Scribd
Upload
6 views2 pages

Resume HemaliPatel

Sandeep Sain is a cybersecurity engineer with over 6 years of experience in various security domains including web, mobile, and API security, as well as cloud and source code review. Currently an Assistant Manager at KPMG, he leads application security initiatives and integrates security tools into CI/CD pipelines, significantly improving efficiency and reducing manual efforts. His previous roles include conducting penetration tests and vulnerability assessments, managing security risks, and developing cybersecurity strategies.

Uploaded by

sandeep sain
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
6 views2 pages

Resume HemaliPatel

Sandeep Sain is a cybersecurity engineer with over 6 years of experience in various security domains including web, mobile, and API security, as well as cloud and source code review. Currently an Assistant Manager at KPMG, he leads application security initiatives and integrates security tools into CI/CD pipelines, significantly improving efficiency and reducing manual efforts. His previous roles include conducting penetration tests and vulnerability assessments, managing security risks, and developing cybersecurity strategies.

Uploaded by

sandeep sain
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

+9

Sandeep Sain hemalipatel2023@[Link] Bangalore, India


CYBERSECURITYENGINEER [Link]/in/hemalipatel2303/

PROFESSIONAL OVERVIEW

• Cybersecurity professional with 6+ years of experience in Web Application, Mobile, API security, Cloud,
Source Code Review, Threat Modeling. Skilled in implementing SAST, DAST, and SCA tools, and
integrating them into CI/CD pipelines to support a shift left security approach.

• Expertise in Incident response, risk management and developing cybersecurity strategies to mitigate

threats. • Proven track record in leading teams, managing key account of Goldman Sachs & embedding security
across SDLC.

WORK EXPERIENCE Projects:

Assistant Manager, KPMG • Developed and optimized ZAP detection rules and
Bangalore | Oct 2023 – Present custom capabilities using regex-based pattern analysis,
reducing FP by 70% through continuous tuning and
• Conducted security assessments for Web validation and saving ~50+ hr per week on manual
Applications, APIs, Mobile Applications work.
(Android/iOS) and Cloud (AWS/Azure). • Built an AI-assisted Python automation to verify
• Leading application security and DevSecOps endpoint reachability, extract certificate Subject
Alternative Names (SAN), reducing manual validation
initiatives, aligning technical aspects with business
effort by ~85% and saving ~20+ hr per week.
goals and compliance needs. • Spearheading a global
• Built an end-to-end pen-testing automation agent for
investment firm’s Secure SDLC transformation by
passive/active recon, authenticated crawling, exploit
integrating SAST, DAST & SCA tools (Checkmarx,
heuristics, and LLM-based summarization using a local
Burpsuite, ZAP), and integrated them into CI/CD
GGML model and Hugging Face.
pipelines with Jenkins.
CORE COMPETENCIES
• Worked closely with development and DevOps
teams to integrate security assessment tools into the Application & Cloud Security: • Web & Mobile Application
SoftwareDevelopmentLifecycle (SDLC). Security
• Develop solution architecture and blueprints based on • API Penetration Testing • Secure SDLC Consulting • SAST &
business technology and security objectives. DAST
• Conducted threat modelling using the STRIDE • DevSecOps Integration • Vulnerability Management • Threat
framework to identify and mitigate potential Modeling
vulnerabilities during the initial SDLC and production
phases. • Source Code Review
Strategic & Leadership Skills: • Team Leadership & Mentorship •
AZ-900: Microsoft Certified Azure Fundamentals (2025)

Project Delivery Ownership • Client Engagement EDUCATION


B.E Computer Engineering C.K. Pithawala (Gujarat)
• Business Development
2011-15
• Account & Stakeholder Management [Link] Cyber Security
National Forensic Sciences University (Gujarat)
CERTIFICATES 2017-19
Application Security Engineer, Alten Calsoft Labs (Jio Projects Onsite)
Mumbai | July 2022 – Oct 2023

• Partnered closely with product managers and engineering teams to balance risk, usability, and release
timelines in a fast-paced agile environment.
• Conducted comprehensive penetration tests and vulnerability assessments on web applications,
simulating an external attacker to identify critical threats and business logic flaws.
• Performed in-depth security evaluations across key areas including authentication, authorization,

session management, access control, and input validation to uncover potential vulnerabilities. • Identified,
triaged, and documented security risks, delivering actionable mitigation plans that accelerated
remediation cycles.

Associate Security Consultant, Synopsys


Bangalore | June 2019 – July 2022

• Executed comprehensive security assessments using a range of White Box, Grey Box, and Black Box
testing methodologies
• Performed Dynamic Application Security Testing (DAST) and manual penetration tests to identify and
exploit vulnerabilities across web, mobile and API environments, reducing security review turnaround
by ~30% through creating SOP.
• Managed the end-to-end vulnerability lifecycle, from identification and risk-based prioritization to
coordinating remediation efforts and validating closures through detailed reporting
• Integrated security tools into CI/CD pipelines across multiple projects, enabling early detection of
recurring vulnerabilities and reducing remediation cycles.

You might also like