Naivedya Pandey — Security Architect | Penetration Tester

naivedya.jpeg

C:\Users\Naivedya>

Role

Security Architect • Penetration Tester • DevSecOps Trainer

About Me

I’m Naivedya Pandey, an accomplished Security Architect, Penetration Tester (Web, API, Mobile, Cloud, Network, Infra), and Security Trainer with 15+ years of professional experience in designing, auditing, and securing digital ecosystems across cloud, web, mobile, API, and network infrastructures.

I specialize in Threat Modeling, Security Architecture Reviews (AWS, Azure, SAP), Penetration Testing, and DevSecOps integration. My work bridges security architecture and real-world offensive testing — identifying risks early, implementing preventive security controls, and improving compliance across the SDLC.

Over the past decade, I’ve collaborated with global enterprises in industries like Airlines, E-Commerce, Retail, Finance, Healthcare, Transport, and Defense, helping them strengthen security maturity, automate vulnerability management, and build scalable DevSecOps pipelines.

As a trainer, architect, and investigator, I’ve conducted 2000+ application security assessments and delivered advanced workshops on DevSecOps, Cloud Security, and Ethical Hacking to engineers, architects, and cyber professionals globally.

My Services

Web PT

Web Application Penetration Testing

OWASP Top 10, SANS 25, SQLi, XSS, CSRF, SSRF, Auth flaws.

Mobile PT

Mobile App Security Testing

Android/iOS, MobSF, Frida, Drozer, QARK.

Cloud PT

Cloud Security & Pentesting

AWS, Azure, GCP, IAM, ScoutSuite, CloudSplaining.

Network PT

Network & Infra Pentesting

Nessus, Nmap, Metasploit, BloodHound.

DevSecOps

DevSecOps Integration

SAST/DAST/SCA in CI/CD, Checkmarx, Snyk, ZAP.

Threat Model

Threat Modeling & Architecture

STRIDE, Microsoft TMT, IriusRisk, SAP, Microservices.

Technical Skills

Domains

Web, Mobile, API, Cloud (AWS, Azure, GCP)

Network & Infrastructure Security

Threat Modeling / Security Architecture

DevSecOps Automation

Secure Code Review (SAST, DAST, IAST)

Vulnerability Management / Compliance

Incident Response & Forensics

Tools & Technologies

AppSec: Burp, Veracode, Checkmarx, Fortify, ZAP

Network: Nessus, Nmap, Metasploit, OpenVAS

Cloud: ScoutSuite, CloudSplaining, AWS Inspector

DevSecOps: Jenkins, GitHub Actions, Snyk, Prisma

SIEM: QRadar, Splunk, Security Onion

Languages: Python, Java, JavaScript, Bash

Certifications

AWS Certified Solutions Architect – Associate

Microsoft Certified: Azure Fundamentals (AZ-900)

Certified Web Application Security Professional (CWASP)

EC-Council Certified Ethical Hacker (CEH v7.1)

EC-Council Certified Forensic Investigator (CHFI v8)

EC-Council Certified Security Analyst (ECSA)

Checkpoint Certified Security Administrator (CCSA R77)

ITIL Foundation v3

CCNA & CCNA Security

CompTIA Security+, RHCSA

Project Highlights & Achievements

✈️ Airlines — AWS Cloud Migration
Led Threat Modeling & Security Architecture review for 200+ apps. Integrated DevSecOps in SDLC.

🛒 Retail & Wholesale (USA & Europe)
SAST/DAST/API/Mobile/Network PT with Burp, Veracode, Qualys. Built secure GitHub CI/CD.

⛏️ Global Mining Company
Integrated Checkmarx SAST in Azure DevOps. Authored secure coding playbooks.

💳 Finance, Payment, Transport
Led VM for Conduent. Conducted VAPT using Nessus, Metasploit, OpenVAS.

🛰️ Government (DRDO)
Manual web testing per OWASP. Used Burp, Qualys, HP-Fortify.

🏅 Achievements
Recognized at Accenture & Conduent for critical findings. Delivered 100+ enterprise trainings.

Contact Me

C:\Users\Contact>

Get in touch —
naivedya.pandey@gmail.com
naivi24@gmail.com