Avneel Prabhu

Information Security Analyst

E +91 7972983499/+91 9823610536  Prabhuavneel@gmail.com  Mumbai, Maharashtra

SUMMARY SKILLS
7 years of experience in Information technology which includes 4 years
Active Directory CRTP OSCP
as Information Security Analyst and 3 years as Network Engineer.

Prime clientele includes security testing (Web/mobile/API/VAPT and CISSP CEH Code Review
Thickclient) for :-

Multiple Government and Private Bank Configuration Review API

Multiple Government and Private applications
Multiple ecommerce applications Red Team DevSecOps
ATM Auditing

Worked on Nessus Professional, Qualys guard and Tenable Active Disaster Recovery Risk Management
Directory. Burp suite professional and has knowledge about security
center basics. Firewall Configuration Golang
Familiar with Source code tools Checkmarx, Fortify and SonarQube.
Working Knowledge about source code review for Java Script, Asp.net, Information Security Javascript
Ruby, Golang, PHP and Python.
Linux SoupUI Nessus
Experience in Compliance and Configuration Review of Server,
Database, Operating System.
Network security Open Source
Well versed with Security Assessment methodologies like OWASP
Mobile ,API and Web Top 10 ,WASC, SANS. OWASP Top 10 PHP Python

Performing Red Team activity with Caldera C2 framework and handson

on Gophish, Evilginx2, AWS and terraform.
Ruby SonarQube Postman

Hands-on Knowledge in REST-API and Web Services, using Postman Switches Web Services
and SoupUI.
Burp Suite Terraform

EXPERIENCE
Senior Information Security Analyst PROJECTS
Prime Guardian Cyber Security Services Vulnerability Assessment and
2023 - Present Saudi Arabia
Network Penetration Testing -
• Team Leading with Six-person team, including myself.
• Attend conference calls with the application owners to perform initial Internal/External
data gathering and follow-up advisory for technical issues along Multiple Banking Clients in Mumbai(India) and
with status update. Riyadh(saudi arabia)
• Understanding of impact and classification with assignment of risk • Internal/External Vulnerability Assessment
severity.
for network.
• Executive summary report preparation and verification. • Network Penetration for internal as well as
knowledge of Security Architecture Review and Auditing.
external network devices and servers.
• Building, Co-ordinating and Implementing the knowledge base for • Identifying vulnerabilities and determining
Manual test cases for Web Applications, Mobile Applications and
gaps in the network from a best security
Network/Infrastructure VA/PT in form of a checklist.
standpoint.
• Ability to analyse root cause and deliver strategic recommendations • Suggesting remediation recommendations
during security reviews.
to mitigate identified vulnerabilities.
• Handling Ad HOC activities on premises and over all server VAPT • Providing comprehensive evaluation of
with infra and app servers.
overall application security posture.
• Vulnerability Assessment and Network Penetration Testing -
Internal/External.
• Web & Mobile Application Assessment - Black and Grey Box
• Vulnerability Assessment and Network Penetration Testing -
Internal/External.
• Web Services vulnerability assessment both grey box and black box
approach.

www.enhancv.com Powered by


EXPERIENCE PROJECTS
Information Security Analyst Web & Mobile Application
Qseap Infotech Assessment - Black and Grey Box
2020 - 2023 Navi Mumbai Multiple Banking Clients in Mumbai(India) and
• Conducted systematic web application security assessments and Riyadh(saudi arabia)
penetration tests. The assessments involve manual testing and • Walkthrough of the application, its
analysis as well as the use of automated web application functionality and business flow.
vulnerability scanning/testing tools. • Prepare threat profile for the application
• Conducted External/Internal Vulnerability assessment using Nessus based on the functionalities and
and Nessus security center. technologies.
• Application Security Assessment for wide range of business • Perform application security assessment
applications financial/government/Insurance and Pharma domain • Prepare detailed report of the Assessment.
against standards such as OWASP Top 10. • Discuss the vulnerabilities and its possible
• Proficient in understanding and executing application-level solution with developers, solution architect,
vulnerability attacks like - XSS (Cross Site Scripting), SQL injection, and product managers.
CSRF (Cross Site Request Forgery), Session Hijacking, Variable
Manipulation, Privilege escalation, Authorization Bypass, Weak
Cryptography, Authentication flaws etc. Vulnerability Assessment and
• Creating Proof of Concept (PoC) for the vulnerability findings and Network Penetration Testing -
creating formal reports. Internal/External
• Recommend corrective measures and ensure the adequacy of
existing information security controls. Develop risk remediation plans Multiple Banking Clients in Mumbai(India) and
and security procedures. Riyadh(Saudi Arabia)
• Assists in development and implementation of technical security • Internal/External Vulnerability Assessment
policies. for network.
• Network Penetration for internal as well as

Network Engineer external network devices and servers.

• Identifying vulnerabilities and determining
TATA Communications gaps in the network from a best security
2017 - 2019 Mumbai standpoint.
• Managing firewall creating rules and providing access to clients. • Suggesting remediation recommendations
• Responsible for solving networking, server, switches tasks on daily to mitigate identified vulnerabilities.
basis. Working on firewall, solving client’s problem related to • Providing comprehensive evaluation of
computers remotely or going on site. overall application security posture.
• Managing server logs, monitoring firewall and servers. Repairing
hardware parts of computers, installation of windows, Linux Web Services vulnerability
operating system on client’s computers.
• Troubleshooting, diagnosing and resolving hardware software, assessment both grey box and
network and system problem. black box approach
• Performing disaster recovery operations and data backups when
Multiple Banking Clients in Mumbai(India) and
required.
Riyadh(saudi arabia)
• Maintaining and administering computers networks and related
• Web service to understand the
computing environments including systems software, applications
software, hardware and configurations. architecture/vulnerabilities undergoing for
the application.
• Checking all the possible vulnerabilities of
the web service and create test cases and
EDUCATION test plans.
• Detecting Bugs, classified them depending
Bachelors of Engineering in Computers on Severity and maintain the
Pune University CVE/CWE/CVSS.
• Handling the issues till closer by performing
2011 - 2016
revalidation and reassessment.

CEH (Certified Ethical Hacker v 9.0)

from EC-Council PASSIONS
2016

⦁CRTP (Certified Red Team Professional)

 Hall of fame from Ibotta -
Hackerone
Do Bug bounty from open source
from Pentester Academy
platforms like hackerone, bugcorwd,
2022 intrigrity.
Done Various freelancing project in VAPT
OSCP (Offensive Cyber Security Professional) Hacking for knowledge, VAPT,Source
code analysis
from OffSec
Playing Football,Treking, Basketball
2023 CISSP Certified Information Security
system professional - Pursuing

www.enhancv.com Powered by