Dinesh Kumar P Bangalore – India

Senior Manager-Cyber Security–Penetration Testing Email : [email protected]

Fidelity Investments Mobile: +91 81238 13522
LinkedIn: https://www.linkedin.com/in/jkpdinesh/
Exp: 11.5+ years

CERTIFICATIONS & TRAINING SNIPPETS:

• eWPT-eLearn Security Web application Penetration Tester – License ID : EWPT-155

• Certified Ethical Hacker (CEH) - License ECC61693622516
• Certified AppSec Practitioner (CAP) – License ID: 8372538
• Qualys certified vulnerability management specialist
• Offensive payment security - Nullcon

OBJECTIVE
Education:
Highly motivated and resourceful professional with 11.5+ years of experience & knowledge in a • MBA- Master of Business
broad spectrum of Information Security. Currently seeking a fulfilling position in Software Administration (Information
Industry that offers growth opportunities and allows me to utilize my security technical Systems) – Annamalai University-
Chennai - 2020
leadership skills, Knowledge, and experience.
• B.E(Bachelor of Engineering) ECE
AREAS OF EXPERTISE (2012)
Parisutham Inst. Of Tech & science
OWASP Top 10 Vulnerabilities • Web/API Pen testing• AWS Cloud Security • Integrating (Affltd. To Anna University
Security into SDLC • Application Security • Network Pen testing• Security Test Plan •Mobile Chennai)
app pen testing • Security Leadership • Prisma Cloud Security • Tenable/Qualys Vulnerability
CREST
management • Security Hiring • Security budgeting • CSPM- Cloud security posture
Member of Americas Cyber Leaders
management • Security Compliance -SOC2 and ISO 27001 • Identity and access management •
Forum – Jan 2024 to Present
Bug bounty • Threat Modelling• Security architecture.
Member of NULL Security
EXPERIENCE Top Infosec community of INDIA
Total Experience 11.5+ years

LinkedIn Recommendations:
Fidelity Investments Mar 2023 to Present Kandasamy Muniasamy -
Senior Manager-Cyber Security – Penetration Testing - APAC Deputy Chief Information Security
Officer at BlueJeans by Verizon
• Strong leadership skills, with a track record of building and motivating high-performing
teams. I hired Dinesh into BlueJeans in 2019 as a
• Performing penetration test of fidelity API,Web and Mobile applications Senior Security Engineer. Dinesh made
• Managing the application security practice security team professionals, primarily remarkable contributions during his tenure.
He is very passionate about Information
providing Security Testing for WAPT, Mobile Pen testing, Application security testing
Security and has had a broad view of aspects
(Dynamic and Secure Code review), and API. that go into improving the security posture
• Manage APAC penetration testing team and third-party vendors for application of a company. He ran monthly secure coding
security. training utilizing relevant short videos from
LinkedIn Learning and snippets of code as a
• Enable cross-functional team coordination in reviewing and providing guidance and
contest for Engineers. He set up and
best practices thru security review programs and Testing strategy. managed network vulnerability scanning and
 • Led the security champions program from India in developing security champions collaborated with Engineering and
Operations to remediate issues timely. His
within the teams.
hard core focus was in application security.
• Strategic planning and tool budgeting Through design reviews and penetration
• Application security Hiring tests, he ensured that released product were
• Managing FTEs and contractors sound. Dinesh also worked with various
Engineering teams to ensure that SAST and
• Support SOC2 compliance activities and ISO 27001 OSS scans were set up properly and the
critical issues were addressed. He collected
salient metrics involving pending security
ZOOM Video Communications INC Jun 2022 to Mar 2023 - Impacted by layoff issues in the products and
vulnerability/SAST/OSS scans and reviewed
Senior Security Vulnerability Management Engineer
with Engineering and Operations teams
• Managing vulnerability management program across Zoom production datacenters monthly to create awareness and to drive
and cloud. continuous improvement. Dinesh analyzed
• Prisma Security Scans (Containers, CSPM and AWS Runtime protections) and addressed findings from public bug
bounty programs as well as security ratings
• Application security scans
platforms. He assisted with SOC 2 audits with
• Qualys vulnerability management salient reports.
• Triage and formulate remediation plans and/or compensating controls
together with appropriate timelines following vulnerability scans using input Dinesh is one of the most diligent and
committed engineers I have ever worked
from system owners.
with. His deliverables were of high quality.
• Support security compliance initiatives for threat and vulnerability management team He showed high degree of professionalism
• Effectively recognize threats by performing relevant research and data and exhibited valued work behaviors -
analysis. integrity, respect and team work. He
evaluated and led various POCs before
• Enterprise Security Architecture to mature Identity and Access Management implementing new tools and techniques in
capabilities across the enterprise the SDLC environment as well as in AWS
deployment accounts.
BlueJeans by Verizon Apr 2019 to June 2022 (3+ years)
I wish Dinesh all the best in his future
Principal Security Engineer
endeavors and would like to see him to be
• Managing operation security of Datacenter, AWS Cloud, Corporate IT and Azure Cloud one of the noticeable leaders in Information
• Managing Penetration Testing Engagements with a high degree of Engineering Security in the near future.
satisfaction
• Developed team communications and information for Leadership cyber security Rajagopal Venkataraman
update meetings. General Manager, InfoSec Delivery
Head at Sumeru Software Solutions
• Managing Prisma Security scans of all the AWS Cloud accounts and working with
DevOps on the remediation “ Dinesh – is ever ready to work on anything
• Managing Penetration Testing projects across various business units that is given.
• Managing security access and approvals of IAM accounts including access to There is no difference as day/night,
production nodes for engineers weekdays/weekends, holidays for him.
Dinesh has demonstrated excellence and
• Managing and triaging security issues of the code using Veracode and Blackduck SAST super customer service that all the clients are
tools very happy with his work and deliverables.
• Managing security scans of network using Qualys/Tenable Dinesh is the resource on which I can depend
on any time and make commitments to
• Security hiring and budgeting for team
clients without fail.
• Closely working with engineering team for SAST scan integration and remediation plans With his suave nature, hard work, and strong
• Performing penetration test of API,Web,Network and Mobile on assessment and security audit I can trust
• Managing bug bounty programs from Bugcrowd and triaging the security issues with him at any time. Dinesh is very soft and
humble. I am very happy to have a resource
leadership team like Dinesh in my team.”
• Leading all the technical team members for pentest activity with Developers from the
beginning of the assessment to closure of the Bugs. Adrian Pastor
• Understand the Product Security Baseline (PSB) process and technical requirements Senior Project Manager – Intel Security
and determine which applies to the project under development.
“Dinesh is a superb security consultant. He's
• Demonstrated expertise in implementing AWS security best practices, including been instrumental in supporting the delivery
configuring IAM policies, securing S3 buckets, managing VPC security groups and pipeline for several strategic accounts at
NACLs, and following the Principle of Least Privilege to ensure the highest level of McAfee Foundstone. I have nothing but great
security in AWS environments.Apply secure design, and 3rd-party software security things to say about Dinesh.”
 best practices
• Influence BlueJeans Leadership (Manager to Staff of CXO) on current security stature of Testimonial from client:
Business groups across BlueJeans.
"Sumeru is an outstanding company. Its team
• Implement required security features and functions as prescribed by the Security is one of the best team in terms of
Compliance professionalism. We have worked together
• Provide training on Web Application Penetration Testing, and on analyzing of for our Security Audit. Mr. Rajagopalan
Venkataraman, Mr. Dinesh Kumar P and the
vulnerability reports.
technical savvy team worked hard in getting
• Perform risk assessment using CVSS 3.1 standards. our audit done. Very dedicated in the
• Review the critical CVEs, CWE’s to validate its applicability during SDLC Phases. profession in which we got timely response
• Work with product teams in building security Pipelines for continuous security and updates. Thank you for your effort."
- -- AMRITA E-LEARNING RESEARCH
scanning for every build.
LAB
• Lead the Security Champions program to educate product teams on building security
knowledge to integrate products with SDLC.
• Helping the organization to achieve security compliance SOC2 and ISO 27001 Awards:

Quotient Technology INC (www.quotient.com ) – Apr 2017 to April 2019 Sumeru Software Solutions:
(Acquired by Neptune Retail Solutions) -Won best performer award in Aug.
2013
Information Security Engineer
BlueJeans by Verizon:
- Won best performer CEO Awards
Roles & Responsibilities: in Aug 2020
- Won Best performer spotlight
• Develop technical solutions and new security tools to help mitigate security award in teamwork category in
vulnerabilities. the month of Oct 2021
• Performing Vulnerability Assessment and Penetration testing of web applications,
mobile and API
• Worked directly with product management and engineering to prioritize and resolve
vulnerabilities.
• Ensure that the company knows as much as possible, as quickly as possible about
security incidents.
• Track and provide project management for ongoing Information Security initiatives.
• Managing vulnerability scanning tools and associated technologies for security
initiative.
• Demonstrated expertise in implementing AWS security best practices, including
configuring IAM policies, securing S3 buckets, managing VPC security groups and
NACLs, and following the Principle of Least Privilege to ensure the highest level of
security in AWS environments.
• Analyze the results of vulnerability scans and add threat context to triage
vulnerabilities to prioritize remediation activities.
• Performing Vulnerability Assessment and Penetration testing of Networks
• Performed onsite application/network penetration test across quotient in USA for
1month.
• Security Hiring
• Training/Mentoring juniors on application security and network security VA/PT
• Helping the organization to achieve security compliance SOC2

Intel Security (McAfee) - Sep 2015 – March 2017

Bangalore-India

Designation: Professional Security Consultant

Roles & Responsibilities:
 • Worked on various North America web applications and network penetration testing
engagements.
• Web application penetration testing
• Network penetration testing.
• Mobile penetration testing
• API penetration testing
Sumeru Software Solutions (2.7+ years) Jan 2013 – September 2015
Bangalore India
https://inservice.sumeru.com/cyber-security/
Designation : Information Security Engineer

Sumeru Software Solutions, Bangalore (5Months) Aug 2012- Dec 2012

Did my internship program in Information Security – Application Security/Network Security
Project Details:
• Conducted onsite web application and thick client application security assessment for
one of the biggest organizations in muscat for one month.
• Conducted network penetration testing for one of the biggest international hotels for
15 locations.
• Worked on various Indian and Foreign Government Projects involving web applications
(cert-in) and Networks.
• Performed vulnerability assessment & penetration testing on various MNC’s web
applications.
- Responsible for conducting Penetration testing and vulnerability assessment.
- Responsible for creating manual reporting with remedies to mitigate the risk of
vulnerabilities.
- Responsible for Presentation to the client on qualitative risk posture of the
clients’ network.
• Performed Open-source intelligence (OSINT) collection/processing project

Experience in conducting advanced penetration tests for diversified customers on the globe
which includes Government projects (both native & foreign). Responsibilities in projects
include
• Proficient in kali Linux and Metasploit exploitation
• Proficient in OWASP Top Ten vulnerabilities and remediation steps
• Proficient in understanding and executing application level vulnerability attacks like -
XSS (Cross Site Scripting), SQL injection and Blind SQL Injection Attack, CSRF (Cross Site
Request Forgery), Session based attacks like Improper Session Management and
Session Hijacking, Privilege Escalation, Authorization Bypass, Weak Cryptography,
Authentication flaws, Remote File Inclusion, Browser refresh Attack and Cache Issue,
Design level vulnerabilities etc.
SECURITY ASSESMENT TOOLS /METHODS
Operating Systems
Windows 7/8/10,Kali-Linux, Ubuntu
OWASP top 10 methodology,Prisma Security scans for cloud,Tenable,Qualys,AWS
Guardduty,Veracode,Blackduck,IBM Appscan,Net Sparker,Burpsuite professional
Acunetix,Checkmarx,Nmap, Ironwasp, Echo Mirage,SQLMAP, Wireshark, Zap proxy
Burpsuite, Metasploit,Slowloris, LOIC,W3af,Dex2jar, AppUse, MobSf,Apk tool,Dex2jar,JD-
GUI,Drozer,Class Dump Z,Prisma,Bitsight,Security Scorecard,Data theorem etc..
Participated in Security researcher Bug Bounty programs:
Partial List:
• Paypal – Listed in top 10 security researcher list in Q2-2014
• http://company.nokia.com/en/acknowledgements
• https://secure.sony.net/hallofthanks
• https://bugbounty.att.com/hof.php
• https://www.helpscout.net/security/#reporting
• https://www.dropmyemail.com/security
• Localbitcoins
• https://www.crowdcurity.com/jkpdinesh
ADDITIONAL ACTIVITIES

• Member of India’s biggest information security (hackers) community “NULL”

• Participated in security bug bounty programs.
• Attended Cyber Security conference “C0C0N” Kerala – 2014 /Nullcon conference in the
year of 2020 and 2023

PERSONAL INFORMATION
Year of Birth : 1990
Nationality : Indian
Languages : English, Tamil