Tushar Shahi

As a Cybersecurity Engineer at Zenatix by Schneider Electric, I have driven and supported comprehensive security initiatives across application, infrastructure, and product security domains. I performed detailed penetration testing of web and API-based systems, managed vulnerability assessments, and integrated secure authentication mechanisms (OAuth2, JWT) into critical applications. I contributed to designing and executing IEC 62443-aligned test cases, ensuring compliance for industrial and IoT solutions.

Key contributions:

• Conducted end-to-end security assessments for Django/React-based platforms, focusing on robust session and role-based permission models.
• Validated OAuth2 and JWT-based authentication workflows, strengthening session security and user data protections.
• Hands-on tools like Sonarqube, SBOM, BDBA.
• Managing AWS EC2 instances and triaging of vulnerabilities provided by Inspector.
• Performed RED-DA assessments with IEC 62443 compliance mapping, building and executing relevant security test cases.
• Assessed secure file upload features in ASP-based applications with business logic and content-type validation.
• Utilized tools such as Burp Suite, Postman, Nmap, and Wireshark for security testing and vulnerability triage.
• Authored concise vulnerability triage comments and remediation plans to support DevSecOps integration.
• Contributed to security initiatives for internal events and innovation showcases, including safe video and presentation workflows.
• Supported AWS VPN, Kali Linux, and macOS secure network configurations with multi-factor authentication and endpoint hardening.
• Participated in audit-preparation and compliance reviews, ensuring thorough test coverage and risk reporting.
• Conducted regular security assessments and vulnerability scans using tools such as Nessus and Wireshark to identify potential threats.
• Collaborated with IT teams to integrate security measures into system architectures, enhancing overall network integrity and performance.

• Performed Penetration testing on various Web Application, API, Network, Android and Thick client Application.
• Performed Penetration testing for world's leading investment banking firm application's and uncovered many critical and high vulnerabilities related privilege, injection, and business logic.
• Performed Network Penetration testing on-site for a automotive company and found several Critical and High vulnerabilities.
• Created a IoT based Framework guidelines and document for a leading Network and Steel Wire company.
• Performed Penetration testing for Japanese Client and found high vulnerability on salesforce based application.
• Performed Penetration testing for India's leading IT company and uncovered may high vulnerabilities related to business logic, sessions and injection.
• Performed source code review using automated tools and manual techniques to find the flaws overlooked in the initial phases of development in a Banking company in both Web and Mobile.
• Worked on a specific IoT based projects and did Web Development for intl. clients before joining KPMG.
• Hands - on experience in reviewing and defining requirements for information security solutions and mitigation techniques.
• Performed vulnerability assessment, Patch management and penetration testing using various tools like Metasploit, Burp Suite, DirBuster, OWASP ZAP proxy, NMAP, Nessus, SQL Map, Netsparker, Kali Linux, Wire shark, fiddler.
• Done analysis of the results from penetration test to identify risks.

• Worked on migration of customer's current infra from On- Premises to Azure and worked on Azure AD and Sentinel specifically.
• Handled technical questions of clients asked during live official Azure training.
• Done analysis of the results from penetration test to identify risks.
• Conducted manual and automated security testing for web, mobile, api, thick client and network applications based on OWASP and CWE/SANS standards.
• Worked on web application related to health survey on Angular JS for a medical consultancy firm.

• Made an Automatic Question Paper Generator website based on the Django framework for Coaching Institute.
• This website takes question from database and arranges it into a question paper with pre-setup format.