I'm currently working as Security Software Engineer with Azure DevSec team at Microsoft. I have previously worked with FireEye Mandiant Intelligence dissecting malwares and attributing malware samples to threat groups as a Technical Intelligence Analyst. My areas of interest include container and Kubernetes security, Cloud Security, Penetration testing, Application and Network Security. In the past, I have worked with Ernst & Young for their enterprise advisory service line.
As a security engineer, I enjoy discovering security vulnerabilties, with current focus on Azure offerings, performing security reviews.
When I'm not in front of a computer screen, I'm probably playing my piano, reading about psychology or crossing off another item on my bucket list.
I’ve picked up quite a few skills during the course of my professional experiences, and aim to improve these skills everyday. Here are a few of the tools / technologies and focus areas that I have experience with:
Created threat models, security policies and CI/CD pipeline for development activities as DevSecOps. Worked with a team of doctorate level researchers and professionals to create secure lightweight protocol on top of Bluetooth stack.
The application was built as a responsive web application, compatible to be deployed as a PWA using container view for native applications on iOS and Android platforms, using the following tech stack - Python-Flask, Google Cloud, Platform Templating engine - Jinja FrontEnd, HTML + CSS ,Google Maps API, Chatbot Flow. Lex Google GeoLocation API Google Places API Google Cloud SQL Service Google GeoCoding API
Utilising blockchain for creating a decentralized malware detection system. Motivated by the fact that today's Malware detection systems and Firewalls are mode Predictable than being predictive.
Created an aggregator tool as a part of Mandiant Intelligence Company wide Intern Project, to aggregate intel from OSINT sources, internal tools and sandboxes to suggest intelligent pivots to Malware Analyst in a bid to ease their job. This is currently in production for company's internal use only and analytics data suggested a reduction of nearly 35% time an analyst previously spent on a sample.
Researched and executed red team exercises, automating using hill climbing techniques to automate and successfully discover potential flaws in autonomous vehicle simulation on TurtleBot3.