GK
Message

Gurpreet Kaur

Remarkable 6+ years of experience in manual penetration and application testing. Profound knowledge of network architectures, operating systems, application software and cyber security tools. Huge knowledge of managing information assurance evaluation tests. Wide knowledge of scripting languages, Perl, Python. Solid understanding of information security and applied cryptographic protocols. Proficiency in scripting, Unix operating systems and windows. Ability to exploit recognized vulnerabilities.

Key Skills

Application Security
Penetration Testing
Mobile Security
API Security
Cloud Security
DevSecOps
Threat Modelling

Professional Experience

Jul 2021
Present
Senior Consultant - IT Security
BNP Paribas by MITS Consulting Mumbai, IN
  • Performed infrastructure and application penetration tests, as well as physical security review and social engineering tests for our global clients.
  • Performed application penetration tests across public and private networks.
  • Performed assessments of security awareness training using social engineering.
  • Developed testing scripts and procedures.
  • Developed and leverage custom exploits.
  • Worked on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets.
Jan 2019
Jul 2021
Sr. Security Engineer - Security Practice
CitiusTech Healthcare Technology Private Limited Mumbai, IN
  • Worked with external vendors to perform penetration tests on network devices, operating systems, databases, and Applications as necessary.
  • Created and hold workshops illustrating the state of the art of various technologies and assessment strategies.
  • Worked on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets.
  • Communicated technical vulnerabilities and remediation steps to developers and management.
  • Provided assistance to system users relative to information systems security matters.
  • Worked with application developers to validate, assess, understand root cause and mitigate vulnerabilities.
Nov 2016
Feb 2019
Security Analyst
Network Intelligence (I) Private Limited Mumbai, IN
Security testing which included

  •  VAPT, WAPT, Mobile Application security assessment, Thick-client security assessment, and API security assessment for various clients. Conducted systematic web application security assessments and penetration tests. The assessments involve manual testing and analysis as well as the use of automated web application vulnerability scanning/testing tool
  •  Carried out Configuration-Audit of network devices for various clients
  •  Application Security Assessment for a wide range of business applications in the financial /private sector domain against standards such as OWASP Top 10.
  •  Running SAST Scans, analyzing tool results of Fortify, performing SAST, Manual code review, removing false positives and preparing the appropriate reports.
  •  Creating Proof of Concept (POC) for the vulnerability findings and creating formal reports
  •  Recommend corrective measures and help the developers to patch the found vulnerabilities.
  •  Worked as a team member to carry out cyber security activities for clients in Banking, Telecom, Trading, and finance, Pharmaceutical, E-commerce, and various other industry sectors.
  •  Reporting the finding and recommendations to mitigate the identified vulnerabilities.

Education

Mar 2013
Apr 2016
Bachelors of Science -Computer Science in
University of Punjab

Certifications

OSCP (Offensive Security Certified Professional)
EC Council
Certified Ethical Hacker
EC Council

Achievements

Employee of the month
  • Performed web application, mobile application and network penetration tests.
  • Developed processes and implemented tools and techniques to perform ongoing security assessments of the environment.
  • Analyzed security test results, draw conclusions from results and developed targeted testing as deemed necessary.
  • Provided technical consultation on Security Tools and Technical Controls.
  • + Development of ‘rules of engagement’ with partners.
  • Developed security standards, policies, automation scripts.
Team Lead
  • Conducted meetings with clients and peers.
  • Recognized additional trade opportunities.
  • Outlined results and consulting on remediation.
  • Handled documentation and metrics reporting.

Hobbies & Interests

  • Reading
  • Tree Planting
  • Pet Care
  • Bug Hunting

Languages

English
(Fluent)
Hindi
(Native)
Punjabi
(Fluent)

Get in touch with Gurpreet