SUMMARY:

• A seasoned software security engineer and an architect with nearly 10 years of career reflecting strong application security management with hands - on experience in security source code reviews, penetration testing, vulnerability assessments, design reviews, architecture reviews etc.
• Perform application security consulting across Security Software Development Lifecycle
• Drives security requirements through designing and building prototypes, proofs of concept, ensuring architecture sign offs, delivering design documents and standards, and creating user stories
• Implemented Security into CI CD process, while ensuring multiple global teams follow security standard framework
• Implemented OpenSAMM standards to our waterfall and agile development methodologies
• Developed and executed multiple application security roadmaps that align with technical and business risk, including identifying threats and potential areas for abuse in applications, specifying solutions, verifying through testing, and determining the necessary level of architecture activity.
• Experienced in application technology security testing (white box, black box and code review)
• Implemented and managing Free and Open Source (FOSS) vulnerability management program
• Proficient at handling Information Security Compliance Programs, IS Security and Control Strategies, Security Product and Service Evaluations, IS/AS Security Best Practices and Security Business Case Analysis.
• Detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security.
• Created and maintaining “Security Champions” for each product area.
• Assist in the development & creation of risk assessments to drive direction, decisions and remediation.
• Continuously assess the current state of security to recommend life cycle of security technologies.
• Assist in defining the exception processes and making exception decisions.
• Create and maintain enterprise security policies and standards applicable to all technologies in the portfolio and all business users across the organization.
• Gained hands on experience in working across Banking, Pharmaceuticals, Entertainment, Law Enforcement, Satellite, Manufacturing, Information Technology, ISV, Telecommunications, BPO Units, Airways and Shipping industry.
• Assist various stakeholders in assessing security threats, identifying and tailoring security requirements and integrating security controls into the Product / Software Development Lifecycle (SDLC).
• Thrives in fast-paced environment, readily adapting to evolving business and technology challenges.
• Ruby on Rails, Node.js, C#, IOS, Android, C++, Java, ASP.Net, Mainframes, Apex and IV Generation Configurations/Java Scripts.

COMPETENCY MATRIX:

• Application Security
• Secure Code Review
• Cloud Computing- Security
• Mobile Application Security
• PCI DSS Compliance
• Secure SDLC Management Gap Analysis
• Penetration Testing
• Social Engineering Crisis Management
• Cyber Security Analysis
• Technical Advocate Security Products Development & Testing
• Solutions Architecting
• Team Management

TECHNOLOGY STACK:

Cloud: AWS (EC2, AWS S3, AWS SAS, AWS SNS) & AZURE

Scripting: JQuery, Ext JS, Angular JS, Node JS

BigData: MongoDB, Core Hadoop, MapReduce v1/v2, HDFS(Cloudera), Apache Spark, Hive, Impala, Kafka & Sqoop

Technologies: J2EE (JSP, Web Services, Core Java, Servlets and XML.

Languages: C, C++, Java, .Net, Ruby on Rails, SWIFT, Android, and Apex

Security: TLS SSL Encryption, Kerberos, Digital Certificates, SAML, Oauth 1.0a, Oauth 2 & Basic Auth

Enterprise Integration: Kafka, API Services, Microservices, Rest Services, Web Services, JMS, MQ, EJB, FTP, JMS, Adapters, JSON & XML

SECURITY TOOLS:

• Qualys Guard
• Tenable Vulnerability Management
• Shadow Security Scanner
• IBM Rational Appscan (Standard, Enterprise & Source Editions)
• Acunetix WVS Enterprise
• HP Web Inspect
• Veracode
• Cigital Secure Assist
• Web Scarab
• Tamper IE
• Achillies
• Retina Network Security Scanner
• Flash DisAssembler(Action Script for Web Environment)
• Metasploit Framework
• CoreImpact
• Sand Cat
• Fortify SCA & TeamMentor
• Microsoft URL Scan
• Nessuss
• IEWebscarab
• Infiltrator
• WS Fuzzer (WSDL)
• Nmap N7
• Cenzic Hailstorm
• NTO Spider
• Shadow Security Scanner
• WS Digger
• Web Service Studio
• Parasoft SOA (Security Testing - API & WIPT)
• WebCruiser Enterprise

EMPLOYMENT SCAN:

Confidential

Responsibilities:

• Executing periodic penetration testing, source code reviews, API penetration testing & Internal Bug hunting programs
• Perform manual and automated code reviews using Veracode and IBM Rational appscan
• Partnered with developers, administrators, and engineers to ensure secure design, development and implementation of applications.
• Performing Architecture Risk Analysis of applications to identify deficiencies and provide practical solutions.
• Leading and mentoring developers to write secure software through activities like defensive programming techniques, usage of security frameworks, and performing threat modeling.
• Documenting technical reports as needed to communicate security issues to senior leadership.
• Evaluating new application security solutions to provide strategic recommendations in alignment with the technology roadmap.
• Maintain Free and Open Source Security ( FOSS) Program
• Maintaining application security tools and services to ensure quality within Software Security Development Lifecycle.
• Managing vulnerability discovery and remediation efforts from sources like static, dynamic, and crowd-sourced web application testing technologies and report on the success.
• Performing targeted penetration testing against misuse/ abuse cases for emerging applications and APIs.
• Enabled automated security testing at scale to measure vulnerability and report on risk across Sage applications.
• Collaborated with internal stakeholders on addressing systemic security issues.
• Responsible for software security across products (Cloud, Mobile, IoT and On Premise Products)
• Perform application security assessments and remediation activities as part of the application security program and ensures application teams adhere to the SSDLC Framework.
• Guide and performs security activities including vulnerability testing and analysis, code review, static and dynamic code testing, ethical hacking and business logic exploit testing.
• Make recommendations on toolset modifications and improvements, improvements on development processes and production application security support
• Evangelizes application security program fundamentals, tools, processes and acts as a consultative partner with Global IT and Business teams.
• Participate as a key member for security incident response activities.
• Ensures teams are validating for Confidential and performing industry leading application security practices.

Confidential

Responsibilities:

• Responsible for Threat Modeling, Secure Code Review, Risk Analysis, Design and/or Architecture Reviews, Penetration Testing and SOC Maintenance
• Participate in the secure SDLC from planning and requirements gathering to release and maintenance
• Contribute to the design, development, and enforcement of application security controls, policies, and procedures
• Help design secure application architectures and apply secure design principles
• Perform application vulnerability assessments
• Analyze, assess, and respond to various security threats rain developers in secure coding practices
• Design AWS WAF Confidential and apply them appropriately
• Automate AWS GuardDuty reporting
• Configure AWS load balancers
• Audit AWS environment for proper security group design