NITIN RAMESH

adv205@r.postjobfree.com linkedin.com/in/nitin-ramesh19 www.nitinramesh.com Security Engineer with over 7 years of experience in Cybersecurity (DAST, SAST), Security Development & Research. AREAS OF EXPERTISE

Languages: Python, Java, JavaScript, TypeScript, React, Shell & MySQL CyberSecurity: Penetration Testing DAST, Secure Code Review SAST, Cloud security, Security Tool development, Security hardening, Software patch development and Information Security research. Tools: BlackDuck SCA, Burp Suite, AppScan, Fortify, Wireshark, Nmap, Checkmarx, SonarQube, Snyk, PyCes etc. Software Technologies: Cloud (AWS & GCP), Docker, Postgres & Linux EDUCATION

University of Florida, (MS, Computer Science, GPA: 3.75/4) Aug 2021 – May 2023 Visvesvaraya Tech University, (BE, Computer Science, GPA: 4/4) Sep 2011 – Jun 2015 PROFESSIONAL EXPERIENCE

SYNOPSYS Security Developer Intern Sep 2022 – Dec 2022 BlackDuck SCA:

• Accomplished Vulnerability Analysis of all Blackduck Docker containers (Alpine, Debian etc) and patching all Critical/High bugs detected, additionally deployed security hardening measures via the DockerFiles.

• Delivered on Google Cloud security configuration review and refactoring security software for cloud deployment. WELLS FARGO Senior Security Engineer Aug 2019 – Aug 2021 Consumer Banking Suite:

• Delivered on automated and manual SAST code review and Malicious code detection to identify critical vulnerabilities (Web, Mobile and Thick client) and worked with development teams to identify security patches.

• Created custom security rules for Fortify to enhance detection rate and reduce false positive vulnerabilities.

• Evaluated banking authentication frameworks including Two-Factor authentication OKTA, SecureToken etc. KPMG Senior Security Consultant Mar 2019 – Aug 2019

• Successfully delivered DAST penetration testing, SAST secure code review, Mobile security review, Network security review, backdoor analysis, cloud security configuration review for a large country’s stock exchange engine.

• Conducted end to end security configuration review of functioning Casino system in compliance with NIST standards, security hardening tactics and worked with the development teams in securely deploying software fixes. SYNOPSYS Lead Security Engineer Jul 2015 – Mar 2019

• Security Team Lead, delivering Red Team and Blue Team based Penetration Testing, Secure Code Review for Web, Mobile, Cloud software & Hardware security in Biometric authentication, IOT infrastructure and Wireless security.

• Extensive experience in security automation, creating rules and signatures for security scanners and detection system.

• Conducted security research under the direct guidance of Director of OWASP in insecure web design patterns.

• Discovered multiple critical severity vulnerabilities during reverse engineering of Health Tech, IOT systems etc. Awards: Vulnerability of the Month (2018 & 2019) & CapDev Security Engineer Excellence Award (2019) SECURITY RESEARCH

PyCes Security Scanner

• Designed and created an Open-Source SAST scanner, based on security research to detect code composition, vulnerabilities in code, use of insecure libraries & any malicious code patterns in software code.

• Achieved highest vulnerability detection rate among Open-Source scanners in frameworks like Django, Flask etc.

• Resulted in CI/CD efficiency increase by 75%, false positive reduction by 60% and automation of security process. GitHub: https://github.com/nitinrameshuf/PyCes Demo: https://www.youtube.com/watch?v=fb_ITHhCbi8 Research Papers & Publications:

• (Jun 2018) “Insecure Design Patterns in Modern Python Web Frameworks.”, Synopsys Journal

• (Mar 2019) “Biometric security, Firmware security and its dangers from spurious Android additions.”, NullCon Additional Research Papers and Projects: https://github.com/nitinrameshuf/Research-Papers CyberSecurity Blog: https://www.nitinramesh.net/anatomyofahack