Prakash Tomar

Dover Corporation is an American conglomerate manufacturer of industrial products.

• Conducting Web, APIs, and Mobile applications security assessments along with setting up best practices for security of digital web properties.
• Performing Open-Source Intelligence (OSINT) to identify assets and publicly exposed organizations' sensitive information.
• Performing Cloud infrastructure (Azure and AWS) security audits following the CIS, HIPPA HITRUST, and NIST benchmarks to identify and close the gaps thus strengthening the security of the overall cloud infrastructure and hosted resources.
• Performing Threat Modeling (TM) to identify vulnerabilities in the application architecture beforehand and mitigate it during the initial Software Development Life Cycle (SDLC) phase.
• Promoting ‘Shift Left’ approach by integrating Secure Code Review (SCR) (SAST), Software Composition Analysis (SCA) (OSLV) tools into the CI/CD pipelines (DevSecOps) for continuous scanning of the code.
• Preparing and maintaining security baseline and cybersecurity best practices documents for all processes to educate staff against known threats and potential vectors of attacks.
• Enhancing the organization's security posture and providing regular updates for the tasks being executed.
• Maintaining subject matter expertise on all information security processes and maintaining application technology inventory to identify and mitigate the vulnerabilities in the first place.
• Used critical thinking to break down problems, evaluate solutions and make decisions.
• Proposed solutions to develop the products that ought to give a brilliant experience to the customers without compromising the performance and security of it.

News Corp is an American media and publishing company operating across digital real estate information, news media, book publishing, and cable television.

• Conducted Web, APIs, and Mobile applications security testing along with setting up best practices for the security of digital web properties.
• Conducted security assessment of critical functionalities of the applications such as Multi-Factor Authentication, Payments security, API security, Encryption methods, Container security, and Infrastructure (On-Prem and Cloud) security.
• Performed Cloud infrastructure (Azure and AWS) security audits following the CIS, HIPPA HITRUST, and NIST benchmarks.
• Performed Threat Modeling (TM) to identify vulnerabilities in the application architecture beforehand and mitigate it during the initial Software Development Life Cycle (SDLC) phase.
• Promoted ‘Shift Left’ approach by integrating Secure Code Review (SCR) (SAST), Software Composition Analysis (SCA) (OSLV) tools into the CI/CD (DevSecOps) pipelines for continuous scanning of the code.
• Led projects and analyzed data to identify opportunities for improvement.
• Quickly learned new skills and applied them to daily tasks, improving efficiency and productivity.
• Prepared a variety of different written communications, reports, and documents to ensure smooth operations.
• Created spreadsheets using Microsoft Excel for daily, weekly and monthly reporting.
• Oversaw daily operations to ensure high levels of productivity.
• Proved successful working within tight deadlines and a fast-paced atmosphere.
• Participated in team-building activities to enhance working relationships.
• Performed duties in accordance with applicable standards, policies, and regulatory guidelines to promote a safe working environment.

Sears Holdings Corporation operates as a broad-line retailer with full-line and specialty retail stores in the United States and Canada. It is an American chain of department stores.

• Performed security testing of Web and Mobile applications following the OWASP Top 10 methodology.
• Derived Threat Modeling to identify, enumerate, communicate, and understand threats and mitigations to protect the application assets.
• Performed Network penetration testing exercises of on-premises and cloud infrastructure for identifying vulnerabilities.
• Provided a comprehensive report on discoveries and remediation suggestions to fix the recognized vulnerabilities.
• Actively involved with conducting PCI DSS security reviews which incorporates PCI ASV Scans, PCI Vulnerability Assessment, and Penetration Testing (Requirement 11.2, 11.3).
• Dealt with Splunk alerts configuration for security dashboards and log monitoring.
• Resolved escalated issues by serving as a subject matter expert on wide-ranging issues.
• Used Jira ticketing system to manage and process vulnerability submission requests.

Aujas Cybersecurity Limited formerly known as Aujas Networks Private Limited is an enterprise security service provider for organizations across North America, Asia Pacific, and EMEA regions.

Projects:

World's Largest National Identification Number Project

Leading Healthcare Systems Service Provider

Indian Global Telecommunications Services

• Performed Web and Mobile applications security testing following the OWASP Top 10 methodology.
• Performed Thick Client applications security testing.
• Performed Infrastructure Vulnerability Assessment and Penetration Testing.
• Performed Risk analyses to identify appropriate security countermeasures.
• Performed Firewall configuration review by evaluating the inbound and outbound traffic rules for permitted IPs and ports, and so forth.
• Assisted the development teams with mitigation steps and guidelines.
• Consistently circled back to the groups to follow the progress of closure of vulnerabilities.
• Worked flexible hours; night, weekend, and holiday shifts.

Tata Consultancy Services is an Indian multinational information technology services and consulting company.

Project:

British Multinational Telecommunications Company

• Performed and reviewed technical security assessments to identify points of vulnerabilities and non-compliance with established information security standards and recommend mitigation strategies.
• Participated in the creation of device hardening techniques and protocols.