Ajay Verma

Senior Manager (Cyber Sec)

About Me
Senior Manager with more than10 years of increasing responsibilities
in technical leadership, business-critical management, Penetration
Testing App/Network Infra, Comprehensive Security Review & Red
Teaming and information security management system (ISMS)
My Contact Audits.
Expertise in VAPT, WAPT, Red Teaming, Threat hunting along with
sound networkingconcepts, malware analysis VPN, TCP/IP protocol,
[email protected] network security & knowledge of firewall setup/administration.
+91 8287209640, +1 2702162727 Proven diagnostic abilities with attention to detail and ability to work
effectively in a fast-paced environment.
New Delhi, India

Professional Experience
Mobikwik | Senior Manager (Cyber Security)
Jan 2024 - Present
Key responsibilities
• Managing cyber security team and related operations.
IT CERTIFICATIONS • Managing cloud infrastructure to meet security and compliance.
• Day to day security operations include managing bug bounty,
• ISC2 CISSP: Apr 2024 security assessments VA/PT, red teaming engagements, SAST/
• ISC2 CC: Mar 2024 DAST, WAF, cloud security and compliance security audits.
• ISO/IEC 27001:2022 LA • Coordination with verticals to introduce security on all levels as
• LPT (Master): Feb 2021 per security policy includes training, vulnerability mitigations
plan and POC of tools to strengthen security posture.
• Cybereason- CCTH: Mar 2020
• Coordinating with dev/sec team to remediate vulnerabilities and
• MCP (Microsoft): May 2018 implement best practices.
• ECSA V9: March 2017
• Web App Security: Mar 2017 Bayone | Lead Cyber Security Consultant
• Cisco-CCNA: Nov 2016 Sep 2023 – Jan 2024
• CEH V9: Jun 2016
Client: HPE (Hewlett Packard Enterprise)
Key responsibilities:
• Managing critical and scaled cloud infrastructure security with
cloud security tool (WIZ).
• Writing templates, automation to create Jira tickets for different
wiz findings based on different vulnerability/severity.
TECHNICAL STACK • Triaging Jira tickets, providing related information and POC for
RED TEAM/VA/PT: Qualys, Nessus, vulnerabilities remediation.
Immunity Canvas, Metasploit, Tenable • Coordinating with dev/sec team to remediate different
(io/Sc), Acunetix, Netsparker, Burp Suite vulnerabilities.
Professional, Shodan, Prisma cloud, Wiz,
OpenVAS, Nmap, SQLMap, Nikto, ZAP, Virsec | Lead Security Research Engineer
Faraday, Wireshark, hydra, Ncrack, john
the ripper,Kali Linux, GoPhish etc.
Nov 2021 - Aug 2023
Blue TEAM: Cybereason EDR, Cortex XDR,
Key responsibilities:
Leading Red Team, creating strategy to perform and simulate
Forcepoint DLP, PingSafe, Wiz, Clousek,
Red Teaming using BAS (Breach Attack and Simulations), Security
Cloudflare, Fortify all major AVs.
assessment, Security Research for vulnerabilities, detect and prevent
BAS: Cymulate, SafeBreach, AttackIQ,
attacks on full stack servers.
Caldera, Atomic red etc.
Writing rules to feed into the Engineer to protect from LOLBIN
Virtualization: VMWare workstation, ESXI,
attacks mapped to MITRE ATT&CK
VirtualBox, Windows Hyper-V, docker,
Research on MITRE TTPs, writing exploits, 0day POC to
AWS, ALI Cloud
demonstrate protection capability and recommendations.
Programming: Python, C, C++, PHP, Evaluate different security tools Antivirus/EDR/XDR with
Shell script automation scripts based on IOCs and behavior.
Analyzing and writing different Payloads for OWASP top 10 attacks

Jan 2024 – Present

Key responsibilities:
Education Background Professional Experience
Paytm | Senior Security Engineer
B. TECH (CSE) UIET KU 2009-13
Aug 2019 - Nov 2021
Scored aggregate 65% in Computer Science Key responsibilities:
and Engineering Critical/Scaled infra (servers and networking devices)
CLASS XII JNV Delhi 2007-08 Vulnerability Assessment/Management with Nessus,
tenable(io/sc), Qualys Public/Private Cloud Penetration Testing
Scored aggregate 65% with PCM and
Computer Science with Metasploit, Canvas, custom exploits, and payloads.
Setup of Malware lab to evaluate/ bypass EDR/XDR tools, threat
CLASS X JNV Delhi 2005-06 hunting setup and configuration of Cortex, Cybereason on
Scored aggregate 82% with all compulsory endpoints and servers. Red Teaming with sophisticated attack
subjects. techniques along with shodan, censys etc.
VA/PT, SAST/DAST Web and Mobile Apps (IOS/Android)
applications for PCI- DSS compliance Audits (internal/external)
Automation of VA/VM integration with JIRA tickets, DAST tools, DLP
Hobbies and POC of exploits
• Creating vulnerable machines for CTF:
Some are hosted on VulnHub Vayam Technologies Ltd | Security Researcher
(https://www.vulnhub.com/author/ajayverma,59 Jun 2016 - Jul 2019
8/) as Matrix and Unknowndevice64 Series.
Client: MOD (Ministry of Defence)
• Creating video tutorials based on Red
Teaming tools/tactics troubleshooting: Key responsibilities:
Creating Sophisticated Red Teaming strategies and
Some are hosted on my video channel
execution Penetration Testing/Auditing large and
http://vdo.ud64.com/
complex infrastructure (network/devices & servers)
• Writing technical blogs and tools:
ICS/SCADA and IoT Programming for Malware, reverse shell,
I. Blog for Red teaming tools/techniques-
C&C server etc. for POC in a controlled environment.
https://mrleet.com
Setting up Infra for Red/Blue Team Security drills/exercises,
II. Several Tools- https://ud64.com Creating vulnerable VM's and monitoring tools.
Analyzing and proposing solution for Network/system-based
Security threads and exploiting techniques
Automation for threat detection/malware analysis (static and
dynamic) with FireEye and other tools.
Encountering and providing training to mitigate
sophisticated spear phishing attacks with live POC.

Caremytrip And Group | Security Engineer

Aug 2013–Dec 2015
Key responsibilities:
Web Security Assessment with OWASP Top 10 standard
Automated and manual Web VA with Acunetix, Burpsuite
and ZAP VPS, Hosting server and mail server hardening
Red Teaming, security tools and framework
Development Incidents and security alert monitoring
and investigation