Summary
Overview
Work History
Education
Skills
Certification
Public Profiles
Timeline
Generic

Soumya Singh

Gurugram

Summary

I am an OSCP-certified cybersecurity professional with an extensive 6+ years of experience in pentesting Web applications , Mobile applications and APIs as well as Network VAPT and exploitation. Alongside, I have a strong development background in Python wherein I have worked as a Python-Django and backend services developer for cybersecurity products giving me vast experience in developing internal security tools and B2B security products.


I possess exceptional customer interaction and communication skills with immense experience in working with clients as well as technical and managerial development teams.


Currently, I am working at Deloitte as an Assistant manager deployed at an international bank where my daily activities include hands-on Web and API penetration testing, developing and improving security automation tooling. Meanwhile, I also manage a team of 10 pentesters looking over Attack Surface Analysis and Threat Modeling for new products/features, severity assessment for identified vulnerabilities and driving remediation initiatives with development teams.


In my past projects, I have also worked in Red Team projects , Automated and Manual Network Security Assessment, Windows AD Security Pentesting and Source Code Review in Java, Python, PHP and Golang as well.


I am also an avid speaker and have been invited to talk at numerous cybersecurity and development conferences including Null Delhi and Google Developers Group (GDG)

Overview

6
6
years of professional experience
1
1
Certification

Work History

Assistant Manager

Deloitte
05.2022 - Current
  • Manage multiple overseas projects with client interaction and team management
  • Create+Manage pentesting processes and coordinate between the development team and cyber security team of 10 pentesters
  • Carryout product walkthrough, Attack Surface Analysis and Threat Modeling for new features and APIs
  • Create pentest strategies for individual applications which are consumed by junior pentesters
  • Conduct Automated and Manual penetration testing exercises, including Web, API, and Mobile assessments
  • Work Extensively with BurpSuite and develop custom Burp extensions for the team
  • Automate vulnerability detection and recon process using custom Nuclei templates and Python scripts
  • Carryout Windows Active Directory pentests during Red Team exercises
  • Perform phishing attacks and provide employee training on vigilance against such attacks
  • Guide junior pentesters to become self-sufficient individual contributors on client based projects
  • Achievements: Secured first rank globally in Deloitte hackathon (Hacky Holidays) 2022.

Penetration Tester

Infosec Ventures
01.2020 - 04.2022
  • Conducted various Black Box penetration testing assessments, including web application, network, and social engineering
  • Obtained Proficiency in security tools like Kali Linux, Metasploit Framework, Burp Suite Pro, NMAP, Nuclei etc
  • Played key role in reconnaissance team for pentest projects and automated numerous Recon aspects such as Subdomain Enumeration, Asset Discovery, Secret Leakage, Directory Bruteforcing, SSL configuration audits and AWS recon and misconfigurations checks to name a few
  • Interacted with clients to explain findings to executives and developers while leading remediation and security policy meetings
  • Contributed to internal tool and script development using Bash and Python.

Web Developer (Django/Python)

Infosec Ventures
08.2017 - 12.2019
  • Developed internal tools for pentesting team to automate various stages of pentesting such as Recon, Exploitation, Reporting and Vulnerability Management
  • Was the key developer for the following B2B products developed from scratch: Security Risk Management Platform, SOAR Platform, BugsBounty Platform.

Education

Bachelors of Technology - IT -

Galgotias College of Information And Technology
01.2017

HSC -

SETH M.R Jaipuria School
06.2012

Skills

  • Penetration testing of modern web applications, APIs and Mobile application security beyond OWASP Top 10
  • Proficiency in tools such as Burp Suite Pro/Community, Sqlmap, Nmap, Hashcat, Tenable Nessus, Nikto Scanner, Metasploit, Accunetix, Directory Buster, & other open-source tools
  • Intermediate knowledge of Active Directory exploitation
  • Web development and scripting languages: PHP, Python, PowerShell, JQuery
  • Familiarity with frameworks like Django, Laravel
  • Linux and Windows operating systems expertise, including privilege escalation techniques
  • Experience with buffer overflow techniques using Immunity Debugger and Mona modules

Certification

  • Offensive Security Certified Professional (OSCP), 11/14/21
  • Lucideus Certified Ethical Hacker, 2015
  • Ducat Certified Java training, 2014
  • CETPA Certified C Training, 2014

Public Profiles

  • https://www.linkedin.com/in/soumya-singh-4b791aa9/
  • https://tryhackme.com/p/soumya

Timeline

Assistant Manager

Deloitte
05.2022 - Current

Penetration Tester

Infosec Ventures
01.2020 - 04.2022

Web Developer (Django/Python)

Infosec Ventures
08.2017 - 12.2019

Bachelors of Technology - IT -

Galgotias College of Information And Technology

HSC -

SETH M.R Jaipuria School

Similar Profiles

CREATE PROFILE
Soumya Singh