Summary
Overview
Work History
Education
Skills
Certification
Awards
Publications
Personal Information
Languages
Timeline
Generic

Vivek Panday

Delhi

Summary

Highly motivated Cybersecurity Engineer with 4+ years of hands-on experience safeguarding IT infrastructures across government, banking, and the textile industry. Conducts comprehensive Vulnerability Assessments and Penetration Testing (Web, Mobile, and Network) and implements advanced security solutions to mitigate risks. Proficient in industry-leading tools like Metasploit, Nmap, BurpSuite, and Nessus. Proven track record of identifying critical vulnerabilities aligned with OWASP standards (e.g., SQL Injection, XSS). Acknowledged in the Hall of Fame by 80+ companies including Tesla, Microsoft, and Oracle. Discovers multiple Common Vulnerabilities and Exposures (CVEs) such as CVE-2022-25045, CVE-2020-36056, CVE-2020-36064, and CVE-2020-36062. Committed to staying ahead of emerging threats and continuously enhancing security frameworks to ensure integrity and confidentiality of digital assets.

Overview

4
4
years of professional experience
1
1
Certification

Work History

Security Engineer

TAC InfoSec Pvt Ltd.
01.2024 - 04.2024
  • Performing comprehensive Vulnerability Assessments within different domains, including Web Application Penetration Testing, Mobile Application Penetration Testing, and Network Penetration Testing across a wide range of sectors such as government projects, client-side engagements, and the textile industry and Banking Projects.
  • Identified weaknesses and vulnerabilities in network systems.
  • Identified critical application vulnerabilities aligned with OWASP standards, including SQL Injection, Cross-Site Scripting, and Improper Error Handling. Conducted comprehensive security testing for web applications, utilizing both manual and automated methods.
  • Identified critical weaknesses in systems through thorough penetration testing, leading to improved defenses.
  • Diligently worked on identifying and eliminating False Positives to ensure the accuracy and reliability of assessment report.Reviewed final reports meticulously, guaranteeing completeness and accuracy before demonstrating and sharing findings with clients across various sectors, including government projects, client-side engagements, the textile industry, and banking projects.
  • Provided detailed reports of assessment findings and recommended solutions, contributing to informed decision-making processes.
  • Conducted regular vulnerability scans to maintain up-to-date knowledge of potential threats and system weaknesses.
  • Enhanced network security by performing comprehensive vulnerability assessments and penetration tests.

Cyber Security Associate

Sveltetech Technology Pvt. Ltd
04.2021 - 01.2024
  • Created vulnerability testing reports and distributed findings to clients while providing appropriate recommendations. Ensured accurate identification and elimination of false positives. Reviewed final reports before presenting findings to clients.
  • Utilized vulnerability testing results to generate comprehensive reports with recommendations for clients. Facilitated timely distribution of findings. Verified accuracy by identifying and eliminating false positives.
  • Provided clients with detailed vulnerability testing reports, including appropriate recommendations. Scrutinized final reports for accuracy prior to demonstrating and sharing findings.
  • Identified critical weaknesses in systems through thorough penetration testing, leading to improved defenses.

Cyber Security Internship

Noida Cyber Cell Police
09.2020 - 11.2020
  • Acquired comprehensive theoretical and practical knowledge of CEH AND ESCA through internship
  • Successfully executed manual web application penetration testing techniques
  • Contributed to multiple web application penetration testing projects
  • Explored new technologies and approaches to streamline processes.
  • Generated reports detailing findings and recommendations.

Cyber Security Summer Internship

Gurugram Cyber Cell Police
06.2020 - 07.2020
  • Acquired extensive knowledge and understanding of cyber security concepts and theory during an internship under the guidance of Mr. Rakshit Tandon, Director Executive Council-Council of Information Security.
  • Developed familiarity with various cyber security principles, tools, and techniques, including cloud technology like virtualization and Linux.
  • Demonstrated expertise in investigating social media crimes, email crimes, website hacking, and ensuring their respective securities.
  • Generated reports detailing findings and recommendations.

Education

Bachelor of Computer Applications -

IEC University
Himachal Pradesh, India
07.2021

Diploma [ Polytechnic Engineer's Degree ] in Electrical Engineering -

Himalayan University
Arunachal Pradesh
07.2018

10TH Passed -

C.B.S.E Board
New Delhi, India
04.2014

Certified Information Security Consultant Pro - 6 Months -

Institute of Information Security (IIS)
New Delhi, India
01.2020

Skills

  • Platform: Windows XP/7/8/81/10, Linux, Ubuntu, Debian
  • Networking: LAN / WAN , VPN, TCP/IP, 100BaseT Ethernet, NAT, Firewall, Routers & Switches
  • Penetration Testing: Information gathering, Enumeration Services, Banner Grabbing, Vulnerabilities Analysis, Knowledge of OWASP Top 10, Web Application Attacks, Password Attacks, Privilege Escalation
  • Security Tools: The Metasploit Framework, Nmap, BurpSuite, Nessus, Acunetix, invicti, Nikto, Dirsearch, Paramspider, HTTPX, Subfinder, Hydra OWASPZAP, DirBuster, WP-Scan, Dnsenum, WireShark And Many More
  • Android: APKTool, ADB, JADx, MobSF, Genymotion, AndroBugs Framework, Qark, Dex2jar, Frida, Drozer

Certification

  • Certified Ethical Hacker - EC-Council
  • Certified Information Security Consultant - Institute of Information Security (IIS)
  • Offensive Bug Bounty Hunter 2.0 - HackersEra Cyber Security Consultancy and Training Pvt Ltd
  • Cyber Security Foundation - CSFPC - CertiProf
  • ICSI | CNSS Certified Network Security Specialist - ICSI (International CyberSecurity Institute), UK

Awards

  • Bounty and Hall of Fame by Tesla
  • Bounty and Acknowledged by Spreaker
  • Bounty and Hall of Fame by Oppo
  • Hall of Fame by Microsoft
  • 350th Times Appreciation & Acknowledged by NationalCritical Information Infrastructure Protection Centre (Indian Government) [Reported Several Vulnerabilities on Indian Govt. sites]
  • Got listed in NCIIPC India (A unit of NTRO) Newsletter Top 15 Security Researchers From INDIA
  • Hall of Fame by Netflix
  • Hall of Fame by Philips
  • Hall of Fame by The United Nation
  • Hall of Fame by Oracle
  • Hall of Fame by Seagate Technology
  • Hall of Fame by Tenable
  • Hall of Fame by Bitdefender
  • Hall of Fame by SAP
  • And I Have a Hall of Fame More Than 80 Plus Companies Along With It for Finding Out Vulnerabilities In Their Organization

Publications

  • CVE-2022-25045 - CVE Mitre - Home Owners Collection Management System v1.0 Was Discovered to Contain Hardcoded Credentials Which Allows Attackers to Escalate Privileges and Access The Admin Panel.
  • CVE-2020-36056 - CVE Mitre - Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.09_55 was Discovered to Contain a Cross-Site Scripting (XSS) Vulnerability via the Ping Diagnostic Option.
  • CVE-2020-36064 - CVE Mitre - Online Course Registration v1.0 Was Discovered to Contain Hardcoded Credentials Which Allows Attackers to Escalate Privileges and Access The Admin Panel
  • CVE-2020-36062 - CVE Mitre - Dairy Farm Shop Management System v1.0 Was Discovered to Contain Hardcoded Credentials Which Allows Attackers to Escalate Privileges and Access The Admin Panel.

Personal Information

Date of Birth: 12/07/1997

Languages

Hindi
Bilingual or Proficient (C2)
English
Advanced (C1)

Timeline

Security Engineer

TAC InfoSec Pvt Ltd.
01.2024 - 04.2024

Cyber Security Associate

Sveltetech Technology Pvt. Ltd
04.2021 - 01.2024

Cyber Security Internship

Noida Cyber Cell Police
09.2020 - 11.2020

Cyber Security Summer Internship

Gurugram Cyber Cell Police
06.2020 - 07.2020

Bachelor of Computer Applications -

IEC University

Diploma [ Polytechnic Engineer's Degree ] in Electrical Engineering -

Himalayan University

10TH Passed -

C.B.S.E Board

Certified Information Security Consultant Pro - 6 Months -

Institute of Information Security (IIS)
  • Certified Ethical Hacker - EC-Council
  • Certified Information Security Consultant - Institute of Information Security (IIS)
  • Offensive Bug Bounty Hunter 2.0 - HackersEra Cyber Security Consultancy and Training Pvt Ltd
  • Cyber Security Foundation - CSFPC - CertiProf
  • ICSI | CNSS Certified Network Security Specialist - ICSI (International CyberSecurity Institute), UK
Vivek Panday