SACHIN KATTIMANI
Bengaluru
Summary
Currently working as a Security Analyst at F5 Networks, specializing in application, API, container, and infrastructure security. Skilled in conducting web application penetration testing using Burp Suite Pro, WebInspect, and Postman, aligned with OWASP Top 10 standards. Experienced in network and container security assessments using tools like Nmap, testssl.sh, Nessus, and Kubernetes security practices. Proficient in triaging CVEs, performing API security testing, and collaborating with cross-functional teams to remediate high-risk vulnerabilities. Responsible for logging bugs in Bugzilla, updating findings on Confluence, and maintaining detailed security documentation. Continuously improving assessment methodologies by staying updated on the latest security threats and tools.
Overview
10
10
years of professional experience
Work History
Software Engineer 3
F5 Networks
01.2025 - Current
- Conducting comprehensive web application penetration testing using OWASP Top 10 methodology, leveraging tools such as Burp Suite Pro, WebInspect, and Postman.
- Performing network and infrastructure security assessments using tools like Nmap, testssl.sh, and Nessus, identifying misconfigurations and high-risk vulnerabilities.
- Executing container security evaluations by assessing Docker/Kubernetes configurations.
- Conducting API security assessments with Postman and Burp Suite, identifying issues like authentication bypass, excessive data exposure, and improper access control.
- Triaging Common Vulnerabilities and Exposures (CVEs) and aligning findings with CVSS scores to assess risk impact and guide remediation planning.
- Logging and tracking security issues in Bugzilla, ensuring each bug is well-documented with reproducible steps, severity levels, and remediation recommendations.
- Updating Confluence pages with detailed findings, test results, bug statuses, and best practices to maintain a centralized knowledge base and audit trail.
- Collaborating with cross-functional teams (DevOps, engineering, compliance) to resolve security issues and perform post-remediation validation.
- Producing clear, actionable security reports and dashboards for stakeholders, aiding in compliance, risk tracking, and internal metrics.
- Staying current with emerging threats, tools, and techniques to continuously evolve testing methodologies and coverage.
Security Delivery Senior Analyst
Accenture
07.2021 - 12.2024
- Spearheading penetration testing initiatives for over 50 business applications, fortifying their security postures.
- Executing comprehensive Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST), including manual assessments, with a focus on critical, high, and medium-risk vulnerabilities.
- Formulating detailed security test cases, generating insightful reports, and providing actionable recommendations to expedite the remediation of identified vulnerabilities.
- Directing security compliance efforts by addressing issues such as insecure headers to ensure alignment with industry standards.
- Coordinating effectively with cross-functional teams to strategize and schedule projects, ensuring adherence to deadlines.
- Utilizing advanced tools such as Veracode and WebInspect for SAST and DAST, enhancing the project's secure coding practices.
- Performing Cloud Security Penetration Testing and acquiring expertise in mobile application security.
- Specializing in identifying application-level vulnerabilities, including Cross-Site Scripting (XSS), SQL Injection, Cross-Site Request Forgery (CSRF), authentication bypass, and other authentication flaws.
- Conducting comprehensive security assessments on web services and RESTful APIs, encompassing the development, execution and evaluation of APIs to uncover potential security vulnerabilities.
- Discovering & exploiting vulnerabilities such as Cross-Origin Resource Sharing (CORS) issues, weaknesses in JWT tokens, application privilege escalation, and Cross-Site Request Forgery (CSRF), thereby strengthening the security posture of applications.
- Guiding & mentoring new team members by providing expert advice on tool utilization, strategic execution and critical security concepts, thereby cultivating a proficient and knowledgeable team.
- Orchestrating successful execution of penetration testing initiatives, ensuring a robust application security posture & safeguarding against potential cyber threats.
- Testing encryption mechanisms to protect data both at rest and in transit, ensuring confidentiality and integrity of sensitive information.
- Implementing & overseeing data access controls and monitoring systems to detect and respond to unauthorized access or misuse of data.
- Coordinating responses to data breaches, including identifying cause, mitigating the impact, and notifying affected parties in accordance with legal requirements.
- Implemented enhanced testing methodologies, resulting in an improvement in application security.
- Improved overall security posture of a web application by identifying & remediating critical vulnerabilities, resulting in a reduction in security incidents.
- Conducted penetration testing on 50+ applications, uncovering and addressing critical security flaws that led to significant decrease in security breaches.
Quality Analyst Engineer
Talentquest
01.2019 - 03.2021
Software Engineer
HCL TECHNOLOGIES
08.2015 - 12.2018
Education
B.E. - Computer Science & Engineering
Poojya Dodappa Appa College
01.2014
Skills
- Application Security Testing
- Authentication & Authorization
- Vulnerability Assessment
- Secure Architecture Review
- Secure Coding
- Access Control
- SAST
- DAST
- API Security
- Data Protection
- Manual & Automated Penetration Testing
- Network and Infrastructure Security Testing
- Container Security
- CVE Triaging
Accomplishments
- Proactively reported & assisted in resolving numerous vulnerabilities through private organization bug bounty programs, earning recognition in prestigious Hall of Fame listings.
- Received commendation from Government of India's NCIIPC for identifying vulnerabilities across various web applications.
Publications
Published various dorks in Google hacking database, https://www.exploit-db.com/googlehacking-database?author=10636
Timeline
Software Engineer 3
F5 Networks
01.2025 - Current
Security Delivery Senior Analyst
Accenture
07.2021 - 12.2024
Quality Analyst Engineer
Talentquest
01.2019 - 03.2021
Software Engineer
HCL TECHNOLOGIES
08.2015 - 12.2018
B.E. - Computer Science & Engineering
Poojya Dodappa Appa College
Similar Profiles
Alvin (Teddy) MakoanyaneAlvin (Teddy) Makoanyane
SYSTEM ENGINEER FOR EAST AND WEST AFRICA at F5 NetworksSYSTEM ENGINEER FOR EAST AND WEST AFRICA at F5 Networks
Kylie MossetKylie Mosset
Social Media Strategist at F5 NetworksSocial Media Strategist at F5 Networks
G. MADHU GANGA RAJUG. MADHU GANGA RAJU
SDE III at F5 NetworksSDE III at F5 Networks
KAREEMULLA DADUGALLAKAREEMULLA DADUGALLA
Application Support Analyst at PVH SERVICES INDIA PRIVATE LIMITEDApplication Support Analyst at PVH SERVICES INDIA PRIVATE LIMITED
Varshika PrashanthVarshika Prashanth
Quality Assurance and Automation Engineer at Source Engineering ServicesQuality Assurance and Automation Engineer at Source Engineering Services