Know Me More
I’m Piyush Kumawat, a Product Security Engineer
Product Security Engineer with a background in penetration testing. I have tested over 250+ applications across various domains, including web, mobile, and API. I have well-versed experience in in threat modeling and has expertise in configuring devSecOps security tools and done a security review on different cloud platforms like Azure , AWS, GCP, and Alibaba cloud.
I am passionate about ensuring the security of products and is dedicated to staying up-to-date with the latest industry trends and techniques.
Name: Piyush Kumawat
Email: piiiiyush22@gmail.com
Age: 26
From: Rajasthan, India
0
+
Years of Experience
0
+
Security Projects Completed
0
+
Security Issues Reported
0
Certifications
My Skills
Tools
Resume
My Experience
Product Security Engineer
OLA
- Perform Threat Modelling, Dynamic Application Security Testing (DAST) and Static application security testing (SAST) on Web applications of different OLA’s business groups (OLA Money, OLA Electric, OLA Mobility, OLA Avail Finance, etc.).
- Perform Web Application security assessments for identifying and remediating OWASP top 10, MITRE ATT&CK and Business Logic Vulnerabilities.
- Run scans using tools such as Burp Suite.
- Manage the Bug Bounty Process of OLA.
- Performed white box tests as per OWASP top 10 framework for Web Applications.
- Performed Automated and Manual Tests and removed False positive issues.
- Work with developers to remediate the open findings.
- Mapped the risks as per business criticality and impact of vulnerability on application.
- Raise Jira tickets which includes Description, Remediation, Steps to Reproduce and screenshots for the Reported Findings.
- Raise a Jira Ticket which provide detailed technical summary of the findings with appropriate recommendations, Steps to reproduce and Screenshots.
- Assessed the closure of security risk by conducting retest on the web applications, web services and mobile assessments.
- Managing the GDPR or PCI-DSS Audit dependencies on Application Security.
Security Services Associate Consultant
Synopsys
- Perform Dynamic Application Security Testing (DAST) for Web applications.
- Perform Web Application security assessments for identifying and remediating OWASP top 10, MITRE ATT&CK and Business Logic Vulnerabilities.
- Run scans using tools such as Burp Suite, Nessus, App Scan, Metasploit, SqlMap, Nmap, OpenVas, Dirb, Nikto and other security audittools.
- Continuously learning new technologies such as Mobile penetration testing, Secure Development, Threat Modelling and Cloud Configuration review.
- Performed black box and grey box security tests as per OWASP top 10 framework for Web Applications.
- Performed Automated and Manual Tests and removed False positive issues.
- Mapped the risks as per business criticality and impact of vulnerability on application.
- Sent daily updates of identified vulnerabilities and provided support for revalidating them in parallel with actual testing.
- Provided executive reports with detailed technical summary of the findings with appropriate recommendations.
- Assessed the closure of security risk by conducting retest on the web applications, web services and mobile assessments.
- Managing DevSecOps environment by configuring various tools such as CheckMarx, WhiteSource, and Burp in a CI/CD environment.
- Performs Cloud Configuration Review on various Cloud Platforms (AWS, Azure, GCP Ali Cloud).
Cyber Security Intern
Synopsys Inc.
- Engaged in the learning of various pen test, application stacks, working of typical N-tier application OWASP Top10 in WEB, Mobile, etc. Data flow in complex applications successfully.
- Automated different open source and paid SAST, SCA and DAST tools in Jenkins pipeline to perform a security scan efficiently on a source code base and website.
System / Network Admin Intern
Shah Technical Consultants Pvt. Ltd.
- Manages Network and Server for the Organization.
- Provide proactive solutions for the technically challenging problem of the Organization.
