Summary
Overview
Work History
Education
Skills
Platforms
Certification
Accomplishments
Timeline
Generic

SURAJ BISWAS

Mumbai

Summary

  • Cybersecurity professional with 8+ years of hands-on experience, specializing in Application and Infrastructure Security, with expertise in VAPT, SAST, and DAST across 200+ web, API, mobile (Android/iOS), and thick client applications, ensuring the protection of sensitive customer data and secure application delivery.
  • Skilled in enabling DevSecOps practices by integrating and automating security controls within CI/CD pipelines, leveraging tools such as Checkmarx, SonarQube, and Contrast, resulting in early vulnerability detection and accelerated secure releases.
  • Hands-on experience in enhancing cloud security and threat visibility, implementing AWS-native security controls and tools like Rengine, SOCRadar, and xVigil to strengthen attack surface monitoring and proactive risk identification.
  • Implemented risk-based security governance aligned with NIST CSF, performing risk assessments, threat modeling, and secure design reviews, and collaborating with cross-functional teams to embed security across SDLC and enterprise infrastructure.
  • Strengthened incident detection and response capabilities through SOC validation and threat analysis using Splunk (SIEM), improving log correlation, threat detection efficiency, and incident response effectiveness.

Overview

10
10
years of professional experience
1
1
Certification

Work History

Information Security Lead

Tech Mahindra
Mumbai
11.2024 - Current
  • Led and mentored team of 7 information security professionals, enhancing security operations, SAST, DAST, and infrastructure security assessments, resulting in improved overall security posture.
  • Enabled DevSecOps practices by automating and integrating security tools within CI/CD pipelines, enhancing early vulnerability detection and secure deployments.
  • Enhanced incident response through SOC validation and threat analysis using Splunk (SIEM) and log analysis, resulting in more effective threat management.
  • Implemented NIST CSF, enabling risk assessments and governance across applications and infrastructure.
  • Strengthened system security by enforcing OS hardening using CIS benchmarks.
  • Collaborated with cross-functional teams to integrate security best practices, reinforcing secure SDLC and operational security across development and infrastructure.

Chief Manager

ICICI Lombard General Insurance
Mumbai
02.2024 - 11.2024
  • Enhanced vulnerability detection and remediation efficiency by leading network VAPT initiatives, integrating automated scanning and manual penetration testing with Qualys to identify critical security gaps and improve response times.
  • Strengthened application security by overseeing VAPT across ASLC teams, ensuring timely SAST and DAST for releases and changes that reduced security risks.
  • Increased threat visibility and proactive risk identification by implementing innovative security tools (e.g., Rengine, SOCRadar), which optimized vulnerability discovery and monitoring capabilities.
  • Enhanced AWS cloud security by driving adoption of cloud-native security controls and best practices.

Senior Information Security Analyst

eClinicalworks Pvt Ltd
Mumbai
10.2020 - 02.2024
  • Performed end-to-end Secure SDLC (SSDLC) validation by reviewing functional/design requirements in JIRA, conducting manual secure code reviews on recent commits, executing DAST post-deployment via Jenkins, and ensuring timely remediation of vulnerabilities prior to production release.
  • Enhanced overall application security by conducting VAPT on 200+ web, API, thick client, Android, and iOS applications using SAST and DAST.
  • Improved static analysis coverage by utilizing SAST tools (Contrast, Checkmarx, SonarQube) to identify and remediate security flaws early.
  • Mitigated design-level risks by developing threat models based on application architecture, data flow, and implementation.
  • Built team capability by onboarding and training new joiners on secure SDLC practices.

Information Security Consultant

Qseap Infotech Pvt Ltd
Mumbai
05.2018 - 10.2020
  • Performed penetration testing on web and mobile (Android/iOS) applications, identifying vulnerabilities across OWASP Top 10, authentication flaws, and business logic issues.
  • Conducted API security testing (REST/SOAP) by assessing authentication, authorization, input validation, and data exposure risks.
  • Executed Internal and External Network VAPT, including scanning, enumeration, exploitation, and post-exploitation activities.
  • Monitored and mitigated external cyber risks using xVigil (AI-powered Digital Risk Monitoring), tracking attack surface exposure and threat intelligence.

Senior Technical Process Executive

Infosys BPM
Pune
02.2016 - 03.2018
  • Resolved client issues within SLA for Outlook Express, MS Outlook, and Windows mail configuration.
  • Talk with clients through series of actions, either via phone, email or chat, until issue is resolved.
  • Perform various tasks in mainframe application like AS400.

Education

Bachelor - Engineering in Computer Science

Amravati University
05-2014

Skills

  • Application Penetration Testing (Android, IOS, Web)
  • SAST/DAST/Secure Code Review
  • Information Security Policies and Procedures
  • Network Security/ Secure Architecture- NIST CSF
  • Compliance - GDPR, HIPAA, PCI-DSS
  • Risk Management/ Vulnerability Management
  • Cloud Security (AWS)/Secure Storage Config
  • Devsecops/SSDLC
  • Process Management- Jira Tool
  • Threat Modeling- STRIDE Framework

Platforms

  • Web/ Mobile Appsec Tools: BurpSuite, Fiddler, Eco Mirage, Postman, Mobsf, Magisk, Frida/Ghirda, Jadx- gui, Apktool, keytool, jarsigner, jadx-gui, hopper, dex2jar
  • VAPT: NMAP, Nessus, Metasploit Framework, Acunetix, OWASP Dependency checker, Wireshark
  • DevSecOps: Java, C++, CheckMarx, SonarQube, Contrast, Jira, Git Leaks, Bit Bucket, Trivy, SBom

Certification

  • EC-COUNCIL Certified Security Analyst, ECC2046571389, 01/01/19
  • EWPTXv2, 1960460, 12/01/21

Accomplishments

  • Awarded with Star performer of the year 2023(eClinicalWorks).
  • Worked with 100% efficiency in AI driven Apps.
  • Achieved Best team player award, 2025(TechM).
  • Participated in national and international Capture the Flag (CTF) competitions (e.g., Nullcon, HackTheBox).

Timeline

Information Security Lead

Tech Mahindra
11.2024 - Current

Chief Manager

ICICI Lombard General Insurance
02.2024 - 11.2024

Senior Information Security Analyst

eClinicalworks Pvt Ltd
10.2020 - 02.2024

Information Security Consultant

Qseap Infotech Pvt Ltd
05.2018 - 10.2020

Senior Technical Process Executive

Infosys BPM
02.2016 - 03.2018

Bachelor - Engineering in Computer Science

Amravati University

Similar Profiles

CREATE PROFILE
SURAJ BISWAS