Scribd
Upload
16 views3 pages

Resume

Kiran Parmar is a cybersecurity professional with over 2.8 years of experience specializing in vulnerability assessment, penetration testing, and security audits for the banking and financial sectors. They have conducted various audits, led security initiatives, and trained colleagues in cybersecurity best practices, while also aiming to transition into Red Teaming. Kiran holds a B.Sc.IT in Cyber Security and has completed multiple certifications, showcasing a strong foundation in cybersecurity principles and practical skills.

Uploaded by

fateh yadav
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
16 views3 pages

Resume

Kiran Parmar is a cybersecurity professional with over 2.8 years of experience specializing in vulnerability assessment, penetration testing, and security audits for the banking and financial sectors. They have conducted various audits, led security initiatives, and trained colleagues in cybersecurity best practices, while also aiming to transition into Red Teaming. Kiran holds a B.Sc.IT in Cyber Security and has completed multiple certifications, showcasing a strong foundation in cybersecurity principles and practical skills.

Uploaded by

fateh yadav
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Lakhani, Gujrat

KIRAN PARMAR +91 9313011141


[email protected]
https://www.linkedin.com/in/kiran-parmar-baa087310/

PROFESSIONAL SUMMARY
Cybersecurity professional with 2.8+ years of experience in the Information Security industry, specializing
in Vulnerability Assessment, Penetration Testing, and Security Audits, including Data Migration, SAR, AUA-
KUA, and VICS (NABARD) audits for banking and financial sector clients. Skilled in conducting Web/Mobile
Application VAPT, Source Code Review, CSRF, and Infrastructure Penetration Testing. Possesses knowledge
in OSINT investigations and threat analysis. Proven ability to enhance security posture, protect data,
ensure compliance with regulatory standards, and now aiming to transition into Red Teaming to conduct
more in-depth manual tests and strengthen organizational defenses against cyber threats.

EXPERIENCE
Cyber Security Associate | NG TechAssurance Private Limited
January 2025 Present

 Lead the Information Security Audits of various organizations and aided in patching the security gaps to
fortify the security of the organization and ensure compliance to regulatory requirements.
 Performed Vulnerability Assessment and Penetration Testing on various APIs, Android, and iOS mobile
applications using industry standards such as OWASP.
 Conducted an audit for a leading Mutual Fund Distributor (MFD) in compliance with SEBI's Cybersecurity
and Cyber Resilience Framework (CSCRF).

Senior Process Associate | NG TechAssurance Private Limited


March, 2024 – December, 2024

 Conducted AePS audits to ensure compliance with UIDAI regulations.


 Led Information Security Audits to address vulnerabilities and enhance security across various
organizations.
 Performed Vulnerability Assessment and Penetration Testing (VAPT) on web, API, and mobile
applications using OWASP standards.
 Reviewed source code using SAST tools like Semgrep and SonarCloud to identify and mitigate risks.
 Conducted network VAPT with tools such as Nessus, Nmap, Metasploit, and Burp Suite, presenting
findings to stakeholders.
 Secured server configurations for Windows and Linux systems using CIS Benchmarks.
 Trained colleagues in Web Application VAPT and Information Security Audits.

Process Associate | NG TechAssurance Private Limited


January, 2023 – February, 2024
 Proficient in Vulnerability Assessment & Penetration Testing (VAPT), vulnerability management, and
ISO 27001:2013 risk assessments.
 Skilled in technical audits, data protection, and client training.
 Extensive experience in audit closure, vendor management, and data analytics.
 Strong in solution evaluation, risk mitigation, and leading management discussions to drive effective
security strategies.
Cyber Security Intern | CyberRakshak.org
August, 2023 – March, 2024
 Gained hands-on experience in Cyber Safety, Web Security, and Cyber Investigation.
 Skilled in secure coding, vulnerability management, and web application protection.
 Conducted Cyber Crime and Forensic Investigations using CSI Linux and OSINT tools like Maltego and
Vortimo.
 Experienced in Data Acquisition and Digital Forensics with tools like Magnet, FTK, and Wireshark.
 Performed advanced investigations, including VOIP analysis, RDP forensics, and Dark Web research.

EDUCATION
B.Sc.IT (Cyber Security) | Ganpat University
2020 – 2023
Graduated with a focus on cybersecurity principles, including risk management, network security, and
ethical hacking, equipping me with a strong foundation for tackling contemporary security challenges.

Intermediate | IMJ SARVA VIDHYALAYA BALOL


2018 – 2020
Completed 12th grade in Arts from IMJ Sarva Vidhyalaya Balol, gaining foundational knowledge in various
subjects and developing critical thinking and analytical skills.

PROJECT
COLLEGE PROJECT: WEB APPLICATION VULNERABILITY ASSESSMENT & MITIGATION
Conducted a comprehensive Vulnerability Assessment and Penetration Testing (VAPT) on a web
application, identifying key vulnerabilities such as XSS, SQL injection, and misconfigurations. Developed
and presented mitigation strategies to enhance security, ensuring the application was secure against
potential threats.
SOCIAL MEDIA BANNING BOT
Developed a system for mass reporting and banning fraudulent accounts on social media platforms like
Instagram and WhatsApp. Automated the detection of suspicious activities and streamlined the reporting
process to ensure timely account bans, enhancing platform security and reducing fraudulent behaviour.

LANGUAGE
 Gujrati  Hindi  English

SKILLS
 Vulnerability Assessment  Technical System Auditing  Cyber Security Resilience
 Penetration Testing  Network Security Framework (CSRF-RBI &
 System Hardening  Gap Assessment NABARD)
 GRC  Cyber Security Awareness  ISO 27001 – ISMS

ACTIVITIES/ACHIVEMENTS
I have successfully conducted over 500+ Cyber Security Awareness Training sessions across various
financial institutions and banks, engaging groups ranging from 5 to 150 employees. These sessions focus
on educating staff on cybersecurity best practices, empowering them to identify and mitigate potential
threats, and fostering a security-conscious workforce.
Programme on IS & VAPT Audit in RCBs | NABARD BIRD (Bankers Institute of Rural Development)
I provided a two-day training session at BIRD (Bankers Institute of Rural Development) on Information
System Audit in banks. The session covered key topics, including the significance of IS audits, regulatory
guidelines, audit preparation and compliance, IT general controls (such as access controls, change
management, and patch management), vendor management, SLAs, and NDAs, as well as Vulnerability
Assessment & Penetration Testing (VAPT). The goal of the training was to equip participants with a solid
understanding of security controls and ensure they can effectively meet regulatory and compliance
requirements.

Use of IT in Fisheries | NATIONAL COOPERATIVE DEVELOPMENT CORPORATION


Conducted training at LINAC-NCDC LIFIC under PMMSY, covering cooperatives, fisheries enterprises,
regulations, project planning, marketing, and business development, enhancing the skills of entrepreneurs
and fish farmers.

CTF Challenges & Solutions:


Continuously building expertise in Windows OS, Linux OS, Networks, Cloud, and Web Applications through
platforms like TryHackMe (Top 5%, numerous badges), HackTheBox Academy, PortSwigger Academy, and
various cybersecurity courses. Actively participate in CTF competitions, work with VulnHub machines, and
explore advanced security concepts using the Tor Browser.

TOOLS
 Nmap  Metasploit  Wireshark
 Nessus  Burp Suite  Autopsy
 OWASP ZAP  Nikto  Acunetix
 Maltego  SQLmap  Hydra
 Ffuf  Httpx  Amass

CERTIFICATION
Professional certificates and badges: Certificates/badges from various online
platforms:
eJPTv2 ( Junior Penetration Tester )| INE
Jr Penetration Tester | TryHackMe
Certified Appsec Practitioner (CAP) | The SecOps
Group Windows & Linux Privilege-Escalation | TCM
Security
Cyber Rakshak Internship | CyberRakshak.org
Metasploit Pentesting using Kali Linux |
Network Penetration Tester | Techonquer Private Codered Ec- Council
Limited

You might also like