Senior Security Engineer - Penetration Tester - Cloud & DevSecOps
Resume:
Vishal Kinnera Security Engineer/Analyst Penetration Tester
San Francisco, CA +1-240-***-**** ************@*****.*** LinkedIn
SUMMARY
Results-driven Security Engineer and Penetration Tester with hands-on experience in threat analysis, vulnerability management, red teaming, and cloud security across enterprise environments. Proven track record of enhancing organizational security posture through proactive risk mitigation, automation, and DevSecOps integration. Skilled in penetration testing, SIEM implementation, IAM policy design, and compliance alignment with frameworks like NIST 800-53, ISO 27001, SOC 2, and PCI-DSS. Adept at leveraging tools such as Splunk, Burp Suite, Metasploit, Nessus, and AWS Security Services to detect, analyze, and remediate security threats. Strong collaborative experience with cross-functional teams to embed security within CI/CD pipelines and drive measurable improvements in incident response efficiency and system resilience.
TECHNICAL SKILLS
Testing & Tools: Jest, Mocha, Cypress, Selenium, Postman, Git, GitHub, GitLab, Bitbucket, Agile, Scrum
Penetration Testing & Ethical Hacking: Web, Network, API, Cloud, and Mobile Testing, Exploit Development, Red Teaming, Social Engineering
Security Tools & Frameworks: Metasploit, Burp Suite, Nmap, Nessus, Wireshark, OWASP ZAP, Splunk, Cobalt Strike, Qualys
Vulnerability & Threat Management: Vulnerability Assessment, Risk Prioritization, Patch Management, Threat Hunting, Incident Response, MITRE ATT&CK
Cloud & Infrastructure Security: AWS, Azure, GCP, IAM, Container Security, Docker, Kubernetes, Network Hardening, Zero Trust Architecture
Programming & Automation: Python, Bash, PowerShell, JavaScript, SQL, CI/CD Security, DevSecOps, Scripting for Recon & Exploitation
Compliance & Governance: NIST 800-53, ISO 27001, CIS Benchmarks, SOC 2, PCI-DSS, HIPAA, Security Policy & Documentation
PROFESSIONAL EXPERIENCE
Capital One Jul 2025 – Present
Security Engineer/Analyst
Conduct in-depth threat analysis, incident response, and vulnerability assessments, reducing potential attack surfaces by 30% through continuous monitoring and proactive mitigation.
Implement and manage SIEM solutions (Splunk, QRadar) to analyze security logs, correlate events, and detect anomalous behaviors across enterprise systems.
Collaborate with DevOps teams to integrate security controls into CI/CD pipelines using tools like GitHub Actions, Jenkins, and Snyk, improving deployment security efficiency by 25%.
Design and enforce Identity and Access Management (IAM) policies leveraging AWS IAM, Okta, and Azure AD, ensuring compliance with NIST 800-53 and Zero Trust principles.
Conduct regular penetration testing and red team exercises to identify and remediate critical vulnerabilities before exploitation, enhancing overall system resilience.
Develop and maintain security automation scripts in Python and PowerShell, streamlining log analysis, alert triage, and response workflows, reducing MTTR by 40%.
Support compliance and risk management initiatives aligned with SOC 2, ISO 27001, and PCI-DSS, contributing to successful annual audit outcomes with zero major findings.
HP Jun 2024 - Apr 2025
Security Engineer Intern
Monitored and analyzed 10,000+ daily security alerts using Splunk and Microsoft Sentinel, helping improve incident response time by 25%.
Performed vulnerability assessments with Nessus and Qualys, identifying and assisting in remediation of 150+ critical issues across corporate systems.
Supported the rollout of endpoint protection and access control policies for 2,000+ devices, enhancing overall endpoint compliance by 30%.
Assisted in incident response investigations, including log correlation, root-cause analysis, and documentation of 20+ confirmed security incidents.
Automated repetitive security monitoring tasks using Python scripts, reducing manual effort by 30% and increasing accuracy.
Collaborated with cross-functional teams to assess cloud security risks (AWS/Azure) and align practices with NIST and ISO 27001 compliance standards.
Epsilon Aug 2021 – Jun 2023
Security Engineer/Penetration Tester
Conducted comprehensive penetration tests on web, mobile, network, and cloud environments, identifying and mitigating 200+ high and critical vulnerabilities in production systems.
Performed comprehensive penetration testing on web, network, and cloud infrastructures, identifying and mitigating 200+ critical vulnerabilities using tools like Burp Suite, Metasploit, and Nessus.
Conducted vulnerability assessments and threat modeling aligned with OWASP Top 10, NIST, and MITRE ATT&CK frameworks to strengthen overall security posture.
Collaborated with DevSecOps teams to integrate automated security testing in CI/CD pipelines, reducing remediation time by 35%.
Delivered detailed technical reports and executive summaries, improving remediation accuracy and stakeholder communication efficiency by 40%.
Supported red team and incident response exercises, enhancing detection and response capabilities by 30% across key business units.
EDUCATION
Master of Engineering in Cybersecurity 08-202*-**-****
University of Maryland Collage Park, MD
B.Tech in Information Technology Aug 2017-Jul 2021
Vignana Jyothi Institute of Engineering and Technology Hyderabad, Telangana
Certification
OSCP Certified OSCP + Certified CompTIA Security+ Azure Security Engineer Associate Junior Penetration Tester
Contact this candidate