Tanveer Singh

Security Engineer Perform Security Testing

Monotype Solutions India Private Limited • Temps plein

May 2022 - Present • 4 yrs

Penetration Testing and Security Analysis: Conducted comprehensive penetration tests on APIs, web applications, networks, and cloud infrastructure, including AI LLM integrations, enhancing asset security across the organization. Developed in-depth threat models to identify attack vectors, enabling effective proactive defenses. Collaboration and Mitigation Planning: Played a key role in crafting and executing mitigation plans, ensuring prompt vulnerability resolution to meet SLAs. This proactive approach reduced potential attack surface areas and improved assets and infra. Security Coordination: Acted as the security coordinator, streamlining cross-team workflows to prioritize and address security findings, which led to faster vulnerability response times and enhanced interdepartmental communication. Facilitated threat modeling sessions to align team understanding of risks and strengthen defense strategies. Vulnerability Management: Led vulnerability scans and assessments, leveraging automated tools for early detection and rapid remediation of system vulnerabilities, bolstering the organization’s cybersecurity posture. Ensuring identified risks were prioritized and comprehensively addressed. Impact: Improved organizational security maturity, fostered a culture of proactive security awareness, and implemented vulnerability management processes that minimized risk exposure across various digital assets.

Security Testing (ERP, Hospital Network, E-commerce)

Confidential Clients • Freelance

May 2018 - Oct 2018 • 5 mos

Conducted advanced penetration tests on web applications and networks, identifying critical vulnerabilities including XSS, IDOR, and authentication bypasses, significantly enhancing client security. (Clients were from US and India) Leveraged manual testing alongside tools like Burp Suite, Acunetix, Nessus, OWASP ZAP, and Metasploit to execute thorough vulnerability scans and exploit potential threats. Provided actionable recommendations and secure coding advice through concise, impactful reports to stakeholders, detailing risk assessments and remediation steps. Collaborated with development teams to improve security practices, adhering to OWASP Top Ten standards and fostering security awareness. Supported junior IT team members and introduced automated testing frameworks to streamline vulnerability assessments and enhance testing efficiency.