Narendra Palla

I am a dedicated Security Engineer with over 7.5 years of experience focused on Vulnerability Assessment and Penetration Testing (VAPT). My expertise spans Web, Mobile, and API security, driven by a strong commitment to integrating security into development workflows. I excel in identifying vulnerabilities and collaborating with development teams to implement effective security measures while maintaining alignment with business goals

• Assessed comprehensive application security assessments across Web, Mobile, API, and Code Review domains,
• proactively identifying vulnerabilities and developing effective remediation strategies.
• Successfully integrated security into the CI/CD pipeline by implementing release security testing during every
• sprint cycle, ensuring application releases met security standards before deployment.
• Advised expert security guidance to application teams during refinement calls and sprint planning, ensuring
• vulnerability addressing aligns security goals with business objectives.
• Led Software Composition Analysis (SCA) using Nexus IQ to detect and facilitate timely remediation for vulnerabilities in open-source software (OSS) components.
• Performed Dynamic Application Security Testing (DAST) using WebInspect and AppScan to identify runtime vulnerabilities, ensuring compliance with security best practices.
• Delivered advanced Code Review using Checkmarx, Klockwork, and Semgrep, supplementing manual techniques to proactively identify and improve code security across projects.
• Secured REST and SOAP APIs by identifying critical vulnerabilities such as authentication flaws, improper access controls, and insecure data exposure.
• Executed detailed security assessments on Android applications using MobSF, Frida, and Jadx, focusing on insecure storage, API communications, and vulnerabilities within APK files.
• Specialized in iOS security testing with NowSecure and Frida, analyzing app permissions, binary protections, and insecure data storage to mitigate potential mobile threats.
• Leveraged Nmap and Nessus for robust network security monitoring, performing vulnerability assessments, identifying open ports, and detecting running services.
• Applied deep technical expertise in Binary Analysis, Header Analysis, File and folder permissions, and PE security checks to ensure system integrity and hardening.

B.Tech in Electrical & Electronics Engineering (2014–2017)
Annamacharya Institute of Technology & Science — Graduated with 69.73%.