BHAVKARAN SINGH CHAHAL
- Senior Security Engineer with experience in Information Security, specialized in Penetration Testing (APIs, Web & Network), Offensive Security (red team activities) and Vulnerability Management.
- Strong knowledge of security frameworks and standards such as MITRE, NIST and ISO 27001.
- Proficient in conducting thorough vulnerability assessments, penetration testing, and security audits.
- An author of ReconSpider an Open-Source Intelligence (OSINT) security tool on GitHub.
Networking: Storage Networks, Network Security, Server Networks, IP Protocols, LAN/WAN Switching, Troubleshooting.
Security Assessment: SAST, DAST, VAPT, Open-Source Analysis, OWASP top 10, Mitre Att&ck Framework, SANS top 25.
Operating Systems: Ubuntu, CentOS, Kali Linux, MacOS, Windows Servers.
Cloud/DevOps technologies: Docker, CI /CD, Azure, Web Server, AWS Cloud, Python, Bash.
Security & Testing tools: Snyk, BloodHound, Veracode, Burp Suite, Tenable.io, Nmap, gobuster, ExtraHop, Metasploit, OWASP ZAP, Netsparker, Postman, Wireshark etc.
CERTIFICATIONS & TRAININGS
API Penetration Testing - APISEC University - Aug 2023
Rasta - Pro Labs - Hack The Box - Jan 2023
Offensive Security Certified Professional (OSCP) - December 2022
Dante - Pro Labs - Hack The Box - Sep 2022
Cyber Security Essentials - Cisco - Jun 2021
Unix Badge - Pentester Lab - Apr 2020
Learn HTML - Codecademy - Oct 2018
Applied CS with Android - Google - Sept 2017
AFCEH 9.0 - Talent Edge Bangalore - Oct 2015
Senior Security Engineer - Manulife, Toronto, Ontario, Canada - Aug 2023 - Present
- Conduct security assessments to discover weaknesses in digital infrastructure.
- Participating in red team exercises to simulate real-world cyber attacks.
- Performing code reviews to evaluate application security and potential risks.
- Simulate cyber-attacks to evaluate security measures and defenses.
- Maintain up-to-date knowledge of the latest security threats and tools.
Senior Security Analyst - Gore Mutual Insurance, Ontario, Canada - July 2022 - July 2023
- Ensuring patch compliance for all systems and applications.
- Implementing and maintaining vulnerability management processes.
- Conducting red team activities to identify and mitigate potential security threats.
- Continuously monitor and evaluate the effectiveness of security measures
- Focusing on web-application security to protect against cyber-attacks.
Application Security Analyst - Gore Mutual Insurance, Ontario, Canada - Aug 2021 - July 2022
- Conducting source code reviews using Veracode and Snyk, triaging and reporting vulnerabilities, guiding developers with vulnerability remediation.
- Performing automated and manual vulnerability assessments and penetration tests on web applications, networks and infrastructure.
- Conducting focused research on newly identified threats and vulnerabilities.
- Providing recommendations on system patching, hardening of web application and servers to mitigate potential risks.
Application Security Tester - Saluber MD LLC., Remote - Aug 2020 - July 2021
- Hands-on experience in securing applications and software systems.
- Proven ability to develop and implement security policies, procedures, and best practices.
- Familiarity with security testing tools, such as Burp Suite and Nessus.
- Knowledge of web application security vulnerabilities, including OWASP Top 10.
- Thorough understanding of security protocols, encryption algorithms, and firewalls.
Network and Cyber Security Analyst - EH1 Infotech, Mohali, India - Jan 2019 - Oct 2019
- Responsible for monitoring and debugging network connectivity issues using Wireshark for packet analysis.
- Analyzed Security of an IT development firm, tested the vulnerabilities, securing the site from threats.
- Configured Microsoft Windows servers, setup and deployed domain controllers, VMs & Active Directory.
- Performed VAPT and provided recommendations to management on Security implementation.
Security Consultant Intern - Supive Technologies Chandigarh, India - Jun 2018 - Dec 2018
- Implemented best practices of securing the overall web-applications.
- Responsible for securing the web applications of an online business module.
- Performing vulnerability assessment and penetration testing on projects.
Founder and Leader - Security and Research Community - SECARMY - Feb 2019 - Jan 2020
- Organizing Capture-The-Flag (CTF) competitions.
- Writing security concerning blogs and posts.
- Making podcasts with security researchers around the world.
- Broadcasting cyber security-related conferences & webinars.
Volunteer Team Leader - Intersquad Cyber Intelligence New Delhi, India - Mar 2018 - Apr 2018
- Worked remotely in the Security Team of Inter Squad Cyber Intelligence.
- Tested web-applications and reported various bugs/vulnerabilities.
- Organized a hackathon based on cybersecurity for attendees.
- Supervise the whole conference as a team manager.
Attestation of College Studies in Computer Science and Software Testing - 2020 - 2021
Matrix College of Management Technology and Healthcare Inc - Montreal, QC
- Major in Computer Science; Minors in Software Testing
- Cumulative GPA: 4.0/4.0; (Top 10% of class)
- Relevant Coursework: Software Development; Operating Systems; Algorithms
Computer Engineering, Computer Science (Verified by WES) - 2015 - 2018
Chandigarh University - Punjab, India
The Tribune Newspaper - WanaCry Ransomware Research
Covered in news article on The Tribune Newspaper for spreading awareness regarding removal of WannaCry ransomware and protecting personal files by creating a system restore point.
National Cyber Security Center - Reported bug in Netherlands Government Website
Bugcrowd - Hall of Fame - Reported bugs in Companies like Dell, Sophos, DarkMatter etc.
Recon Spider - Open Source Intelligence Framework (GPL-3.0 License)
Recon Spider is most Advanced OSINT Framework for scanning IP Address, Emails, Websites, Organizations and find out information from different sources available on the internet about the target.