Summary
Overview
Work History
Education
Skills
Certification
Websites And Profiles
Websites
Timeline
Generic

SANDEEP KOTNY

Kakinada

Summary

Dynamic Security Engineer with extensive experience at ASICS Technologies, excelling in penetration testing and vulnerability assessments. Proficient in SIEM and EDR tools, I effectively identified critical security flaws and provided actionable remediation strategies. A collaborative team player, I leverage strong analytical skills to enhance security posture and mitigate risks in enterprise environments.

Overview

3
3
years of professional experience
1
1
Certification

Work History

Security Engineer / Penetration Tester

ASICS Technologies Pvt Ltd
10.2024 - Current
  • Performed web application, API, and infrastructure penetration testing for enterprise environments supporting the Wipro client engagement.
  • Conducted manual vulnerability assessments and exploit validation focusing on authentication bypass, access control flaws, injection vulnerabilities, and security misconfigurations.
  • Utilized Burp Suite, Nmap, Postman, SIEM, and EDR tools to identify, validate, and assess the real-world impact of security weaknesses.
  • Analyzed security events and logs to simulate attacker behavior, validate attack paths, and identify potential privilege escalation and lateral movement scenarios.
  • Classified findings into Critical, High, Medium, and Low severity using OWASP Top 10 and CVSS methodology, providing clear remediation guidance to development and infrastructure teams.
  • Supported application security reviews by identifying insecure coding practices, weak configurations, and exposed sensitive information.
  • Collaborated closely with SOC, application, and infrastructure teams to validate fixes and perform retesting after remediation.
  • Documented vulnerabilities with proof-of-concept (PoC) evidence and tracked remediation progress using ServiceNow.
  • Assisted in phishing investigations, malware analysis, and IOC validation to support incident-driven security testing.

Security Analyst

Fluent Grid Limited
Hyderabad
08.2022 - 08.2024
  • Conducted web application, API, and infrastructure security assessments to identify authentication, authorization, and injection vulnerabilities.
  • Performed vulnerability validation using Burp Suite, Splunk ES, Azure Sentinel, and SentinelOne EDR.
  • Triaged security findings and classified true positives and false positives with risk-based prioritization.
  • Analyzed SIEM and EDR alerts to simulate attacker behavior and validate exploitation paths.
  • Performed static and dynamic malware analysis to extract IOCs and assess post-exploitation impact.
  • Investigated phishing attacks, malicious emails, domains, URLs, and IPs using OSINT techniques.
  • Assisted in penetration testing engagements and vulnerability assessments aligned with OWASP Top 10.
  • Created detailed penetration testing reports with PoC, impact assessment, and remediation steps.
  • Collaborated with infrastructure and application teams to validate fixes and retest vulnerabilities.
  • Documented findings and tracked remediation using ServiceNow ticketing system.
  • Penetration Testing – Key Findings
  • Critical authentication bypass due to default credentials on customer portals.
  • Reflected XSS chained with CSRF resulting in account takeover.
  • Stored XSS via file name manipulation.
  • SSRF exploitation enabling internal port scanning.
  • IDOR vulnerabilities allowing unrestricted file downloads.
  • Clear-text storage of authorization tokens in client-side JavaScript.
  • Server misconfiguration enabling unauthorized proxy usage.
  • Missing rate limiting on sensitive application functionality.
  • CSRF affecting add, update, and delete operations.
  • Use of outdated and vulnerable third-party components.

Education

M.TECH - COMPUTERS (cybersecurity)

Kakinada Institute of Engineering and Technology
Kakinada

Bachelor of Engineering - Mechanical engineering

Kakinada Institute of Engineering and Technology
Kakinada

Skills

  • SIEM: Splunk
  • EDR: CrowdStrike
  • Cloud services: AWS firewall
  • Azure firewall
  • Shell scripting
  • Burp Suite
  • Wireshark
  • Risk Management
  • Elssentic
  • PowerShell
  • Linux Administration
  • Windows Firewall CI

Certification

  • Certified Ethical Hacker (Practical), EC-Council, ECC1498037265, 11/20/25, 12/01/26
  • Ethical Hacking Bootcamp, Edify Educational Services Private Limited, Z9IANU7VBK, https://edifypath.com/course/certverify/Z9IANU7VBK
  • Complete Ethical Hacking Bootcamp, Udemy, UC-ef193580-24cf-4e2b-b29b-fcb8fe2d91bf, http://ude.my/UC-ef193580-24cf-4e2b-b29b-fcb8fe2d91bf
  • Security Analyst, Emerging India, EIA/DOM/OLT/2021/829
  • Learn Ethical Hacking, Udemy, UC-5f1e35cd-96a5-43bc-9f29-6b227c6997a1, https://www.udemy.com/certificate/UC-5f1e35cd-96a5-43bc-9f29-6b227c6997a1
  • PowerShell Functions Master Class, Udemy, UC-2b4fb56d-88ed-4b8a-a8c5-6b3ca38f195b, https://www.udemy.com/certificate/UC-2b4fb56d-88ed-4b8a-a8c5-6b3ca38f195b/
  • National Association of Software and Service Companies, CN-0797504, https://inspiration-fun-7467.my.salesforce-sites.com/learnerCertificateQRPage?id=003Vy00000kA6WKIA0

Websites And Profiles

http://www.linkedin.com/in/sandeep-kotny-913248334/, https://tryhackme.com/r/p/sandeepkotny, https://academy.hackthebox.com/dashboard, https://github.com/SandeepKotny-soc

Websites

Timeline

Security Engineer / Penetration Tester

ASICS Technologies Pvt Ltd
10.2024 - Current

Security Analyst

Fluent Grid Limited
08.2022 - 08.2024

M.TECH - COMPUTERS (cybersecurity)

Kakinada Institute of Engineering and Technology

Bachelor of Engineering - Mechanical engineering

Kakinada Institute of Engineering and Technology

Similar Profiles

CREATE PROFILE
SANDEEP KOTNY