Sagar Janyani

Contact no: 8888383829

Email Id: Sagar200827@[Link]

Certifications

▪ CISSP by ISC2 (Certified Information Systems Security Professional)

▪ AWS Security Speciality
▪ CEH by EC-Council (Certified Ethical Hacker)
▪ ECSA by EC-Council (EC-Council Certified Security Analyst)

Objective
As a CISSP-certified professional with seven years of experience in the Information Security domain,
Hands-on experience in the following vertices:
▪ WAPT- Web Application Penetration Testing
▪ VAPT- Vulnerability assessment and Penetration Testing
▪ Source Code Review
▪ API- Web Services
▪ MAPT- Mobile Penetration Testing

Work Experience

▪ Currently working with Experian as Penetration Tester since September 2021

▪ Worked with SecurEyes Pvt Ltd from Oct 2019 till Nov 2020
Designation: Information Security Consultant

▪ Worked with Aujas Networks from January 2019 till Oct 2019.
Designation: Consultant

▪ Worked with Capgemini from November 2015 till November 2018.

Designation: Associate Consultant

Profile Summary

▪ Conducted security assessments in a product-based organization and served various clients across
industries, including banking, pharmaceuticals, life sciences, law firms, and compliance services.
▪ Proficient in performing web application testing (WAPT), network VAPT, web services (API), thick
client, configuration audit, and mobile application testing.
▪ Hands-on experience with a wide range of tools, including Burp Suite, IBM Appscan, Acunetix,
SqlMap, Nmap, Nessus, Echo Mirage, SOAP UI, Postman, Wireshark, Metasploit, Rapid7, Veracode,
and SSLscan.
▪ Specialized in web application penetration testing and well-versed in OWASP Top 10 and other
security standards.
▪ Managed vulnerabilities across applications, servers, databases, networking devices, mobile devices,
and cloud environments.
▪ Conducted continuous discovery and vulnerability assessments across the enterprise's assets.
▪ Documented, prioritized, and provided formal reports on asset and vulnerability status, along with
remediation recommendations and validation.
▪ Communicated vulnerability results in a manner understood by both technical and non-technical
stakeholders, considering risk tolerance and threats to the business, and gained support through
effective messaging.
▪ Utilized vulnerability databases to understand weaknesses, their probability, and remediation
options, including vendor-supplied fixes and workarounds.
▪ Collaborated with cross-functional teams for remediation and validation efforts, while contributing
to other collaborative approaches driven by the security team's strategy.
▪ Extensive experience in conducting internal and external vulnerability assessments and penetration
testing in the network domain.
▪ Identified and exploited vulnerabilities in applications and networks.
▪ Worked closely with developers to mitigate security risks.

Key Projects (Selected):

Project Name Web Application and Network Vulnerability Assessment

Client Pharmaceutical and Healthcare (Global)
▪ Getting walkthrough of the application, its functionality and business flow
▪ Performed application security assessment by Manual and Automated testing
tools like IBM Appscan.
▪ Prepared detailed report of the Assessment conducted
Responsibilities ▪ Provided recommendations for fixing the identified vulnerabilities
▪ Discussed the vulnerabilities and its possible solution with developers,
solution architect, and product managers
▪ Channelized POCs to client for Security activities and implementations.
▪ Run automated scan and verify results using manual tools.

Project Name Web Application, & API Security Assessment

Client Law Firm

▪ Getting walkthrough of the application, its functionality and business flow.
Responsibilities ▪ Performed Security Assessment of multiple applications
▪ Used Burp Suite, Postman, SoapUI to perform Security Assessments
 ▪ Prepared detailed report of the Assessment conducted
▪ Discussed the vulnerabilities and its possible solutions/work around with
developers and product managers

Project Name Web Application Assessment and Change Management

Client Globalized Bank

▪ Involved in reviewing Change Request for Web Applications
▪ Discussed the vulnerabilities and its possible solution with developers ad
solution architect for mitigation of reported vulnerabilities
▪ Co-ordinated and guided Development teams with implementation of
Responsibilities
Security best practices
▪ Channelized POCs to client for Security activities and implementations
▪ Involved in Risk assessment and decision making with client for various
security issues

Project Name Web Application Assessment and Change Management

Client Nationalized Bank

▪ Involved in reviewing Change Request for Web Applications
▪ Created VAPT Calendar Document including all the inventory and assets,
determined the frequency of WAPT/ VAPT assessments to be carried.
▪ Created Procedure Document for VAPT/ WAPT including procedure to be
Responsibilities
followed while conducting assessments.
▪ Identified and exploited vulnerabilities in applications.
▪ Channelized POCs to client for Security activities and implementations
▪ Perform Open port and service enumeration

Project Name Web Application Assessment and Change Management

Client Co-operative Bank

▪ Created VAPT Calendar Document including all the inventory and assets,
determined the frequency of WAPT/ VAPT assessments to be carried.
▪ Co-ordinated and guided Development teams with implementation of
Responsibilities Security best practices
▪ Perform Open port and service enumeration
▪ Channelized POCs to client for Security activities and implementations
▪ Closely working with developers in mitigating security risks.
Achievements, Initiatives and Skills Acquired

▪ Received the Employee of the Month award and an Appreciation email from the CISO of Experian.
▪ Earned an Appreciation email from a client for identifying a sensitive vulnerability and assisting
developers in mitigating it.
▪ Received client applause for proactively suggesting changes to enhance output and demonstrating
great team spirit.
▪ Proficient in frameworks and standards such as OWASP, CWE, CVSS, and more.
▪ Recognized for exceptional security testing skills at a banking client.
▪ Developed strong interpersonal skills by collaborating with a multicultural team.
▪ Demonstrates the ability to think on my feet and quickly adapt to new technologies and tools.

Academic Qualification

Exam Institute Board Year Of Marks % Class or

Passing Division

B.E (Bachelors in Watumull Institute of Mumbai 2015 64.22% First

Engineering) Technology, Mumbai. University Class
Diploma Institute of Technology, MSBTE 2011 74.73% First
Ulhasnagar Class
SSC Inner Wheel School Maharashtra 2008 76% First
State Board Class

Personal Information

Father’s Name : Mr. Ashok Janyani

Mother’s Name : Mrs. Karishma Janyani
Gender : Male
Nationality : Indian
Permanent Address : Mumbai, Maharashtra, India
Pin: 421004
Date of birth : 24th January 1993