Hello World

I am Priyesh

I'M A Passionate Cyber Security Engineer

I stand at the intersection of code, security, and operations.

ABOUT Priyesh

Dedicated Cybersecurity Explorer

| DevSecOps | Penetration Testing | Ethical Hacking | Network Security | Security Operation | Incident Response & Vulnerability Management |

VAPT

Conduct comprehensive vulnerability assessments and real-world penetration testing to identify, analyze, and remediate security weaknesses with validating security controls, and ensure compliance with industry standards and best practices.

DevSecOps

Integrate end-to-end security into CI/CD pipelines across all stacks (SCA, SAST, DAST, IAST, RASP) to ensure secure code delivery from development to deployment.

IT Application Security

Identify and mitigate application vulnerabilities through secure coding practices, pentesting, threat modeling, PAM, SOC Operations and regular security assessments.

Web Development

Build secure, scalable, and user-friendly web applications with a strong focus on front-end and back-end security best practices.

Freelancer

Development & Cybersecurity Projects for Students - Provide tailored development and cybersecurity project support for students, including coding, secure app design, and academic project guidance.

The only secure system is one that is powered off


Skills

Cloud: Azure, AWS, Linode

IAM: Microsoft Entra

VCS & SCM: Git, SVN, Azure Repos, GitHub, GitLab, CodeCommit, Bitbucket

CI/CD: Azure DevOps, Jenkins, Bamboo, GitHub Actions

CM Tools: Ansible, Terraform

Build Tools: Maven, Ant, Gradle

Source Code Analysis: SonarQube, SonarLint

SCA: SNYK, CheckmarX, BlackDuck

SAST: Fortify, CheckmarX, Coverity, Manual Reviews

DAST: ZAP, BurpSuite, WebInspect, Acunetix

IAST: CheckmarX, Synopsys, Contrast, Acunetix

RASP: Contrast, DataDog ASM

WAF: Cloudflare, F5

Scanning: Rapid7, Qualys WAS

Threat Detection: SentinelOne, Microsoft Defender

SIEM: Azure Sentinel

DLP: O365 DLP

PAM: Arcon

Repositories: Nexus, JFrog

Containers: Docker, K8s, Swarm

Container Security: Qualys

Logs: ELK, Splunk, ArcSight

Monitoring: Grafana, Prometheus, Nagios, DataDog

Firewall: Fortinet 60F

Network Tools: Wireshark, Nmap

InfoSec: NIST, ISO 27001

Databases: MySQL, MongoDB, PostgreSQL

Project Tools: Jira, Confluence, Redmine

Languages: C, Java, Python, JS, PHP, GoLang, Rust

Scripting: Bash, PowerShell, Python

Development Life Cycle: SDLC, SSDLC

Methodologies: Agile, Waterfall, DevOps

Cybersecurity is not a destination. It's a continuous journey of adaptation and vigilance.

Experience

  • 2017

  • Education

    BE – Computer Science and Engineering

    BMS Institute of Technology and Management

  • Education

    EAD (Enterprise Application Development)

    Jspiders

    🖥️Programming Languages: Core Java (OOP concepts, collections, exceptions), Advanced Java (Servlets, JSP, JDBC), Python (basics and scripting)

    Web Technologies: HTML (structure of web pages), CSS (styling and layouts), JavaScript (client-side scripting and interactivity), J2EE(JDBC, Servlets, JSP).

    Databases: MySQL (database design, SQL queries, normalization)

    Build & Dependency Tools: Maven (project management and build automation)

    Frameworks:Hibernate, Spring

  • 2018

  • Software Developer

    Job

    GOPBN PVT LTD

    Lead a small Team 3 people after 6 months of joining(2 Frontend developers and 1 backend developer) ensuring project delivery withing budget and timeline constraints.

    • Worked on multiple development projects – Frontend, Backend, Database, Business logic, Troubleshooting, Deployment & Support.

  • 2019

  • Education

    Post-Graduation Diploma in DITISS

    CDAC (Centre for Development of Advance Computing)

    -PG Diploma in It Infrastructure Systems and Security

  • 2020

  • DevSecOps Engineer

    Job

    Xerus Systems

    • Lead a Team of 5 Freshers software developers for multiple projects(Training and Assigning Tasks).

    • Working on the Security, Firewall, Development, Server Management(On-premises & Linode Cloud Server), Installation, Maintenance, Health Checks, Metrics, Reports, Training, IOT.

    • CI/CD: Jenkins with GitLab with integrating security tools like SonarQube, linters, and open-source tools.

    Manual Pentesting: Kali Linux, Nmap, BurpSuite, etc(Opensource Tools).

    Dockerizing multiple projects - to work on any platform.

    Security Audit: Servers, Devices, Accounts, Privileges, Permissions, Web Applications

  • 2021

  • Job

    DevSecOps Engineer

    Alshaya Group

    • Lead a small Junior DevSecOps Team of two members after 8 months after joining.

    • Perform Internal, External vulnerability assessments to Internal Servers, and cloud servers (AWS, Azure, Aquia, and Oracle)

    • Implemented SBOM generation and integrated vulnerability scanning to identify and manage security risks in third-party components.

    • Coordinated project activities & involved in partial works with across multiple departments.

    • Involved in the migration process from on-premises to Azure Cloud.

    • Implemented security practices by OWASP DSOMM (DevSecOps Maturity Model) framework.

    • Working with NewRelic for APM (Application Performance Management), and Datadog ASM for including all applications and cloud/on-premises services

    CI/CD: Azure Devops with integrating security tools like SCA, SAST, DAST, IAST, RASP, WAF& Monitoring.

    Shift Left Approach: security involvement, Jira flow chart, Integrating Security tools into developers IDE’s, training on secure coding for developers, Automatic report generating.

  • 2023

  • IT Application Security Engineer

    Job

    University of Sharjah & Hospitals (Contract)

    Client: UOS & H | Sundus (Contract)

    • Conducted assessments for both internal application development and SaaS based cloud applications.

    • Performed 50+ Pentesting, 40+ manual source code reviews for both internal facing and external facing - web, desktop, mobile/tablet application.

    • Configuring, tuning, and setting up WAFs for 80+ websites.

    • Implemented security policies, controls & measures across the environment to safeguard web applications, databases and servers.

    • Onboarding 28+ assets(servers & web logins) and administration of PAM(Privilege access management) - Arcon.

    • Performing security reviews for 5+ ERP systems(Education & Hospital) and other products.

    • Conducted regular security assessments, privilege access management checks on websites and ERP systems.

    • Collaborated with the team to implement Microsoft DLP for SharePoint.

    • Collaborated with Microsoft teams to review and verify Microsoft compliance measures, ensuring alignment with regulatory standards and data protection requirements.

    • Performed and maintained RAF (Risk Acceptance Forms) forms.

    • Creating 20+ own Sentinel rules & enabling preloaded rules for application alerting and monitoring.

    • Managed incident tracking and log monitoring using Microsoft Sentinel & Defender.

  • Present

GET IN TOUCH

Helping Students in projects & Freelance