Nitav Shah

About Me

I am a Security Engineer at Susquehanna International Group. I completed my Master's Degree in Cybersecurity from the University of Maryland, CP'23. I have experience building efficient software for thousands of users using Python, Go, Javascript and C while working for Syncron which provides a Logistics SaaS solution. I have a good eye for details and a passion for finding vulnerabilities. I tend to excel in solving complex problems. I have hands-on experience in securing network infrastructure using Network and Cloud security tools. I specialize in layered approaches such as Security Engineering, DDoS Protection, HIDS/NIDS, WAF and Proxies, IPS & IDS Systems, and Load Balancers along with knowledge about NIST, ISO, and GDPR compliance frameworks.

Education

Masters of Engineering in Cybersecurity
University of Maryland, College Park
Bachelors of Computer Science and Engineering
Navrachana University
HSC & SSC
St. Kabir School

Technical Skills

Go
Python
SIEM
Burpsuite
C
Vulnerability Assessment
Metasploit
MySQL
Threat Intelligence

Application Security
Git
Javascript
Ghidra
IBM QRadar
AWS
Linux
Penetration Testing
Powershell

Experience

Security Engineer

Susquehanna International Group, July 2023 - Present

Being a part of the Security Monitoring team I handle incident response, manage the SIEM, maintain the health of the infrastructure, help automate the processes to reduce False Positives, research Threat Indicators and keep malicious actors out of the network.

Teaching Assistant

University of Maryland, Jan 2022 - May-2022

Partnered with Professor Nirupam Roy to implement suitable lessons for CMSC417-Computer Networks for 70 students. Holding office hours with students to review materials, answer questions, and provide assistance on assignments. Maintain expertise in subject in order to provide students with current trends and to recommend improvements in curriculum. Collaborated with a team of other TAs to provide a workshop on Socket Programming, Wireshark and to provide frequent and timely feedback to students.

Web Development Head

Developer Student Club, Navrachana University, 2019 - 2020

Responsible for developing and maintenance of the student club website, as well as managing all the event content management on the website that the club organizes. Was able to incorporate direct online ticketing for all events using Google Forms and streamlined the process and increased the reach of events.

Volunteer

Project Codelabs, 2017

Conducted workshop for school students on HTML/ CSS/ Bootstrap.

Graduate IT Assistant

University of Maryland, June 2022 - June 2023

Investigate and manage the network for any compliance lapses and ensure patch management is enforced on all hosts. Triage incoming tickets and provide technical support by resolving the incidents.

Software Development Intern

Syncron, Jul 2020 - Jul 2021

Incorporated scripts using Python and Golang to automate QA Testing and perform Functionality and Load Testing. Utilized AWS Codepipeline to provide a continuous integration service in order to automate the entire process of loading the latest build code and test files, running the tests, and generating a report of the results once per day. Lead the development of a cross-platform Chatbot using Golang and Python Boto3 library to carry out DevOps task on AWS Infrastructure from Microsoft Teams Bot Framework. Adapted the system to solve automation pitfalls by creating a Healthcheck REST API to test the status of all services every 4 hours as a Cron job.

Web Development Intern

Kickstart Solutions LLP, Dec 2017 - Jun 2018

Got familiar with REST API and DOM Manipulations, worked with PHP and Laravel Framework, and was involved with live blogging website project.

Volunteer

Vadodara International Marathon, Aug 2016 - Feb 2018

Coordinated with multiple school and offices to get their students or employees registration and distribution of Marathon Kits to them. Assisted with registration and maintenance of database consisting 70,000 entries for the event.

Projects

CLOUD MIGRATION STRATEGY FOR SCALING, RESILIENCY & SECURITY

AWS, Cloud Security, K8s, Terraform, CASB

Created a cloud migration strategy to ensure 99.999% uptime by using Load Balancers, VPC, CDN, NAT & Firewall. Improved development efficiency by integrating Continuous Integration and Continuous Delivery in SDLC.

SECURE CODE REVIEW OF SMARTSTORE

OWASP, Static Code Analysis, Code Review

Evaluated the Smartstore open-source Git repository and found more than 15 OWASP Top 10 vulnerabilities in Authentication, Cryptography, and Session Management categories. Identified the technical impact of the vulnerabilities and formulated potential mitigations to secure the application.

GO PORT SCANNER

Go, Network Scanning, Socket Programming

Built a concurrent and extremely fast port & host scanner using Go programming language. Go Port Scanner is extremely lightweight and cross platform. I used goroutines to scan multiple ports simulatenously, which resulted in getting atleast 50% faster scan results than Nmap. Go Port Scanner can also parse CIDR IP Address range to check for available hosts by sending them ICMP ping messages.

ADVANCED EXPLOITATION TECHNIQUES FOR X86 ARCHITECTURE

GDB, Assembly

Used problem solving and reverse engineering to find the exploits for 10 binaries with ASLR(Address Space Randomization) turned on. Exploited the vulnerabilities in ASLR using Heap Buffer Overflows and Return Oriented Programming. Created the shellcode and deduced the NOP Slide required to overwrite the return address to point to the heap, text, data or bss regions. Documentation and a write up on the vulnerable Binaries and how to exploit them.

PENETRATION TEST - MASKED DJ

Metasploit, NMap, JohnTheRipper

Conducted a comprehensive security assessment for the IT Environment of a hypothetical Masked DJ Managed a team of 3 to perform Penetration Test and deliver a report to the Masked DJ to harden their system from any existing vulnerabilities. Breached and was able to get persistence on all 4 machine in their infrastructure and retrieve confidential information from their AWS account. Used NMap for reconnaissance, MS17-010 Eternal blue in Metasploit and JohnTheRipper for privilege escalation and Metasploit for Living-Off-the-Land.

MUSIC PLAYER BASED ON REAL TIME FACIAL EXPRESSION USING DEEP LEARNING

CNN, Machine Learning

Built a application that uses real time video stream to from a webcam to recognise the facial expression of a person, then goes on to play the music according to the expression.

CORONAVIRUS DEATH PREDICTION FOR INDIA USING HOLTWINTER & ARIMA

Time Series Analysis, Machine Learning

Performing time series analysis to predict the number of deceased patients due to COVID19 in India.

DSC NUV WEBSITE

HTML, CSS, Javascript, Bootstrap

Developed the official website for Developer Student Clubs at Navrachana University using HTML,CSS, Bootstrap & JS. The website was an extension from the design by the winnner of the Hack The Web competition held at the University.

HOME AUTOMATION USING GOOGLE ASSISTANT

IoT, Google Assistant, Node MCU

Using a NodeMCU and an Electric Relay created a cheap home network of electrical devices that can be controlled using voice commands from Google Assistant over the internet.

CONVO - THE STUDENT FORUM APP

Android, Firebase

Forum designed specially for students in a educational institute to converse. Android App with backend on Firebase. Topics, Trending Post, Likes and Media Upload were the included features.