Mohanraj ROSEP | OSWE | PYTHON PROGRAMMER | SECURITY EVANGELIST & RESEARCHERChennai, IN[email protected]binarysouljour.mebinarysouljour

Skills

Languages:
Python, Golang, Javascript, C#, Bash, and Powershell
Technologies:
AWS, Docker, Kubernetes, Jenkins, and Semgrep ( SAST )

Work Experience

Netskope IncBengaluru,IN ( Remote )
Software Engineer - Product SecurityMar 2024 - Present
  • Worked on Security Automations to assist the product development teams and to make it measureable.
  • Deployed security controls in the CI systems of the product pipeline that will identify the security vulnerabilities and supply chain risks
  • Identified the vulnerabilities in the Infrastructure as Code artifacts and helped the development teams to eliminate them.
  • Handled multiple security initiatives and worked closely with cross-functional teams to scale them and also providing timely metrics to the leadership.
  • Worked on multiple FedRAMP High security initiatives to make Netskope compliant to the FedH requirements. This is mandatory for Netskope to provide services to government agencies.
FreshworksChennai,IN
Senior Security EngineerMar 2023 - Feb 2024
  • Discovered and performed pentesting on external facing assets of Freshworks. Unearthed a critical flaw that could have led to breach of sensitive information and internal systems.
  • Worked on setting up a scalable SCA ( Source Composition Analysis ) solution end to end.
  • Contributed to Freshworks Secrets Protection program, which will monitor repositories of Freshworks to prevent accidental commits of secrets.
  • I have been part of the Cybersecurity Incident Analysis team, demonstrating my knowledge on MITRE ATT&CK framework.
  • Threat modeling of the microservices that are deployed in Freshworks ecosystem.
  • Contributed to the setting up an Vulnerability Management platform.
  • Performed design reviews and threat modelling for the microservices in Freshworks ecosystem.
FreshworksChennai,IN
Security EngineerOct 2021 - Mar 2023
  • Hacking & Securing for AppSec Team @Freshworks
  • Performed Secure code reviews manually to find critical flaws in the application.
  • Contributed to Freshworks SAST program ( Implementation and process streamlining )
  • Developed extensive knowledge about Microservices and CI/CD best practices.
  • Found more than 20 Critical security vulnerabilities in Freshworks ecosystem.
  • Performed Web application, Mobile and API pentesting
  • Developed the external attack surfacing monitoring solution that watches the assets exposed publicly in Freshworks' AWS infrastructure.
StrongBox IT Pvt. LtdChennai,IN
Security AnalystJul 2020 - Sep 2021
  • Published around 7 exploits that involve gaining remote code execution in the Windows operating system.
  • Having a strong knowledge in Windows/Linux Exploit development.
  • Tested numerous applications belonging to various sectors that includes but not limited to healthcare, finance, ecommerce and blockchain technologies.
StrongBox IT Pvt. LtdChennai,IN
Security Analyst - InternAug 2019 - Jan 2020
  • Contributed on development of a proprietary software; which filters web application traffic and looks for malicious payloads in them.
  • We took advantage of using an opensource tool called modsecurity
  • Published buffer exploits which could lead to remote code execution. You can find more information about that here

Education

Kalasalingam Academy of Research and EducationSrivilliputhur, Tamil Nadu
Bachelor of Technology, Computer Science Engineering2016 - 2020

    Certifications

    OSEP - Offensive Security Experienced Penetration Tester
    Credential ID 85612437Oct 2023 - No Expiration
      OSWE - Offensive Security Web Expert
      Credential ID 63765823Dec 2022 - No Expiration