Viksha A

Cybersecurity professional with 2+ years of experience in Vulnerability Assessment and Penetration Testing (VAPT) across web, mobile, APIs, infrastructure, and source code review. Proven track record of identifying critical vulnerabilities (including biometric bypass in banking and PII exposures impacting ~9.8M records) and delivering remediation-focused security reports.

Skilled in application security testing, API assessments, mobile app security, mainframe security, and cloud (Azure, Kubernetes, Rancher) with hands-on expertise in BurpSuite, Nessus, Metasploit, MobSF, SonarQube, Checkmarx, and Python scripting. Strong background in secure code review (Java, C, C++, Python), configuration reviews, and aligning findings with OWASP Top 10, SANS 25, and MITRE ATT&CK.

Certified in CRTP, CMPen (Android/iOS), CAP, and CEH v12 with recognition for excellence (KPMG Kudos Award). Adept at working with stakeholders, mentoring peers, and driving improvements in enterprise security posture. Driven by continuous learning, I’m seeking penetration testing opportunities where I can perform comprehensive security assessments, deliver actionable remediation, and help organizations improve their security posture. Let’s connect!

Associate Consultant

KPMG Assurance and Consulting Services LLP

Conducted comprehensive penetration testing for Web Applications, Mobile Applications, API Security Testing,Infrastructure VAPT, Secure Code Review, Mainframe Security Testing and Configuration evaluations spanning AzureAI servers, network devices, switches, and firewalls.

•Managed a team to test LLM-based applications and generative AI platforms, focusing on Azure OpenAI.

•End-to-end engagement in penetration testing, including DAST and SAST scanning of web applications.

•Performed thorough source code reviews using both manual and automated tools, identified vulnerabilities, and provided customized remediation reports to application teams.

•Security source code scans and false positive analysis for Java, C, C++, and Python-based applications using tools like SonarQube, Checkmarx, Synk, and Visual Code Grepper.

•Conducted web application, infrastructure, and API security assessments for the Government of India, identifying critical vulnerabilities that compromised personally identifiable information (PII), affecting approximately 9.8 million records nationwide.

•Discovered an average of 5 high-severity issues per asset and provided remediation assistance to secure critical systems.

Cybersecurity Analyst

KPMG Assurance and Consulting Services LLP

•Performed a security audit of mobile, web applications and API security testing for a leading Indian bank’s internet banking platform, identifying a critical vulnerability involving biometric bypass and absence of simcard verification that could lead to transaction fraud.

•Experienced in conducting end-point configuration review in accordance with CIS Benchmark, adeptly documenting security vulnerabilities and recommended configuration to enhance security posture.

•Conducted application security audits for Internet banking, financial, marketing, e-commerce, manufacturing, and public sector applications. Evaluated a third-party share trading interface integrated with the Internet banking application for India's leading banks.

•Experienced in both open source and commercial security assessment tools such as BurpSuite, Metasploit, MobSF,Nessus, Nmap, Hydra, Wireshark, SQLMap, Frida, Postman, Swagger, Insomnia

•Produced detailed reports outlining findings, explained associated risks categorized by OWASP Top 10 / SANS 25,MITRE ATT&CK along with CVSS Score as per Business criticality, and offered recommendations. Assisted developers,application owners, and senior management in implementing the necessary security measures.

Master of Technology [M.Tech] – CSE -Specialization - Cyber Security

PES University( 2022 – 2023 )

Bachelor of Engineering [BE] – CSE

Visvesvaraya Technological University -A.M.C Engineering College( 2017 – 2021 )