Bengaluru, Karnataka, India
Security Testing Tools: Evaluated SAST, SCA, Mobile RASP, API Security and other security products for detection accuracy and CI/CD integration, enhancing user experience and bolstering application security. Threat Modeling: Mentored 100+ developers on threat modeling best practices, empowering them to integrate security into the development process independently. Security Software Development: Collaborated with other engineers in the development of 3 security solutions to automate a part of the risk assessment process, improve compliance tracking processes, and detect secrets being pushed to GitHub. Cloud Security: Led a cross-functional effort to integrate Aqua Security alerts into workflows, enhancing incident response, and developed test cases for cloud security controls in AWS and Azure. API Security: Identified API security risks, proposed mitigation strategies, and educated leadership on free solutions that promote a secure-by-design approach within budget constraints. Partnered with other teams in the organization to promote shift left adoption. Built additional tooling, such as validation, to filter out noise and complement acquired tools. Created an extensible secrets validator to reduce false positives to 0. Collaborated with security teams to create paradigms and other documentation to promote security awareness and give engineers a direction on what right looks like. Developed standards for tool-finding evaluation in escalation cases. Helped integrate artificial intelligence into security workflows, allowing in-house LLMs to review changes and provide quality initial triage and prioritizations. Conducted multiple PoC evaluations to replace existing tooling: SAST, SCA, Container Scanning, and Secrets Detection. Improve the application security team's efficiencies, working with team members to enhance their performance in areas where improvement was indicated. Vulnerability Management: Analysed over 1million findings from SAST, SCA, and IAST tools, preventing 500+ vulnerabilities from entering production by advising developers on secure coding practices. Specialties: Application Security DevSecOps Threat Modeling & Secure Code Review Application Vulnerability Assessment & Penetration Testing. Software Security Design review. Security Privacy & Risk Assessment OWASP TOP 10 Secure SDLC Framework Scripting (Ruby, Python) Programming in Java, Reactjs Cloud Security