Summary
Overview
Work History
Education
Skills
Certification
Timeline
Security Tools
Generic

Kalyan Manyam

Principal Security Engineer - CDC
Hyderabad

Summary

Dynamic cybersecurity professional with over 10 years of experience specializing in offensive security, penetration testing, and Red Team operations. Expertise in conducting comprehensive security assessments across web, infrastructure, and mobile platforms, utilizing both automated tools and manual techniques to identify vulnerabilities. Proven track record of leading successful Red Team initiatives, enhancing DevSecOps processes, ensuring PCI DSS compliance, and effectively addressing OWASP Top 10 risks. Exceptional communication skills facilitate the translation of complex security risks into actionable insights for technical and business stakeholders.

Overview

14
14
years of professional experience
2
2
Certificates

Work History

Principal Security Engineer – Cyber Defense Center

Cloud4C Services Pvt Ltd (CtrlS Data Centers)
02.2024 - 01.2025
  • Led Red Team operations, executing adversary simulations and penetration testing.
  • Conducted SAP security assessments covering authorization flaws, insecure configurations, RFC vulnerabilities, and data exposure risks, identifying critical weaknesses that impact production systems.
  • Executed enterprise vulnerability management using Tenable/Nessus, scanning 200+ servers and applications, supporting PCI DSS compliance assessments, and remediation tracking.
  • Performed web and API penetration testing using Burp Suite Pro, Nmap, and manual exploitation techniques, identifying vulnerabilities, including SQL Injection, IDOR, authentication bypass, and business logic flaws.
  • Collaborated with DevOps and infrastructure teams to remediate vulnerabilities and improve secure configuration baselines, reducing high-risk security findings across enterprise systems.

Senior Application Security Engineer

Feuji Software Solutions Pvt Ltd
02.2023 - 02.2024
  • Conducted Dynamic Application Security Testing (DAST) using Burp Suite Pro, performing manual and automated testing of web and mobile applications, identifying vulnerabilities including IDOR, authentication bypass, XSS, CSRF, and business logic flaws.
  • Executed API security testing using Burp Suite, Postman, and manual request manipulation, identifying issues such as broken authentication, excessive data exposure, and insecure direct object references, aligned with OWASP API Top 10.
  • Collaborated with development teams during sprint cycles to review vulnerable code, implement secure coding fixes, and validate remediation through retesting.
  • Provided secure coding guidance to developers, focusing on input validation, authentication controls, secure session management, and cryptographic best practices.
  • • Developed detailed vulnerability reports, including technical root cause, exploit proof-of-concept, and remediation recommendations.
  • • Delivered security awareness sessions and developer training workshops on OWASP Top 10 vulnerabilities, and secure coding practices.

Security Consultant

Capgemini Technology Services Ltd
06.2020 - 02.2023
  • Performed application security assessments and penetration testing aligned with the OWASP Top 10 and the OWASP Testing Guide, evaluating web applications and APIs for vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), authentication bypass, insecure session management, and business logic flaws.
  • Conducted SAST and DAST security testing using IBM AppScan, WebInspect, and Fortify, identifying vulnerabilities in enterprise applications, and prioritizing risks based on CVSS severity and exploitability.
  • Executed manual verification and vulnerability validation, eliminating false positives from automated scans, and confirming real security risks through request manipulation, parameter tampering, and authentication testing.
  • Developed detailed security assessment reports including technical root cause analysis, exploit proof-of-concepts, business impact evaluation, and prioritized remediation recommendations.•
  • Collaborated with development teams during remediation cycles, providing secure coding guidance and validating fixes through retesting and follow-up security scans.•
  • Delivered secure coding workshops for development teams, covering topics such as input validation, authentication and authorization controls, secure session management, and cryptographic best practices.•

Security Consultant

Wipro Ltd (Tech Talento Contract)
07.2018 - 12.2018
  • Conducted Dynamic Application Security Testing (DAST) using Burp Suite and automated scanners, testing web applications and APIs for vulnerabilities such as Cross-Site Scripting (XSS), CSRF, authentication bypass, and insecure session management.
  • Executed manual penetration testing techniques, including request manipulation, parameter tampering, and authentication testing, to validate vulnerabilities beyond automated scan results.
  • Identified critical security vulnerabilities across energy and utility sector applications, prioritizing risks based on CVSS scoring, exploitability, and potential business impact.
  • Performed false positive analysis and vulnerability validation, ensuring that only exploitable findings were reported to the development and security teams.

Security Engineer – Security Practice

Computer Sciences Corporation (CSC)
06.2011 - 06.2016
  • Performed application security assessments and penetration testing across multiple enterprise web applications, following OWASP Top 10 testing methodologies.
  • Conducted security test planning and execution, defining test scope, attack scenarios, and validation steps for web application and API security assessments.
  • Utilized HP Fortify (SAST) to perform static code analysis, identifying vulnerabilities such as SQL Injection, insecure cryptographic usage, improper error handling, and insecure input validation.

Education

Master of Computer Applications -

Sri Venkateswara University
Tirupati, India
01-2010

Bachelor of Science -

Sri Venkateswara University
Tirupati, India
01-2007

Skills

Web Application Penetration Testing

Red Team Operations & Threat Simulation

Infrastructure Security & Network VA

API Security Assessment

Secure SDLC / DevSecOps Integration

SAST & DAST (Checkmarx, Fortify, SonarQube)

PCI DSS Compliance & Tenable Scan Integration

Vulnerability Assessment & Management

Security Test Planning & Execution

Executive Reporting & Documentation

OWASP Top 10 & API Top 10

Certification

Certified Ethical Hacker(C|EH) - ECC985492

Timeline

Principal Security Engineer – Cyber Defense Center

Cloud4C Services Pvt Ltd (CtrlS Data Centers)
02.2024 - 01.2025

Senior Application Security Engineer

Feuji Software Solutions Pvt Ltd
02.2023 - 02.2024

Security Consultant

Capgemini Technology Services Ltd
06.2020 - 02.2023

Security Consultant

Wipro Ltd (Tech Talento Contract)
07.2018 - 12.2018

Security Engineer – Security Practice

Computer Sciences Corporation (CSC)
06.2011 - 06.2016

Master of Computer Applications -

Sri Venkateswara University

Bachelor of Science -

Sri Venkateswara University

Security Tools

Burp Suite Pro, IBM AppScan, Checkmarx,  SonarQube, WebInspect, Microfocus Fortify, Acunetix,
Nessus, Nmap, Metasploit, POSTMAN, Tenable, Qualys

Similar Profiles

  • Omer AhmedOmer Ahmed

    Cyber Security Consultant at New Solutions KSACyber Security Consultant at New Solutions KSA

  • Shardul BorkarShardul Borkar

    Assistant Manager at Deloitte Touche Tohmatsu India LLPAssistant Manager at Deloitte Touche Tohmatsu India LLP

  • ABHIJEET SAMALABHIJEET SAMAL

    Cyber Security Engineer at Allied Boston Consultants India Pvt. LtdCyber Security Engineer at Allied Boston Consultants India Pvt. Ltd

  • Aadarsh VermaAadarsh Verma

    Cyber Security Engineer at Climate-ETC Technologies Private Limited.Cyber Security Engineer at Climate-ETC Technologies Private Limited.

CREATE PROFILE
Kalyan ManyamPrincipal Security Engineer - CDC