Hardik Darji



EXPERIENCE


Security Consultant, Synopsys

Location: Toronto, Ontario June2015-present

Worked on client engagements to provide threat modelling and mitigation controls of various systems. The application types included systems in hybrid cloud environment, on-premises systems and on cloud. The process of threat modelling included gathering list of assets, exiting controls, potential technical risks and mitigation strategies.

Experience with manual and automated code reviews with various platforms and languages such as Java, c# .net, PHP, C++. The automated code reviews include usage of tools such as Fortify, Checkmarx and Coverity. Engagements of such nature also includes giving source code level remediation guidance.

Experience with manual and automated web application penetration testing including experience of DAST tools such as AppScan, Burp.

Experience with designing and deploying AWS architectures for auto scaling systems. Experience with deploying existing applications with lift and shift approach.

Experience with devising incident response strategies and safe-defaults with AWS services such as CloudWatch, Lambda, SNS and AWS Config.

Experience on working with clients with compliance requirements such as HIPPA and PCI DSS.

Experience in strategizing a CICD pipeline with Jenkins with tools such as Checkmarx, Sonarqube, Sonatype. This also includes evaluating logging solutions used by a client and providing best practices for collecting log and develop alerting mechanisms as part of their overall incident response plan.

Experience with communicating results to upper management and to application development teams; Also provided technical assistance on how to reproduce and fix reported vulnerabilities.

Preliminary experience with infrastructure as code tools such as Terraform and CloudFormation.

Research Assistant, NYU

Location: NY, USA January 2015-May 2015

Developing ruby code for The Update Framework (http://theupdateframework.com)

Integrating The Update Framework with ruby gems

Intern, Access Now

Location: New York, NY, June 2014-August 2014

Solutions for large data such as automated data analysis and data mining

Inspected and mitigated security of NYC office and office network.


TECHNICAL SKILLS

Engagements

Tools

Languages

WebApp Penetration Testing

Burp

Java

Security Code Review

Fortify, Checkmarx, Coverity

C#

Threat Modelling

Nessus

Python

CICD Automation

Metasploit

C++

AWS Security Review

AppScan

JavaScript


EDUCATION

New York University Polytechnic School of Engineering, Brooklyn, NY, USA

Master of Science, Cyber Security, May 2015

Gujarat Technological University, Gujarat,India

Bachelor of Engineering, Computer Engineering, May 2013


Certifications

AWS Certified Security - Specialty (Validation Number 72QRM0L21MB1QZ5D)

AWS Certified Solutions Architect - Associate (Validation Number N1RPGL1KD1B4QGCM)