profile-pic

Vivek J Purkayastha

Vetted Talent

Vivek J Purkayastha

Vetted Talent
With over 7 years of experience in the field, I have developed a strong expertise in web application security, cloud security, SAST tools, and Python programming. Throughout my career, I have been dedicated to ensuring the protection and integrity of web applications, particularly in the face of evolving cyber threats. My proficiency in cloud security allows me to effectively assess and mitigate risks associated with cloud-based platforms, while my knowledge of SAST tools enables me to identify and address vulnerabilities in software code. Additionally, my proficiency in Python programming enables me to develop robust and secure applications. Through my comprehensive skill set and years of experience, I have consistently delivered secure and reliable solutions to protect organizations from potential security breaches.
  • Role

    Product Security Engineer

  • Years of Experience

    7 years

Skillsets

  • Web application security - 7 Years
  • Cloud Security - 7 Years
  • SAST tools - 7 Years
  • Python Programming - 3 Years
  • Security Operations Center (SOC) - 2 Years
  • Threat Modelling - 5 Years
  • Penetration Testing - 5 Years
  • Update the threat model and implement mitigations. - 5 Years

Vetted For

7Skills
  • Roles & Skills
  • Results
  • Details
  • icon-skill_image
    Product Security EngineerAI Screening
  • 56%
    icon-arrow-down
  • Skills assessed :Familiarity with fintech., open source contributions, Conduct design reviews, identify threats and suggest mitigations, penetration tests, SOC2/1 audits, Update the threat model and implement mitigations.
  • Score: 56/100

Professional Summary

7Years
  • Sep, 2023 - Present1 yr 4 months

    Senior Product Security Engineer

    Sprinklr
  • Oct, 2021 - Sep, 20231 yr 11 months

    Technology Security Analyst

    Accenture
  • Oct, 2019 - Sep, 20211 yr 11 months

    Security Analysis Analyst

    NTT DATA
  • Feb, 2017 - Aug, 20192 yr 6 months

    Technical Associate Engineer

    IBM India Pvt Ltd

Applications & Tools Known

  • icon-tool

    Azure 500

  • icon-tool

    Azure 900

  • icon-tool

    Azure Security Centre

  • icon-tool

    WebPT

  • icon-tool

    Splunk Security

  • icon-tool

    Nessus

  • icon-tool

    IAM

  • icon-tool

    Metasploit

  • icon-tool

    BirpSuite

  • icon-tool

    DirBuster

  • icon-tool

    OWASP

  • icon-tool

    Zap Proxy

Work History

7Years

Senior Product Security Engineer

Sprinklr
Sep, 2023 - Present1 yr 4 months

    Responsibilities-

    As a Senior Product Security Engineer, I am deeply involved in advancing product security and elevating security programs. My role focuses on enabling development teams to enhance the security of their applications and infrastructure throughout the software development lifecycle, thereby safeguarding millions of users globally.

    • Security Tool Automation: Spearheading the development and implementation of automated security tools to streamline and enhance security processes.
    • Security Architecture Review:Conducting thorough evaluations of platform and service designs to ensure robust security architecture.
    • Engineering Team Empowerment:Actively working with engineering teams to integrate security best practices into their development processes.
    • Collaborative Security Uplift:Partnering with security teams and leadership to drive improvements in our security programs.
    • Project Leadership and Mentorship:Leading significant security projects from inception to execution while mentoring fellow security engineers.
    • Stakeholder Engagement:Serving as a subject matter expert for stakeholders and engineering teams, guiding them in security-related matters.

    DevSecOps and Security Automation:

    • DevSecOps Integration: Implementing DevSecOps practices to ensure secure continuous integration and deployment.
    • Security Pipeline Development:Creating security pipelines for automated code analysis and vulnerability assessment.
    • Infrastructure Security:Applying security best practices in 'Infrastructure as Code' environments.
    • Automated Security Incident Response:Developing automated responses for common security incidents.

Technology Security Analyst

Accenture
Oct, 2021 - Sep, 20231 yr 11 months

    Responsibilities-

    • Apply security, risk & compliance management & risk management methodologies and conduct web application vulnerability assessment and threat modeling, secure code reviews on the applications
    • Perform source code review in Java, .Net & Python to find out the errors, and review information security solutions requirements & mitigation techniques
    • Emphasise on both manual & automated security testing for web, mobile applications based on OWASP
    • Manage vulnerability assessment, patch & penetration testing using Metasploit, Burp Suite, DirBuster, OWASP ZAP proxy, NMAP, Nessus, SQL Map, Kali Linux & Wireshark tools
    • Orchestrate static application security testing & dynamic application security testing for projects
    • Respond to client queries on cyber security practices & compliance mapping requirements

Security Analysis Analyst

NTT DATA
Oct, 2019 - Sep, 20211 yr 11 months

    Responsibilities-

    • Provided information security and threat management for the Healthcare Domain, and implemented cyber security protocols for the organization
    • Analysed network data & system, designed & implemented security solutions infrastructure, and provided engineering support to operate critical mission services
    • Coordinated with analysts & designers for producing detailed specifications to secure data & maintain privacy
    • Tested various applications, performed penetration testing, and crosschecked vulnerabilities before going live
    • Prepared reports on security breaches, and maintained the smooth running of the systems after successful installation

Technical Associate Engineer

IBM India Pvt Ltd
Feb, 2017 - Aug, 20192 yr 6 months

    Responsibilities-

    • Played a vital role in accomplishing a project for WPP, consisting of 400 child companies
    • Provided solutions through best server securing methods to the clients with complex technical issues
    • Offered support & solutions for better output structure under pre-determined service level agreements
    • Managed on-boarding process & provided training to the junior tech support specialists
    • Worked with resolver groups on L1 support for security

Major Projects

6Projects

SAAS PRODUCT

Sprinklr
Sep, 2023 - Present1 yr 4 months
    • Spearheading security automation: Integrating DevSecOps practices into the development pipeline, embedding security throughout the SDLC.
    • Proactive vulnerability detection: Utilizing SAST and SCA tools to identify and address security risks before deployment.
    • Streamlined security processes: Optimizing and automating routine tasks, minimizing human error and maximizing efficiency.
    • Culture shift towards security: Fostering a security-conscious development environment for robust product integrity.
    • Ensuring resilience in the digital age: Protecting products in a dynamically evolving digital landscape.

Automotive Security

Accenture
Dec, 2022 - Sep, 2023 9 months
    • Fortified systems: Developed and implemented robust threat modeling and TARA assessments for connected vehicles.
    • Proactive & meticulous: Identified, quantified, and addressed potential threats before attackers strike.
    • Risk-based prioritization: Conducted TARA assessments to prioritize mitigation strategies based on threat likelihood and impact.
    • Future-proofed resilience: Prepared systems for evolving security challenges in the connected and automated driving landscape.
    • Enhanced user safety & privacy: Strengthened overall security posture, protecting drivers and their data in the digital age.

Ecommerce Application

Accenture
Jun, 2022 - Oct, 2022 4 months
    • Double-layered defense: Implemented SAST and DAST tools to catch vulnerabilities in code and real-world scenarios.
    • Proactive mitigation: Identified and addressed security flaws before they could be exploited by attackers.
    • Rigorous testing: Conducted penetration testing to replicate cyberattacks and harden the application's defenses.
    • Customer trust & platform integrity: Built confidence in our eCommerce platform by ensuring secure data and transactions.
    • Adaptability in the digital marketplace: Prepared for evolving threats in a dynamic online environment.

Export Application

Accenture
Oct, 2021 - May, 2022 7 months
    • Triple shield: Leveraged SAST, DAST, and penetration testing to detect vulnerabilities early and in action.
    • Cyber threat resilience: Fortified the export application against real-world cyber attacks.
    • Integrity & reliability: Safeguarded application functionality in a changing digital environment.
    • Early-stage mitigation: Identified and addressed security flaws before deployment.
    • Multi-layered approach: Built robust defenses to protect sensitive data and user trust.

Healthcare Security

NTT DATA
Oct, 2019 - Sep, 20211 yr 11 months
    • Tailored cybersecurity: Designed cutting-edge protocols for sensitive healthcare data and systems.
    • Robust infrastructure: Implemented data security solutions seamlessly integrated with core functions.
    • Mission-critical support: Ensured security measures didn't disrupt essential healthcare services.
    • Collaborative architect: Produced detailed specifications for data security and privacy compliance.
    • Rigorous testing: Conducted penetration testing and vulnerability assessments before and after deployment.
    • Continuous vigilance: Monitored breaches, reported findings, and optimized security practices.

WPP

IBM
Feb, 2017 - Aug, 20192 yr 6 months
    • L1 security expert: Devised and implemented best practices for complex server security challenges.
    • Efficiency champion: Refined output structure to exceed service level agreements and boost client satisfaction.
    • Mentor & collaborator: Trained junior specialists and fostered a cohesive L1 security team.
    • Large-scale operations guru: Successfully managed security support for WPP and 400 child companies.
    • Compliance-focused problem solver: Delivered reliable and efficient solutions meeting stringent service standards.

Education

  • Master Certificate in Cyber security

    HackerU and Jigsaw Academy (2021)

  • Bachelor of Engineering in Mechanical Engineering

    S.J.C. Institute of Technology (2016)

Certifications

  • Security Administration, NTT Data, 2020

    (Jan, 2020)

  • AZ-500 Azure Security Engineer Associate

    (Jul, 2022)

  • Certified Ethical Hacker, ECC Council

    EC-Council (Feb, 2021)