Debashish Tripathy

Experience

• 

  Cyberops Infosec LLP

  May 2019 - Jul 2019

  Infosec Analyst and Researcher

  1. Had the responsibility for carrying out security assessments of various vendors.2. Made descriptive audit reports for the security assessments of the website.3. Involved in Cybercrime Investigations.

• 

  Deccan Infotech (P) Ltd

  Jul 2020 - Jan 2021

  Security Enginer

  1. Had responsibility for carrying out security assessments of the web application and network for various government clients.2. Performed the web application and network security assessment using automated tools and manual testing.3. Made audit reports according to OWASP top 10 standard for the security assessment conducted on the websites4. Explained various government clients' security assessment reports and helped them with vulnerability mitigations.

• 

  Indusface

  Jan 2021 - Aug 2022

  Associate MSS Engineer

  1. Systematic web application security assessments. The assessments involve manual testing and analysis as well as the use of automated web application vulnerability scanning/testing tools.2. Conduct POC for web application and network vulnerabilities by utilizing penetration skills.3. Communicating to the clients about the vulnerabilities and their remediation.4. Well-versed with OWASP Top Ten Web API and Mobile.5.Create custom rules and signatures for WAF.

• 

  Gainsight

  Aug 2022 - now

  1. Spearheaded application security releases by finding vulnerabilities in accordance to OWASP which significantly enhanced software security and integrity of the application.2. Utilised tools like Sonarcloud and Checkmarx to identify and triage high severity issues like SQL injection, Second order SQL Injection, SSRF, Cross Site scripting, which resulted in significant improvement of code quality.3. Utilised Snyk for software composition analysis (SCA) to identify and remediate vulnerable third-party libraries, resulting in a significant reduction in dependency-related vulnerabilities across applications.4. Streamlined repetitive security tasks through advanced scripting, boosting operational efficiency5. Improvised Qualys tool capabilities, optimising scanning quality, increasing scan coverage and effectiveness. Show less 1. Orchestrated security assessments of web applications to identify vulnerabilities according to OWASP top 10 and further mitigating them within a timely manner. This enhanced the security and integrity of software applications.2. Employed Qualys and Burpsuite to identify and verify vulnerabilities in web applications, collaborating with developers to ensure timely fixes, which improved the application security.3. Utilized subdomain enumeration scripts like sudomy, tugarecon to identify subdomains and further using tools like subjack and subzy to identify subdomains that were possible for takeover4. Utilised OSINT technologies to identify misconfigured endpoints which possessed very significant risks. Show less

  • Information Security Engineer

    Mar 2024 - now

  • Associate Information Security Engineer

    Aug 2022 - Mar 2024