Security Engineer

Hello! I'm Utkarsh

I'm a Security Engineer with 4 years of experience in Information Security. I have worked on several projects varying from VAPT of Web, Network & Mobile to Red Team assessments. I have worked with Banks where I worked on end to end security assessments. I'm also well versed with integrating security in Agile Software Development with Scrum Methodology.

Utkarsh Tiwari

Phone:

+91-971XXXX847

Email:

Address:

Bangalore, India

Date of Birth:

January 21st, 1995

EXPERIENCE

2019-Till Now

Security Engineer

TRAVELOKA INDIA PVT LTD

Currently, employed as a Security Engineer at Traveloka, an Indonesian unicorn company that provides airline ticketing and hotel booking services online with the focus on domestic travel. It recently expanded to provide lifestyle products and services, such as attraction tickets, activities, car rental, and restaurant vouchers.

2017-2019

Senior Cybersecurity Analyst

NETWORK INTELLIGENCE (INDIA) PVT LTD

Worked in NII as a Senior Cybersecurity Analyst which is a global cybersecurity provider founded in 2001. NII has more than 550 team members and offices across the globe. NII offer services across 5 broad spectrums i.e. Assessment, GRC, Professional Services, MSSP & Cybersecurity Trainings.

2016-2017

Associate Security Analyst

TORRID NETWORKS PVT LTD

Worked in Torrid Networks as a Associate Security Analyst which is a global leader in end-to-end information security management services. It is working with over 500 customers across various business verticals worldwide including defense and security establishments, critical government departments, large PSUs and many fortune companies.

EDUCATION

2012 - 2016

Bachelor's Degree

Dr. A.P.J. Abdul Kalam Technical University

Completed my Bachelor of Technology in Computer Science & Engineering (First Division with Honors)

2010 - 2012

Intermediate

St. Thomas School

Completed my 10+2 in Science with 76% from ISC Board

2008 - 2010

High School

St. Thomas School

Completed my High School with 75% from ICSE Board

Exploiting Misconfigured Cross-Origin Resource Sharing

Host Header Injection

It's all about Fuzzing!

Internal IP/ Host Name Disclosure in the Server Redirects

Brain Storming: Quiz - Web App Questions

Brain Storming: Quiz - Web App Answers

ARTICLES

SKILLS

Web Application Security Testing

API Security Testing

Social Engineering

Mobile Application Security Testing

Network Security Testing

Source Code Review

EXPERTISE

APPLICATION SECURITY

In-depth knowledge of OWASP Top 10, SANS Top 25 & WASC TC
Business-Logic based application security testing
Skilled in performing manual & automated VAPT
Skilled in exploiting SQLi, OAuth, XXE, SAML, RFD, XSSi, SOME, mXSS, CORS, etc.

MOBILE SECURITY

Well versed with OWASP Mobile Top 10 and recent attack vectors
Experienced in performing Penetration Testing on iOS (Only Dynamic) and Android mobile applications related to different fields like Banking, Telecom, Finance, E-Commerce, etc.
Familiar with tools like Genymotion, Drozer, Appie, APKTool, MobSF, ADB, Dex2Jar, etc.

NETWORK SECURITY

Knowledge of networking fundamentals
Hands on experience with tools used in performing network assessment
Familiar with tools like Nmap, Nessus, Metasploit, Curl, etc.