Message

kirtan patel

A cybersecurity consultant and Penetration tester with 2 years of practical experience. Remarkable experience in manual penetration testing. Profound knowledge of network architectures, operating systems, application software, and cyber security tools. Basic knowledge of scripting languages, bash, Python. Solid understanding of information security and applied cryptographic protocols.Ability to exploit recognized vulnerabilities.

Key Skills

Vulnerability Assessment and Penetration Testing
Infrastructure Penetration Testing
Vulnerability Management
Secure Code Review
Security Configuration Review
Burpsuite
Nmap & Metasploit
Nessus & Qualys
OSINT
Shell Scripting

Professional Experience

Nov 2021
Present
Cyber Security Consultant
EY Bangalore Urban, IN
  • Performed infrastructure and application penetration tests, as well as physical security review and social engineering tests for our global clients.
  • Performed application penetration tests across public and private networks.
  • Performed assessments of security awareness training using social engineering.
  • Performed P1 vulnerability penetration testing for multiple clients in the information technology industry 
  • Developed testing scripts and procedures.
  • Developed and leverage custom exploits.
  • Worked on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets.
  • Conducted Black box penetration testing 
  • Performed SAP Security Configuration Review of the SAP systems of clients.
  • Performed Mobile application penetration testing.
  • Communicated technical vulnerabilities and remediation steps to developers and management.
  • Provided assistance to system users relative to information systems security matters.
  • Worked with application developers to validate, assess, understand root cause and mitigate vulnerabilities.
Jan 2021
May 2021
Security Analyst
Salesforce Hyderabad, IN
  • Part of Security Triage and Response team in Salesforce.
  • Investigated malicious phishing emails, domains and IPs using Open Source tools and recommended proper blocking based on analysis. 
  • Identified suspicious/malicious activities. 
  • Added List of FP(False Positive) Vulnerabilities to Team's FAQ. 
  • Worked on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets.

Education

Aug 2023
Aug 2019
Bachelor's in Computer Science in
KSV University
Aug 2019
Aug 2021
Master's in Cyber Security in
National Forensic Science University

Achievements

Penetration testing and Bug Bounty Recognition
  • Hall of Fame and Acknowledgement: 50+ hall of fame from various companies including Apple, Salesforce, Sony, PayPal, Lenovo, Splunk, BlackBerry, Oracle, Xiaomi, Huawei, MTN group, and Atlassian. 
  • Performed web application, mobile application, and network penetration tests.
  • Developed processes and implemented tools and techniques to perform ongoing security assessments of the environment.
  • Analyzed security test results, concluded from results, and developed targeted testing as deemed necessary.
  • Provided technical consultation on Security Tools and Technical Controls.
  • I have experience in creating security standards, policies, and automation scripts.
  • I participated in a CTF event hosted by Salesforce and my team placed third. 
  • During my work in web application penetration testing, I developed a tool in bash script to aid in information gathering, including subdomain enumeration, host checking, screenshot capturing, IP address lookup, WHOIS lookup, HTTP header information, port scanning, and CNAME and quick view in Firefox. 
  • Additionally, I created an Alert Automation Tool that searches for specific vulnerabilities (known CVEs) and runs automatically every day. If new subdomains are added and the script discovers any new vulnerabilities, it will send an alert to your Slack channel. 
  • My writeup about how I found critical vulnerability:- https://medium.com/@kirtanpatel9111998/how-i-was-able-to-find-eas y-p1-just-by-doing-recon-fdef0c689362 



Client Engagement
  • Conducted meetings with clients and peers.
  • Recognized additional cyber security opportunities.
  • Outlined results and consulting on remediation.
  • Handled documentation and metrics reporting.
  • Conducted Re-validation of the issues found to ensure the mitigation of the various vulnerabilities.
  • Received recognition and appreciation from the client's CISO.

Hobbies & Interests

  • Computers
  • Cricket
  • Travelling
  • Football
  • Sports

Languages

English
(Fluent)
Gujarati
(Native)
Hindi
(Fluent)

Career Aspiration

Work for an organization where I can learn new things, gain professional knowledge and efficiently utilize my skills to contribute to the growth of the organization.

Get in touch with kirtan