Cycript etc for iOS
  • Delivering a detailed assessment reports containing all found vulnerabilities with their PoCs and explaining their impact to respective clients
  • Maintain the team performance in the process of Bug Identification in the client application, Jira project tracking, skill enhancement, project deliverables and timelines.

Consultant

Aujas Networks
11.2017 - 05.2019
  • Web Application, web-services, Network, Thick Client & Mobile Application, Conducting security assessments for web applications across various domains such as Banking,Telecom etc based on OWASP and other security standards
  • Performing manual source code analysis
  • Performing secure code reviews using Check Marx and eliminating false positives
  • Automated security testing using DAST tools like Burp Suite Pro and ZAP
  • Manual Testing of the application for security vulnerabilities
  • Explaining the identified vulnerabilities to the development team and suggested remediation’s, resulting in improved security as well as increased attack resiliency
  • Delivering a detailed assessment reports containing all found vulnerabilities with their PoCs and explaining their impact to respec- tive clients
  • ConductingsecurityassessmentfornativeandhybridmobileapplicationsacrossvariousdomainbasedonOWASP andother security standards
  • Performing static source code analysis, automated dynamic testing and manual testing for mobile apps
  • Security Testingfor Android and iOS applications based on OWASP Mobile Application Security Verification Standard (MASVS) checklist
  • Hands on experience with reverse engineering tools such as Drozer, SQLite Browser, ApkTool, Dex2Jar, adb etc for Android
  • Hands on experience with reverse engineering tools such as Keychain dumper, Hopper, Xcon, Cycript etc for iOS
  • Delivering a detailed assessment reports containing all found vulnerabilities with their PoCs and explaining their impact to respective clients
  • Info Sec, | Web, Network, Web-services & Mobile Application Aks IT Services

04.2016 - 11.2017
  • Performing Vulnerability Assessment and Penetration Testing (VAPT)
  • Responsible for Security Audit [VAPT] of Web Applications, Web services / API, Mobile applications, Source code
  • Review (SAST) for various govt
  • And private sector companies, which included multiple applications of Aviation
  • Ministries, Public Sector Banks, NIC applications, etc
  • Worked with the National Informatics Centre (NIC) Headquarters on various key projects and initiatives
  • Projects Completed: 200+ Web Applications, Mobile Applications, Secure Code Reviews, Web Services/API’s
  • Generated detailed security assessment reports and provided recommendations for mitigations
  • Mentored trainees in the AppSec team, providing guidance and training throughout the complete process of
  • Written lines of codes for multiple vulnerabilities in order to mitigate the vulnerabilities arise in the application or on the server level
  • Attending the demo calls for the application walkthrough Testing the accessibility of the application
  • Preparing an Interim report
  • Word summary report about the defects after the testing is completed
  • Explaining the vulnerabilities and remediation techniques to the customer
  • Retesting the vulnerabilities after the fix
  • Closing the defects after successful re-test and recommend for security signoff
  • Certin Empanelment – Performing as Auditee in Certin (Computer Emergency Response Team) –cyber Security empanelment
  • For cyber security test environment to maintain highly secure and giving the best output and provide the certificate for safe hosting on the govt
  • Domain server.

Information Security Consultant

10.2013 - 03.2016
  • Web, Web-services & Mobile, Application security audit of Internet & core banking applications
  • Application security audit of Intranet Web applications
  • Handling of Penetration Testing Team and conducting whole India online
  • Portal and sites Penetration Testing
  • Mobile Application testing
  • Thick client applications
  • Biometric device with web applications for Aadhaar portal verification
  • Certin Empanelment – Performing as Auditee in Certin (Computer Emergency Response Team) –cyber Security empanelment
  • For cyber security test environment to maintain highly secure and giving the best output and provide the certificate for safe hosting on the govt
  • Domain server
  • Gain exposure to tools like Burp Suite, OWASP ZAP, and vulnerability scanners
  • Maintained standards of a Cyber Security Services based company
  • Pentest Methodology Research and Implementation.

Programme Assistant

Web Development CyberQ Consulting
07.2011 - 02.2013
  • Responsibility of designing and developing Judgment and Cause list part
  • Installing and maintaining databases
  • Administration of the database including performance monitoring and tuning
  • Taking part in the preparation and execution of technical tests
  • Populating a database with new information or transfer existing data into it
  • Creating backup copies of data
  • Daily maintenance of firewall protection and file security
  • Responsible for database security and also preventing data loss
  • Performing daily system checks
  • Data entry, data auditing, creating data reports & monitoring all data for accuracy
  • Verification of data entered by the users through application at back end
  • Verification of database design
  • Verifying the data integrity.

Education

Pradesh Advanced Certification Program in Cyber Security and Cyber Defense - undefined

Indian Institute of Technology

MBA - Information Technology

Maharshi Dayanand University

M.TECH - Computer Science Engineering

Maharshi Dayanand University

B.TECH - Information Technology

West Bengal University of Technology

OSCP (Offensive Security Certified Professional) CRTP (Certified Red Team Professional) CC (Certified in Cybersecurity) Hardware Penetration Testing: Associate Hacker (Training & Workshop) Fundamentals of IEC 62443: Exida (Training & Workshop) CSP (Cyber Security Practitioner): Exida Cyber Security: End Point - undefined

OWASP Top 10 - undefined

17025 - undefined

2017

AZ-900- Microsoft Azure Fundamentals AWS Certified Solutions Architect tryHackme (Attacking Windows Active Directory) CySA+ ( CompTIA Cybersecurity Analyst CySA+) CEH (Certified of Ethical Hackers) CCASP (CyberQ Certified Application Security Professional) - undefined

Skills

  • Programming Languages:
  • Python
  • Operating Systems: Windows, Linux, MAC OS X, Kali Linux, AttifyOS
  • Database: MySql
  • Integrated Development Environment: Eclipse, Android Studio, XCode, Visual Code Studio
  • Security Tools
  • Web Application Security Tools:
  • BurpSuite, Fiddler, Wireshark, Sqlmap, Accunetix, OWASP ZAP, Wfuzz, Wapiti, W3af, Iron Wasp
  • Web Services Security Tools:
  • SoapUI, Rest API, Postman, WebInject, Apidog
  • Thick Client Security Tools:
  • Echo-Mirage, WinHex, Javasnoop, Mallory, DllSpy, dnSpy, TCPView, CFF Explorer
  • Embedded Security Tools:
  • Binwalk, Ghidra, IDA Pro, Qemu, Binary Ninja
  • Mobile Application Security Tools:
  • Drozer, ADB, Apktool, MobSF, IDB, Cydia, class-dump, Keychain dumper, Hopper, Xcon, iRET
  • Network Security Tools:
  • Nessus, Nmap, SuperScan, MetaSploit
  • Protocol Security Tools:
  • MQTTX, Mosquitto, Ettercap, Wireshark, Scapy
  • Source Code Review Tools:
  • Checkmarks, Coverity
  • DAST (Dynamic Application Security Testing) Tools
  • HCL App scan
  • Application Dependency Check Tools:
  • Blackduck, Aquascan
  • Threat Modeling Tools:
  • STRIDE
  • CIS Hardening Tools:
  • CSAT PRO

Timeline

Senior Product Security Engineer

03.2023

Security Specialist

Mobile Application Wipro Ltd
05.2019 - 03.2023

Consultant

Aujas Networks
11.2017 - 05.2019

04.2016 - 11.2017

Information Security Consultant

10.2013 - 03.2016

Programme Assistant

Web Development CyberQ Consulting
07.2011 - 02.2013

Pradesh Advanced Certification Program in Cyber Security and Cyber Defense - undefined

Indian Institute of Technology

MBA - Information Technology

Maharshi Dayanand University

M.TECH - Computer Science Engineering

Maharshi Dayanand University

B.TECH - Information Technology

West Bengal University of Technology

OSCP (Offensive Security Certified Professional) CRTP (Certified Red Team Professional) CC (Certified in Cybersecurity) Hardware Penetration Testing: Associate Hacker (Training & Workshop) Fundamentals of IEC 62443: Exida (Training & Workshop) CSP (Cyber Security Practitioner): Exida Cyber Security: End Point - undefined

OWASP Top 10 - undefined

17025 - undefined

AZ-900- Microsoft Azure Fundamentals AWS Certified Solutions Architect tryHackme (Attacking Windows Active Directory) CySA+ ( CompTIA Cybersecurity Analyst CySA+) CEH (Certified of Ethical Hackers) CCASP (CyberQ Certified Application Security Professional) - undefined

Similar Profiles

CREATE PROFILE
Ravi RanjanSecurity Researcher