Genubhau Wayal
@genubhauwayal
Sr. Application Security Engineer | VAPT | Penetration Testing | Web Application Security | API Security | Mobile AppSec | CISM | CompTIA Pentest+
IndiaWhat I'm looking for
I’m a Senior Penetration Tester and Application Security Engineer with 7+ years delivering offensive security operations across BFSI, Government, and FinTech platforms. I execute 100+ penetration tests across web, mobile (Android & iOS), API, and infrastructure, consistently uncovering critical issues like auth bypass, business-logic flaws, and OWASP Top 10 findings before production exposure.
In regulated environments, I’ve delivered VAPT that directly supports RBI and PCI-DSS expectations, with reporting lines to CISOs and CTOs. At FNF India, I manage end-to-end retest cycles, validate vulnerabilities with CVSS scoring, and keep Azure DevOps (ADO) tickets traceable through Secure SDLC cycles and formal retest sign-offs.
I also strengthen teams and outcomes—building a proprietary False Positive Pattern Library using Fortify SCA to reduce noise by 40% and cut analyst review time by 2 hours. Earlier at Deloitte Touché Tohmatsu India, I led RBI/PCI-DSS audit readiness, trained 15+ engineers, mentored a team of 5, and helped clients sequence remediation using risk and business-impact context.
Experience
Work history, roles, and key accomplishments
Senior Cyber Security Engineer
FNF India Pvt Ltd
Jan 2023 - Present (3 years 5 months)
Executed black-, grey-, and white-box penetration tests across web, API, mobile (Android/iOS), and thick clients, uncovering OWASP Top 10/ASVS issues such as auth bypass and IDOR before production. Identified 30+ vulnerabilities (8+ critical), drove end-to-end retest closure within SLA windows, and reduced Fortify SCA false positives by 40%.
Assistant Manager
Deloitte Touche Tohmatsu India
Feb 2021 - Jan 2023 (1 year 11 months)
Led VAPT for 5+ BFSI clients across web, mobile, APIs, and network infrastructure to meet RBI and PCI-DSS audit standards. Served as client-facing security lead, achieving zero audit objections by presenting remediation evidence, and mentored 5 junior analysts to cut delivery time by 20%.
Information Security Consultant
Qseap Infotech Pvt Ltd
Sep 2018 - Feb 2021 (2 years 5 months)
Completed 40+ web application security assessments aligned to OWASP Top 10, identifying SQLi, XSS, CSRF, and privilege escalation issues and creating PoCs to enable emergency remediation. Performed Android/iOS mobile security testing (static + dynamic) and Fortify SCA code reviews, and coordinated vulnerability scans and PCI-DSS (CDE) compliance activities with remediation reporting.
Education
Degrees, certifications, and relevant coursework
Ramrao Adik Institute of Technology
Bachelor of Engineering, Electronics & Telecommunication
Completed a B.E. in Electronics & Telecommunication at Ramrao Adik Institute of Technology under Mumbai University.
Availability
Location
IndiaAuthorized to work in
Salary expectations
Social media
Skills
Interested in hiring Genubhau?
You can contact Genubhau and 90k+ other talented remote workers on Himalayas.
Message GenubhauFind your dream job
Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!
