Dublin, County Dublin, Ireland
- Security Architect & Lead with 19+ years of experience in the Information Technology industry including 10+ years in security. - Reduced security risk across multiple organizations by building and scaling least friction security programs in security domains such as product security, cloud security, vendor security, security operations and incidence response. - Built enterprise wide security architecture strategies, roadmaps, policies, guidelines and standards for global organizations based in domains like SaaS , Cloud platforms, Software licensing solutions, telecom etc. and in companies of varying sizes ranging from SMBs to Enterprises including one Fortune 500 organization. CORE EXPERTISE - Security Leadership & Strategy Product Security Strategy | Secure SDLC Transformation | Security Program Management | Security Roadmaps & KPIs | Executive Stakeholder Management | Engineering Leadership Partnership | Security Team Mentorship | AI Security Governance | - Product & Cloud Security Threat Modeling | Secure Architecture Reviews | DevSecOps | Cloud Security (AWS) | Container & Kubernetes Security | Vulnerability Management | CI/CD Pipeline Security | Supply Chain Security | Vendor Security Reviews | Incident Response | Security Operations | Secure Code Review (C++, Python, Javascript) | Penetration Testing | Security Automation & Engineering (Python, Claude Code) |
Leadership & Security Strategy - Led and mentored a globally distributed team of 3 to 5 security engineers and architects across security architecture and engineering functions owning end to end security of applications and infrastructure in a product line - Led threat modeling, architecture review and secure code review initiatives for 10+ customer-facing applications & platforms, identifying and reducing high-severity findings. Security Programs - Reduced non compliant container images by 30% across the organization by creating and implementing container security strategy that included both proactive & reactive steps. - Drove the adoption of 10+ requirements across 8 different best practices in the S2C2F framework leading to major improvement in the OSS Security across 10+ applications. Improved DevSecOps maturity across 20+ engineering teams by integrating security tooling and secure guardrails into their CI/CD pipelines, reducing security gaps in security scanning and increasing secure deployment adoption. - Built and operationalized an application security vulnerability remediation program from the ground up across 100+ SaaS microservices on AWS for a product, strengthening collaboration between security and engineering teams and reducing vulnerabilities by 20%. - Led vendor security assessment and governance initiatives across 5+ third-party vendors and service providers, improving compliance adherence and reducing third-party security risk exposure. AI Security/Governance - Led security reviews of 5+ AI initiative leading to secure adoption of AI related platforms and capabilities including Gen API gateway, AI chatbot, RAG based frameworks, AI based image editing capability etc. - Worked on 5+ AI based workflow and automation initiatives like AI assisted threat modelling, AI assisted secure code review, scan report analysis, feature document comparison etc. to improve overall efficiency.
- Improved security maturity and posture across the organization by leading 5+ major company wide security initiatives like Mobile AppSec Program, CI CD Security Program, AWS Ownership Tagging, GitHub Tagging, GitHub Security Standards Creation - Mobile AppSec Program : Created and developed the Mobile AppSec Program for Mobile Apps and Mobile SDKs by building relationships with engineering leaders leading a team of 50 to 70 software engineers. Led the security champions program and worked with 6 to 9 security champions and engineering managers to bring down the number of open security tickets to around 20%. - Reduced security risk by identifying 20+ major security risks and built secure architectures by partnering with various engineering and architecture teams for several projects, products, services and initiatives like ephemeral cloud based development environments, GCR to ECR migration, Customer data export service, OneGraph. - Developed and documented security standards, policies and best practices such as GitHub Security RFC and Standard, Dependency Confusion Prevention Guidelines, Supply Chain Security Guideline, AWS Tagging Standard.
- Security Strategy - Developed Cloud & Product Security strategy and roadmap in conjunction with director, software architects and managers. Mapped business requirements to security and technical requirements and communicated security risks to the Engineering Director/Managers/Leads, Product Owner and Software Architects. - Threat Modeling - Improved security posture of 5 software licensing products by performing in depth threat modeling together with security champions and software architects. - Vulnerability Management - Worked with security champions on triaging, reproducing and closing security vulnerabilities (using manual testing and secure code review) reported by security tools leading to much safer products.
AWS Cloud Security Leadership - Led and managed a team of 5+ security engineers and analysts across cloud security operations, SIEM, EDR, WAF, and firewall , improving operational efficiency and strengthening enterprise security posture. - Implemented centralized logging, monitoring, and detection engineering across multiple AWS environments using SIEM and cloud-native tooling, reducing incident detection time by 50%. - Led incident response and forensic investigations for 5+ cloud security incidents, reducing MTTR and improving operational resilience. - Implemented IAM security and least-privilege access controls across 100+ AWS identities and roles, reducing excessive privilege exposure by 20%.
- PenTest Lead - Hired and mentored a team of 4 pen test engineers to carry out the VAPT assignments. - Pen Tester - Conducted pentests on web applications and identified vulnerabilities and provided remediations guidance for fixing them.