bhavsec@gmail.com | linkedin.com/in/bhavsec

PROFILE


  • Senior Security Engineer with experience in Information Security, specialized in Penetration Testing (APIs, Web & Network), Offensive Security (red team activities) and Vulnerability Management.
  • Strong knowledge of security frameworks and standards such as MITRE, NIST and ISO 27001.
  • Proficient in conducting thorough vulnerability assessments, penetration testing, and security audits.
  • An author of ReconSpider an Open-Source Intelligence (OSINT) security tool on GitHub.

TECHNICAL EXPERTISE


Networking: Storage Networks, Network Security, Server Networks, IP Protocols, LAN/WAN Switching, Troubleshooting.

Security Assessment: SAST, DAST, VAPT, Open-Source Analysis, OWASP top 10, Mitre Att&ck Framework, SANS top 25.

Operating Systems: Ubuntu, CentOS, Kali Linux, MacOS, Windows Servers.

Cloud/DevOps technologies: Docker, CI /CD, Azure, Web Server, AWS Cloud, Python, Bash.

Security & Testing tools: Snyk, BloodHound, Veracode, Burp Suite, Tenable.io, Nmap, gobuster, ExtraHop, Metasploit, OWASP ZAP, Netsparker, Postman, Wireshark etc.

CERTIFICATIONS & TRAININGS


API Penetration Testing - APISEC University - Aug 2023

eCXD - eLearn Security Certified Exploit Developer - INE - April 2023

Rasta - Pro Labs - Hack The Box - Jan 2023

Offensive Security Certified Professional (OSCP) - December 2022

Dante - Pro Labs - Hack The Box - Sep 2022

Certified Red Team Professional (CRTP) - Pentester Academy - Aug 2022

eCPPT - eLearn Security Certified Professional Penetration Tester - June 2022

ThrowBack Network - AD Pentesting Network - TryHackMe - May 2022

eJPT - eLearn Security Junior Penetration Tester - INE - Jan 2022

Introduction to Azure Penetration Testing - Altered Security - Jan 2022

[SC-900] Microsoft Certified: Security, Compliance, and Identity Funtamentals - Nov 2021

Security Engineering on AWS - Amazon Web Services - Oct 2021

Foundations of Operationalizing MITRE ATT&CK - AttackIQ - Aug 2021

Splunk 7.x Fundamentals Training - Splunk Education - Jul 2021

[NSE1] Fortinet Network Security Expert Level 1: Certified Associate - Jun 2021

Cyber Security Essentials - Cisco - Jun 2021

[PCEP-30-01] PCEP - Certified Entry-Level Python Programmer - Jun 2021

[CEH V10] Certified Ethical Hacker - EC-Council - Dec 2020

MacOS for IT Administrators - LinkedIn Learning - May 2020

Unix Badge - Pentester Lab - Apr 2020

Learn HTML - Codecademy - Oct 2018

Applied CS with Android - Google - Sept 2017

C/C++, PHP, MySQL Trainings - IIT Bombay (Govt. of India) - Mar 2017

AFCEH 9.0 - Talent Edge Bangalore - Oct 2015

EXPERIENCE


Senior Security Engineer - Manulife, Toronto, Ontario, Canada - Aug 2023 - Present

  • Conduct security assessments to discover weaknesses in digital infrastructure.
  • Participating in red team exercises to simulate real-world cyber attacks.
  • Performing code reviews to evaluate application security and potential risks.
  • Simulate cyber-attacks to evaluate security measures and defenses.
  • Maintain up-to-date knowledge of the latest security threats and tools.

Senior Security Analyst - Gore Mutual Insurance, Ontario, Canada - July 2022 - July 2023

  • Ensuring patch compliance for all systems and applications.
  • Implementing and maintaining vulnerability management processes.
  • Conducting red team activities to identify and mitigate potential security threats.
  • Continuously monitor and evaluate the effectiveness of security measures
  • Focusing on web-application security to protect against cyber-attacks.

Application Security Analyst - Gore Mutual Insurance, Ontario, Canada - Aug 2021 - July 2022

  • Conducting source code reviews using Veracode and Snyk, triaging and reporting vulnerabilities, guiding developers with vulnerability remediation.
  • Performing automated and manual vulnerability assessments and penetration tests on web applications, networks and infrastructure.
  • Conducting focused research on newly identified threats and vulnerabilities.
  • Providing recommendations on system patching, hardening of web application and servers to mitigate potential risks.

Application Security Tester - Saluber MD LLC., Remote - Aug 2020 - July 2021

  • Hands-on experience in securing applications and software systems.
  • Proven ability to develop and implement security policies, procedures, and best practices.
  • Familiarity with security testing tools, such as Burp Suite and Nessus.
  • Knowledge of web application security vulnerabilities, including OWASP Top 10.
  • Thorough understanding of security protocols, encryption algorithms, and firewalls.

Network and Cyber Security Analyst - EH1 Infotech, Mohali, India - Jan 2019 - Oct 2019

  • Responsible for monitoring and debugging network connectivity issues using Wireshark for packet analysis.
  • Analyzed Security of an IT development firm, tested the vulnerabilities, securing the site from threats.
  • Configured Microsoft Windows servers, setup and deployed domain controllers, VMs & Active Directory.
  • Performed VAPT and provided recommendations to management on Security implementation.

Security Consultant Intern - Supive Technologies Chandigarh, India - Jun 2018 - Dec 2018

  • Implemented best practices of securing the overall web-applications.
  • Responsible for securing the web applications of an online business module.
  • Performing vulnerability assessment and penetration testing on projects.

VOLUNTEER EXPERIENCE


Founder and Leader - Security and Research Community - SECARMY - Feb 2019 - Jan 2020

  • Organizing Capture-The-Flag (CTF) competitions.
  • Writing security concerning blogs and posts.
  • Making podcasts with security researchers around the world.
  • Broadcasting cyber security-related conferences & webinars.

Volunteer Team Leader - Intersquad Cyber Intelligence New Delhi, India - Mar 2018 - Apr 2018

  • Worked remotely in the Security Team of Inter Squad Cyber Intelligence.
  • Tested web-applications and reported various bugs/vulnerabilities.
  • Organized a hackathon based on cybersecurity for attendees.
  • Supervise the whole conference as a team manager.

EDUCATION


Attestation of College Studies in Computer Science and Software Testing - 2020 - 2021

Matrix College of Management Technology and Healthcare Inc - Montreal, QC

  • Major in Computer Science; Minors in Software Testing
  • Cumulative GPA: 4.0/4.0; (Top 10% of class)
  • Relevant Coursework: Software Development; Operating Systems; Algorithms

Computer Engineering, Computer Science (Verified by WES) - 2015 - 2018

Chandigarh University - Punjab, India


The Tribune Newspaper - WanaCry Ransomware Research

Covered in news article on The Tribune Newspaper for spreading awareness regarding removal of WannaCry ransomware and protecting personal files by creating a system restore point.

www.tribuneindia.com

National Cyber Security Center - Reported bug in Netherlands Government Website

Bugcrowd - Hall of Fame - Reported bugs in Companies like Dell, Sophos, DarkMatter etc.

PROJECTS


Recon Spider - Open Source Intelligence Framework (GPL-3.0 License)

Recon Spider is most Advanced OSINT Framework for scanning IP Address, Emails, Websites, Organizations and find out information from different sources available on the internet about the target.

www.github.com/bhavsec/reconspider