Soumya Singh
Deputy Manager
Gurugram
Summary
I am an OSCP-certified cybersecurity professional with an extensive 7+ years of experience in pentesting Web applications , Mobile applications and APIs as well as Network VAPT and exploitation. Alongside, I have a strong development background in Python wherein I have worked as a Python-Django and backend services developer for cybersecurity products giving me vast experience in developing internal security tools and B2B security products.
I possess exceptional customer interaction and communication skills with immense experience in working with clients as well as technical and managerial development teams.
Currently, I am working at Deloitte as an Deputy manager deployed at an international bank where my daily activities include hands-on Web and API penetration testing, developing and improving security automation tooling. Meanwhile, I also manage a team of 10 pentesters looking over Attack Surface Analysis and Threat Modeling for new products/features, severity assessment for identified vulnerabilities and driving remediation initiatives with development teams.
In my past projects, I have also worked in Red Team projects , Automated and Manual Network Security Assessment, Windows AD Security Pentesting and Source Code Review in Java, Python, PHP and Golang as well.
I am also an avid speaker and have been invited to talk at numerous cybersecurity and development conferences including Null Delhi and Google Developers Group (GDG)
Overview
7
7
years of professional experience
Work History
Deputy Manager
Deloitte
06.2024 - Current
- Enhanced team efficiency by optimizing processes and introducing new management strategies.
- Worked with a cross-functional team on security testing projects and automation efforts using Python and Confluence.
- Played a crucial role in leading and presenting internal knowledge-sharing meetings on attack surface management.
- Identified departmental improvement areas and implemented strategic initiatives to address performance or resource gaps.
Assistant Manager
Deloitte
05.2022 - 05.2024
- Manage multiple overseas projects with client interaction and team management
- Create+Manage pentesting processes and coordinate between the development team and cyber security team of 10 pentesters
- Carryout product walkthrough, Attack Surface Analysis and Threat Modeling for new features and APIs
- Create pentest strategies for individual applications which are consumed by junior pentesters
- Conduct Automated and Manual penetration testing exercises, including Web, API, and Mobile assessments
- Work Extensively with BurpSuite and develop custom Burp extensions for the team
- Automate vulnerability detection and recon process using custom Nuclei templates and Python scripts
- Carryout Windows Active Directory pentests during Red Team exercises
- Perform phishing attacks and provide employee training on vigilance against such attacks
- Guide junior pentesters to become self-sufficient individual contributors on client based projects
- Achievements: Secured first rank globally in Deloitte hackathon (Hacky Holidays) 2022.
Penetration Tester
Infosec Ventures
01.2020 - 04.2022
- Conducted various Black Box penetration testing assessments, including web application, network, and social engineering
- Obtained Proficiency in security tools like Kali Linux, Metasploit Framework, Burp Suite Pro, NMAP, Nuclei etc
- Played key role in reconnaissance team for pentest projects and automated numerous Recon aspects such as Subdomain Enumeration, Asset Discovery, Secret Leakage, Directory Bruteforcing, SSL configuration audits and AWS recon and misconfigurations checks to name a few
- Interacted with clients to explain findings to executives and developers while leading remediation and security policy meetings
- Contributed to internal tool and script development using Bash and Python.
Web Developer (Django/Python)
Infosec Ventures
08.2017 - 12.2019
- Developed internal tools for pentesting team to automate various stages of pentesting such as Recon, Exploitation, Reporting and Vulnerability Management
- Was the key developer for the following B2B products developed from scratch: Security Risk Management Platform, SOAR Platform, BugsBounty Platform.
Skills
- Offensive Security Certified Professional (OSCP), 11/14/21
- Lucideus Certified Ethical Hacker 2015
- Ducat Certified Java training 2014
- CETPA Certified C Training, 2014
Skills
- Penetration testing of modern web applications, APIs and Mobile application security beyond OWASP Top 10
- Proficiency in tools such as Burp Suite Pro/Community, Sqlmap, Nmap, Hashcat, Tenable Nessus, Nikto Scanner, Metasploit, Accunetix, Directory Buster, & other open-source tools.
- Web development and scripting languages: PHP, Python, PowerShell, JQuery
- Familiarity with frameworks like Django, Laravel.
- Linux and Windows operating systems expertise, including privilege escalation techniques
- Experience with buffer overflow techniques using Immunity Debugger and Mona modules
Timeline
Deputy Manager
Deloitte
06.2024 - Current
Assistant Manager
Deloitte
05.2022 - 05.2024
Penetration Tester
Infosec Ventures
01.2020 - 04.2022
Web Developer (Django/Python)
Infosec Ventures
08.2017 - 12.2019
Similar Profiles
Neo MojiNeo Moji
Junior Actuarial Analyst at DeloitteJunior Actuarial Analyst at Deloitte
Surya Mitra VedulaSurya Mitra Vedula
Business Operations Analyst at DeloitteBusiness Operations Analyst at Deloitte
PRIYANKA PAWAR VADAIGHARPRIYANKA PAWAR VADAIGHAR
AWS DevOps Engineer at DeloitteAWS DevOps Engineer at Deloitte
Richa NandRicha Nand
Senior Associate at DeloitteSenior Associate at Deloitte
Amanjot Kaur LambaAmanjot Kaur Lamba
Workday Integration Consultant at AccentureWorkday Integration Consultant at Accenture