Adrika Mukherjee

1. Web & API Offensive Security Operations

• Lead Full-Lifecycle Penetration Tests on internal Decathlon web applications and global API endpoints, utilizing Burp Suite Professional and Kali linux to identify critical-risk vulnerabilities.
• Advanced API Security Auditing: Leveraged Postman and Swagger to perform deep-dive assessments on micro services, identifying high-impact Broken Object Level Authorization(BOLA) flaws.

2. Cloud & AI Security Posture Management

• Orchestrated agentless deep-cloud assessments using Wiz (CNAPP) to identify and remediate critical "Toxic Combinations," directly improving the Global Digital Security Posture score.
• Established an AI Security Framework to track weighted adherence to OWASP Top 10 for LLM & ML, ensuring the security health of the enterprise AI estate and improving AI security posture score.
• Optimized Edge Security by leveraging Cloud flare WAF to identify and block evolving malicious payloads, significantly reducing the attack surface of public-facing web applications.
• Designed performance-driven security monitoring in SplunkCloud and PrismaCloud, correlating resource utilization with security events to ensure high availability during peak traffic.

3. DevSecOps & API Orchestration

• "Hardened the Pipe" by implementing strict access controls and identity-based permissions within CI/CD pipelines (Jenkins, GitHub Actions), preventing malicious code injection at the source.
• Automated API Discovery using qAPI’s AI-driven engine, generating codeless test scripts and intelligent "assertions" that helped identify risks and reduce manual testing time.
• Synchronized SAST/DAST integration within the SDLC to drastically reduce false positives and ensure developers focused on high-priority vulnerabilities.
• Maintained regulatory integrity by ensuring all automated pipeline logs met stringent PCI-DSS and SOC2 standards for audit-readiness.

4. Strategic Leadership & Risk Governance

• Directed Security Steering Committees, advising stakeholders on threat mitigation strategies and long-term posture improvements.
• Bridged the technical-business gap by conducting risk assessments and delivering actionable remediation feedback to cross-functional teams (Engineering, Cloud, and Product). Analysed VAPT reports to identify open vulnerabilities in third-party vendor management.
• Managed Global Phishing & Training programs, developing bespoke materials to prevent "human misuse" alerts across multiple international business units.
• Overhauled Incident Response by on boarding third-party vendors and integrating the XMCO platform to consolidate vulnerability monitoring and closing alerts within given SLAs.

• Lead and execute comprehensive security assessments on web applications, API endpoints, and thick client applications, identifying vulnerabilities and providing actionable recommendations for remediation.
• Conduct manual and automated penetration testing, and network scans via Nmap and Tenable.io.
• Working on security assessment tools like Burp Suite Pro, Postman, Kali Linux, Metasploit, msfvenom, Hydra, Process Monitor, Wireshark, etc.
• OWASP Top 10 concepts and implementations.
• Collaborate with development and operations teams to integrate security best practices into the software development life cycle (SDLC), and agile model.
• Maintained up-to-date knowledge of latest developments in information technology and cybersecurity trends. In monthly newsletters broadcast globally.
• Monitored performance metrics to identify areas of improvement.

• Mapped processes to holistically examine business flow and identify improvement opportunities.
• Knowledge about OWASP top 10.
• Running application security testing on Qualys Guard tool, burp suite, webinspect, etc.
• Cybersecurity concepts, TCP/UDP, TLS/SSL protocol, 3 triads of security.
• Decision-making, analytical skills.
• Maintained updated knowledge base on industry trends and best practices.
• Collaborated with IT teams on new tools and technologies.