Mahendra Kumawat

Experience

• 

  Niksun

  Oct 2010 - Aug 2012

  Junior Software Engg.

  IDS team member:Developed rules for different vulnerabilities in popular products. Familiar with snort internals, sql injection, cross site scripting, Directory traversal, buffer overflow, type vulnerabilities. Good understanding with IDS technique, requirements, establishment, position in network. DAR signature:Developed signature for XMPP, AIM. Also did verification work for protocols like fasttrack, visa. Currently working on signatures for iphone applications like Youtube, Googlemap. Basic understanding of mercury(scanning engine for DAR signatures and and core platform on which niksun appliances work). Show less

• 

  IBM

  Aug 2012 - Jun 2015

  Application Security Specialist

  Responsibilities:Responsible for vulnerability assessment and penetration testing for Airtel intranet and internet applications like Airtel.in using security tools and manual approachEducate project team about vulnerability and find the way to close raised vulnerabilityLead Investigation/Analysis regarding fraud and incidentsMitigated attacks called over client infrastructure and Major WebsitesAcquired sound understanding of attacks seen over the Internet, root cause analysis and mitigation strategiesDocumentation of all findings during the security assessment in reports and consult with clientUndertook functioning of exploits and their impact on the systems & applications by log analysisWorked as Change manager for 6 months to manage security process for changes/enhancements on existing applications for Bharti and Infratel accounts in India, Srilanka, Bangladesh, AfricaI was responsible to coordinate with different project teams to get initial understanding of the changes/enhancementAssign the changes/enhancement to a suitable team member for security validationAfter validation give final approval in toolHandle client and IBM internal queries regarding security process and technical fundamentals use during security validationParticipated in CERT drill:Participated in CERT drill for SriLanka & India and got client appreciation on successfully completion of the activity. I have analyzed & validated the logs shared by the Srilanka team for a fraud activity. The analysis of fraud was completed properly by finding the real culprit & the malicious activity that the culprit has conducted during fraud. Show less

• 

  Wipro Consulting

  Jun 2015 - Jan 2018

  Information Security Consultant

  Being a part of Wipro Consulting, have worked on multiple projects for multiple clients within different industries like Banking/Finance, Telecommunications, Airlines, Oil etc.Hands on experience in Security Design Review, Web application Vulnerability Assessment, Penetration Testing, Mobile application vulnerability assessmentConducted Web application penetration testing of 250+ business applications and 5+ Android applicationsConducted security assessment for networks infrastructurePrepared penetration testing, Web application assessment, and Mobile application assessment methodology documentsAcquainted with various approaches to Grey & Black box security testingSkilled using Burp Suite, IBM App Scanner, NMAP, Nessus, Kali Linux, SQLMap, metasploit Pro for web application penetration tests and infrastructure testingConducted Android applications using Genymotion, Andriod SDK, ADB etc.Identification & exploitation of potential vulnerabilities across the network and applications and suggestion for controls to mitigate them.Conduct penetration testing of networks devices and servers to full fill PCI DSS requirements for lot of clientsExperience of validating REST/Web ServicesExperience of reviewing dynamic scan result and execute manual test to verify and eliminate false positivesKnowledge of security code reviewPrepare vulnerability and remediation reports and distribute with leadership and application ownersMaturing the overall security posture of an organizationConducting interviews Show less

• 

  Accenture

  Jan 2018 - Jun 2019

  Technical Architect
• 

  Genpact

  Jun 2019 - now

  • Senior Manager

    Sept 2021 - now

  • Manager

    Jun 2019 - Oct 2021