PRASHANT TATIPAMULA

Performed manual testing of various application Checked the integrity of the application Followed functionality guidelines Managed daily status reports and validation reports Performed FTC checks by abiding by compliance guidelines Performed Compliance testing according to the Microsoft and Sony guidelines on various platforms like Sony Play Station 4 and Microsoft Xbox One Abiding milestone­related timelines like (Pre­Alpha, Alpha, Beta, Candidate Master, Final Master)

Conducted various WAPT assessments on G2W web applications Performed network analysis to troubleshoot network drops during testing phases Created various test cases and implemented them during the testing life cycle Sketched test plans by following OWASP top 10 and OSSTMM guidelines Managed and maintained the stakeholder's and client trust & relationships during every project phase

Performed comprehensive security testing on Websites, Computer Networks, Cloud infrastructure, APIs, Mobile apps Followed frameworks like OWASP to 10, OWASP API top 10, OSSTMM & CIS benchmark for OS hardening Provided support to software developers and network/system admins for mitigating reported vulnerabilities Tested source code using test framework. Managed VAPT governance meetings, handled various client requirements

Performed (automate & manually) vulnerability assessment and penetration testing on, Web application Mobile application (Android & iOS) API Cloud Performed CIS Benchmark audit on, AWS cloud infrastructure OS deployed on cloud instances Periodically reporting and auditing of AWS firewall policies Setting up seamless closure operations among stakeholders Performed secure code review Followed guidelines and frameworks like, OWASP TOP 10 OWASP API TOP 10 CIS Benchmark Cloud Security Alliance Key tools in use: Burp Suite Professional, Tenable IO, SQL Map, MobSF, Drozer, Prowler, Sonarqube, etc. Mahindra Defense (Special Service Group) Apr 2019 ­ Jul 2021 Information Security Analyst Performed comprehensive security testing on Websites, Computer Networks, Cloud infrastructure, APIs, Mobile apps Followed frameworks like OWASP to 10, OWASP API top 10, OSSTMM & CIS benchmark for OS hardening Provided support to software developers and network/system admins for mitigating reported vulnerabilities Tested source code using test framework. Managed VAPT governance meetings, handled various client requirements Key tools used: Burp Suite Professional, Nessus Professional, MobSF, NMAP, SQLMap, Metasploit, Fortify, Prowler, ScoutSuite, etc. Ubisoft Entertainment India (P) Limited Mar 2016 ­ Apr 2019 Security Project Analyst & Networking Specialist Conducted various WAPT assessments on G2W web applications Performed network analysis to troubleshoot network drops during testing phases Created various test cases and implemented them during the testing life cycle Sketched test plans by following OWASP top 10 and OSSTMM guidelines Managed and maintained the stakeholder's and client trust & relationships during every project phase Key tools used: Burp Suite, Nessus, Network Emulator, Wireshark, NMAP, TGO, Jira, etc. Ubisoft Entertainment India (P) Limited Aug 2015 ­ Feb 2016 Functionality Tester (Quality Assurance) Performed manual testing of various application Checked the integrity of the application Followed functionality guidelines Managed daily status reports and validation reports Performed FTC checks by abiding by compliance guidelines Performed Compliance testing according to the Microsoft and Sony guidelines on various platforms like Sony Play Station 4 and Microsoft Xbox One Abiding milestone­related timelines like (Pre­Alpha, Alpha, Beta, Candidate Master, Final Master) Key tools used: Testrail, Xbox Manager, Remote Logger, Neighborhood, Atlassian Jira, etc. Freelancing Feb 2013 ­ Aug 2015 Freelancer Web application security testing Network infra­security testing Blogger and Content writer Software app development Tools Used: Arachni, Burp Suite, Nexpose, Nessus, Rips, NMAP, VB.Net, etc Innobuzz Knowledge Solutions (P) Limited Jul 2011 ­ Nov 2013 Information Security Expert Project assistance in IT Security and VAPT services Conducted various workshops on IT Security threats Assisted developers and management teams to fix security loopholes Conducted various staff training for professional developers Undergone various types of research related to Information Security Key tools used: Nessus, Nexpose, Acunetix, Metasploit, etc. EDUCATION Arihant College of Arts, Commerce & Science (ACACS) Jun 2013 ­ Apr 2016 Bachelor of Computer Application Pune University Jul 2011 ­ Jun 2013 Higher Secondary Certificate Examination ­ 12th Bio Focal BT Shahani High School Jun 2007 ­ Jul 2008 Secondary School Certification Examination CERTIFICATION ECSA ­ EC Council Certified Security Analyst Golbal Skill Development Council Certified ISO 27001:2013 Lead Auditor Amazon Web Services AWS Security Fundamentals Innobuzz Knowledge Solution Certified Information Security Expert MKCL Maharashtra State Certificate in Information Technology Maharashtra State Council Type Writing Certificate Languages: English Marathi LANGUAGES English Hindi Marathi AWARDS Department of Information Technology ­ AISSMS 2011­11­05 Speaker on Cyber Security Defence Standardization Cell – CQA (EE) Complex 2015­03­15 LAN Administration, Network Security & Audit Defence Standardization Cell – CQA (EE) Complex 2016­03­08 LAN Administration, Network Security & Audit HOBBIES Online Research Sketching PRASHANT TATIPAMULA INFORMATION SECURITY MANAGER [email protected] +91 9762304913 Pune www.linkedin.com/in/prashant­tatipamula SUMMARY An experienced information security manager seeking the opportunity to progress my career by attaining the position of senior / information security manager in the leading company I have worked with a broad range of clients covering many fields including the gaming, finance, fitness, and chatbot AI industries & I'm comfortable adopting security protocols to protect the interests of the organization and its customers Along with leadership skills I have strong experience in vulnerability management and penetration testing on different platforms Hands­on experience in implementing OWASP, NIST, CIS, SANS, ISO 27001 SKILLS Leadership Web Application Security Testing Mobile Application Security Testing Web Services Security Testing Secure Source Code Review Computer Network Security Testing Cloud Security Testing Dev Sec Ops | CICD Pipeline Management & Presentation Thick Client Security Testing ISO 27001 EXPERIENCE Jio Haptik Dec 2022 ­ Present Information Security Manager Managing vulnerability assessment & penetration activities for various platforms like, Web Application, API (Web Services), Mobile Application (APK + iOS), Cloud (AWS / Azure), CIS Benchmark, etc. External vendor's VAPT report validations. Security reviews to help develop client requirements. Managing governance meetings. Setting unilateral process to exhibit a secure development life cycle. Key involvements: Cloud security postures, Threat modeling, Secure Source Code Review, Managing CICD Pipeline, Governing CM process, Handling incident response team, etc. FITTR ­ Squats Pvt. Ltd. Jul 2021 ­ Dec 2022 Senior Security Engineer Performed (automate & manually) vulnerability assessment and penetration testing on, Web application Mobile application (Android & iOS) API Cloud Performed CIS Benchmark audit on, AWS cloud infrastructure OS deployed on cloud instances Periodically reporting and auditing of AWS firewall policies Setting up seamless closure operations among stakeholders Performed secure code review Followed guidelines and frameworks like, OWASP TOP 10 OWASP API TOP 10 CIS Benchmark Cloud Security Alliance

Managing vulnerability assessment & penetration activities for various platforms like, Web Application, API (Web Services), Mobile Application (APK + iOS), Cloud (AWS / Azure), CIS Benchmark, etc. External vendor's VAPT report validations. Security reviews to help develop client requirements. Managing governance meetings. Setting unilateral process to exhibit a secure development life cycle. Key involvements: Cloud security postures, Threat modeling, Secure Source Code Review, Managing CICD Pipeline, Governing CM process, Handling incident response team, etc.