Summary
Overview
Work History
Education
Skills
Websites
Certification
Accomplishments
Languages
Timeline
Generic

Sumit Walia

Bangalore

Summary

Dynamic Security Engineer with a proven track record at Whatfix Pvt. Ltd., excelling in SAST, DAST, and DevSecOps. Spearheaded FedRAMP compliance and AI/LLM security initiatives, demonstrating expertise in Burpsuite and public speaking. Passionately led security training, enhancing team capabilities in addressing OWASP Top 10 vulnerabilities.

Overview

4
4
years of professional experience
1
1
Certification

Work History

Security Engineer - Product

Whatfix Pvt. Ltd.
Bangalore
05.2023 - Current
  • SAST & Secure Code Review: Proficient in deep code review for Python, Java, JavaScript, C++, C#, and other languages.
    Triaged and remediated multiple SAST issues, working closely with engineering teams to ensure security fixes.
  • DAST (Dynamic Application Security Testing): Extensive experience with Burp Suite, conducting in-depth DAST scans to identify and mitigate security vulnerabilities.
  • SCA (Software Composition Analysis): Worked with JFrog Xray to detect security issues in third-party libraries and ensure dependency security.
  • Automation & DevSecOps: Integrated security tools into CI/CD pipelines to automate security testing.
    Worked on security automation for vulnerability detection and remediation. Worked with various tools and tech stacks like Jenkins, Docker, Kubernetes etc.
  • Introduced security gates: Worked on introducing checks and security gates in the Jenkins build pipeline so that security issues do not make it to the final builds. Introduced checks like secret scanning, dependency scanning, etc.
  • VAPT/WAPT (Vulnerability & Web Application Penetration Testing): Conducted penetration tests on multiple products, successfully identifying and mitigating critical vulnerabilities before release.
    Collaborated with engineering teams to prioritize and remediate security issues.
    Tools: Burp Suite, Nmap, Nessus.
  • Infrastructure & Network Security :Ensured secure infrastructure configurations and eliminated potential attack vectors.
    Worked on hardening network configurations to prevent unauthorized access.
  • Experience with Enterprise tools: Hands on experience on working with tools like Jira, Bitbucket, upguard, Cloudflare Slack and integrations of these tools.
  • FedRAMP Compliance: Worked on achieving FedRAMP compliance by implementing infrastructure hardening policies and validating security changes.
  • AI/LLM Security: Securing AI and LLM applications by addressing OWASP Top 10 LLM vulnerabilities, such as data poisoning, prompt injection, and model theft. Took lead and solely responsible for working on OpenAI model security and RAG based model testing to ensure security and legal aspects are covered.
  • Security Awareness & Training: Conducted organization-wide phishing assessments to evaluate and improve security awareness.
    Led training sessions on topics like OWASP Top 10 vulnerabilities with hands on labs to educate teams on secure coding practices.
  • Collaboration with External Security Teams: Worked closely with external penetration testing teams and addressed security queries from customers.
  • Managing VDP program: Managed the VDP program in Whatfix and triaged the issues reported by external security researchers for true and false positives.

Associate Application Security Engineer

Whatfix Pvt. Ltd.
Bangalore
05.2022 - 05.2023
  • SAST/DAST/SCA (using tools like Jfrog, Checkmarx, Burpsuite, OWASP ZAP etc.)
  • VAPT/WAPT (using tools like Burpsuite, Nmap etc.)
  • Infrastructure security (using Nessus)
  • Thick client pentesting (Windows application)
  • Security testing of existing and new features.
  • Eliminating false positives in SAST tools and worked with developer teams to get the SAST issues fixed.
  • Worked closely with development teams throughout the software lifecycle process to ensure secure coding standards are followed.
  • Monitored system logs for suspicious activity related to application security threats.
  • Documented application changes and worked on version control using tools like Git.
  • Implemented security protocols to protect applications from cyber threats.

Volunteer

DEFCON DELHI
08.2021 - 04.2022
  • Handled and supported in organizing an event called DEFCON DELHI 0X04 which was a CTF/tech talk event

Penetration Testing Intern

VTF Foundation
10.2021 - 12.2021
  • Learnt about Security bugs and their mitigations
  • Got to learn about OWASP top 10 and AI related security issues

Education

B.Tech - Computer Science & Engineering

Lovely Professional University
Punjab
08.2023

Skills

  • Red teaming
  • VAPT
  • WAPT
  • Linux administration
  • Nmap
  • Metasploit
  • Active directory pentesting
  • Exploitation and Post exploitation
  • Offensive Powershell
  • Exploitation
  • SDLC
  • Jenkins
  • Kubernetes
  • Docker
  • DevSecOps
  • Infrastructure hardening
  • Googling
  • Burpsuite
  • Owasp
  • Thick client
  • Recon/Enumeration
  • OSINT
  • AI/LLM security
  • OpenAI security
  • Application security
  • Public speaking

Certification

  • CRTP (Certified Red Team Professional): CRTP is an in-depth red teaming certification which educated the student about ins and outs of windows and active directory exploitation and post exploitation.
  • EJPT (eLearnSecurity Junior Penetration Tester)
  • Tryhackme top 1% and Top 100 in India in 2023.
  • Top position in multiple CTFs.
  • Completed many cyber security courses such as Practical Ethical hacking course from TCM sec.

Accomplishments

Spot Award, Whatfix

Languages

  • Hindi, Native or Bilingual Proficiency
  • English, Full Professional Proficiency

Timeline

Security Engineer - Product

Whatfix Pvt. Ltd.
05.2023 - Current

Associate Application Security Engineer

Whatfix Pvt. Ltd.
05.2022 - 05.2023

Penetration Testing Intern

VTF Foundation
10.2021 - 12.2021

Volunteer

DEFCON DELHI
08.2021 - 04.2022

B.Tech - Computer Science & Engineering

Lovely Professional University

Similar Profiles

CREATE PROFILE
Sumit Walia