Suraj Biswas
Mumbai
Summary
With over 7.5 years of hands-on experience in the dynamic field of penetration testing, I’m a dedicated and results-driven Security Engineer specializing in web and mobile application security. My journey has been marked by a passion for uncovering vulnerabilities and a commitment to safeguarding digital landscapes. As a team lead, I’ve successfully led high-impact projects, delivering exceptional quality and efficiency while ensuring robust security findings.
Overview
10
10
years of professional experience
1
1
Certification
Work History
Information Security Lead
Tech Mahindra
11.2024 - Current
- Lead a cross-functional security team focusing on end-to-end application and infrastructure security.
- Apply NIST Cybersecurity Framework (CSF) to assess security posture, define controls, and guide risk-based decision-making across application and infrastructure domains.
- Ensure secure configuration of servers and systems based on CIS benchmarks and industry best practices.
- Guide the team in analyzing Security Operations Center (SOC) alerts and coordinating timely incident response.
- Collaborate with developers, infrastructure teams, and stakeholders to implement and maintain a strong security posture.
- Drive automation and integration of security tools within CI/CD pipelines for DevSecOps enablement.
Chief Manager-Risk Management
ICICI Lombard General Insurance
02.2024 - 11.2024
- Oversee VAPT activities with on-site and off-site ASLC teams for scheduled testing and change requests(SAST and DAST).
- Lead the network VAPT team in conducting automated scans and manual penetration tests using Qualys.
- Innovate security measures by exploring and implementing freeware tools like Rengine/socradar to identify vulnerabilities.
Senior Information Security Analyst
eClinicalworks Pvt Ltd
10.2020 - 02.2024
- VAPT done on over 200 web Applications, API, Thick client, Android & IOS Application SAST & DAST.
- Performed manual secure source code review of builds and Patches within secure SDLC process.
- Worked on SAST tools like Contrast, checkmarx and SonarQube.
- Designed security threat model on application's architecture, data flow, and implementation to identify potential risks and assess their impact on security.
- Managing new joiner's with there on-job training for secure SDLC.
Information Security Consultant
Qseap Infotech Pvt Ltd
05.2018 - 10.2020
- Pen-testing for web and mobile applications.
- Pen-testing API.
- Pen-testing networks Internal VAPT & External VAPT.
- Create detailed risk assessment reports which explain identified security weaknesses, describe potential business risks, present prioritized recommendations for remediation.
- Handling of various security risks with AI-powered Digital Risk Monitoring tool like xvigil.
Senior Technical Process Executive
Infosys BPM
02.2016 - 03.2018
- Perform various tasks in mainframe application like AS400
- Ensuring to resolve issues of client within SLA Outlook Express, MSOutlook, Windows mail configuration & troubleshooting
- Talk with clients through series of actions, either via phone, email or chat, until issue is been resolved.
Education
Bachelor - Engineering-Computer Science
Amravati University
01.2014
HSC - undefined
St. Mary's Convent High School and College
01.2010
SSC - undefined
St. Mary's Convent High School and College
01.2009
Skills
- Burp Suite
- Checkmarx,
- Contrast,
- SonarQube
- Frida/Ghidra
- Nmap
- Hopper
- DevsecOps
- Jira tool
- Cycript/otool
Certification
- EC-COUNCIL Certified Security Analyst - ECC2046571389 2019
- Elearn web application penetration testing xtreme (eWPTXv2) Dec 2021
LANGUAGES
English (Fluent)
Hindi (Fluent)
Marathi (Basics)
Bangali (Fluent)
Awards
- Awarded with Star performer of the year 2023.
- Worked with 100% efficiency in AI driven Apps
- Achieved Best team player award. 2019
- Participated in national and international Capture The Flag (CTF) competitions (e.g., Nullcon, HackTheBox)
STRENGTHS
- Web App/ API Penetration testing
- OWASP TOP 10
- Android and IOS apps Pentest
- Configuration Audit
- Network secure Audit
- Team Management
Timeline
Information Security Lead
Tech Mahindra
11.2024 - Current
Chief Manager-Risk Management
ICICI Lombard General Insurance
02.2024 - 11.2024
Senior Information Security Analyst
eClinicalworks Pvt Ltd
10.2020 - 02.2024
Information Security Consultant
Qseap Infotech Pvt Ltd
05.2018 - 10.2020
Senior Technical Process Executive
Infosys BPM
02.2016 - 03.2018
Bachelor - Engineering-Computer Science
Amravati University
HSC - undefined
St. Mary's Convent High School and College
SSC - undefined
St. Mary's Convent High School and College
Similar Profiles
Sandeep GinkaSandeep Ginka
Product Cost Engineer at Tech Mahindra Ltd., India & Tech Mahindra (America) Inc. USAProduct Cost Engineer at Tech Mahindra Ltd., India & Tech Mahindra (America) Inc. USA
Hemanth Kumar BangaruHemanth Kumar Bangaru
Team Lead at Tech Mahindra, Tech Mahindra Pvt LtdTeam Lead at Tech Mahindra, Tech Mahindra Pvt Ltd
Vinita HasabeVinita Hasabe
VAS Manager at Tech Mahindra Tech MahindraVAS Manager at Tech Mahindra Tech Mahindra
VISHNU RAMKISAN INGOLEVISHNU RAMKISAN INGOLE
Senior Network Engineer at Tech Mahindra, Payroll by RLAB (Client- Mahindra & Mahindra)Senior Network Engineer at Tech Mahindra, Payroll by RLAB (Client- Mahindra & Mahindra)
Bhoomi KumbhaniBhoomi Kumbhani
Clinical Physiotherapist at Umiya Physiotherapy ClinicClinical Physiotherapist at Umiya Physiotherapy Clinic