Looking for a job

ashish upsham

@ashishupsham

Application Security Analyst with expertise in Penetration Testing, SAST, DAST, IAST and secure application environments.

India

Message

What I'm looking for

Seeking a challenging Application Security role focused on Web, Mobile (Android/iOS), and API Security Testing. Experienced in Penetration Testing, SAST, DAST, IAST, SCA, Secure Code Reviews, and Vulnerability Assessments. Passionate about identifying security risks, validating fixes, and helping build secure applications.

I’m a Certified Information Security Professional with 5+ years of experience in Application Security and Penetration Testing across web applications, mobile (Android & iOS), and APIs. I run end-to-end security assessments—Black-Box and Grey-Box Testing, Vulnerability Assessment & Penetration Testing (VAPT), plus secure remediation validation—while helping teams improve their overall security posture.

At Fidelity National Financial and previously at Indusface and qSEAp Infotech, I’ve conducted SAST, DAST, IAST, and SCA integrated into CI/CD pipelines to strengthen software supply chain security. I collaborate closely with development teams to analyze findings, apply OWASP Top 10 mitigations, and ensure fixes are properly implemented and re-tested before release, with hands-on expertise using tools like Burp Suite, MobSF, Frida, Fortify, SonarQube, GitHub Advanced Security, Mend, Snyk, and Contrast Security.

Experience

Work history, roles, and key accomplishments

Current

Security Analyst

Current

Fidelity National Financial

Oct 2023 - Present (2 years 8 months)

Performed penetration testing across web applications, mobile apps (Android & iOS), and APIs to identify security vulnerabilities and misconfigurations. Used SAST, DAST, IAST, and SCA integrated into CI/CD pipelines and re-tested validated remediation before release.

Penetration Testing Web Application Security Mobile Security API Testing SAST DAST IAST SCA

Information Security Analyst

Indusface Pvt Ltd

Nov 2022 - Sep 2023 (10 months)

Conducted black-box and grey-box penetration testing for clients across banking, financial services, healthcare, and e-commerce. Produced risk-focused reports with proof of concept and remediation recommendations, and verified fixes through re-testing while mentoring junior analysts.

Black Box Testing Penetration Testing Remediation Verification Risk Assessment

Information Security Consultant

Qseap Infotech Pvt Ltd

Aug 2020 - Nov 2022 (2 years 3 months)

Performed black-box and grey-box penetration testing for clients in banking, insurance, and e-commerce, including assessments of web, mobile, APIs, and network infrastructure. Assisted with vulnerability exploitation and validation, and delivered technical reports with findings, proof of concept, risk ratings, and remediation guidance.

Black Box Testing Exploitation Validation Vulnerability Reports

Cyber Security Analyst (Trainee)

Pristine Infosolutions

Oct 2019 - May 2020 (7 months)

Completed a 6-month internship in penetration testing, supporting security assessments for small-scale web projects including travel agencies, retail, and jewelry platforms. Assisted in identifying common web vulnerabilities and documenting findings with remediation recommendations, learning end-to-end penetration testing workflows.

Penetration Testing Security Testing Vulnerability Analysis Proof of Concept