Pankaj Upadhyay

Security at Workday | Board Advisor | Ex-Microsoft

Greater Seattle Area

About

As an Application Security practitioner with over 18 years of industry experience, I specialize in evaluating applications across various stages of the Software Development Life Cycle (SDLC). My expertise spans conducting comprehensive Threat Model reviews, Architecture/Design reviews, and both Manual and Automated code reviews (SAST). Additionally, I am proficient in Dynamic Application Security Testing (DAST) and Web Penetration Testing. My unique background encompasses roles as both a builder and a breaker within diverse organizational contexts. I have contributed significantly to organizations by initiating and developing Application Security functions from inception. What fuels my passion for security is the profound impact it has on the businesses and individuals alike. Whether it's devising robust strategies to mitigate risks, leading incident response teams through crises, or staying ahead of emerging threats, I thrive on the challenge of safeguarding what matters most. Throughout my career, I've had the privilege of collaborating with a spectrum of organizations, ranging from small startups to major banks and product companies, and from service consultancies to homegrown security firms. Each unique experience has not only sharpened my technical acumen but also reinforced my unwavering commitment to excellence and continuous improvement.

Experience

  • Workday (4 yrs 9 mos)
    • Principal Security Engineer (Security Architecture & Consulting)
      Nov 2024 - Present · 1 yr 8 mos

    • Senior Security Engineer (Security Architecture & Consulting)
      Dec 2022 - Oct 2024 · 1 yr 11 mos

      Part of the Security Architecture and Consulting Team.. working with some key pillars in managing their security proactively.

    • Sr. Product Security Engineer
      Oct 2021 - Nov 2022 · 1 yr 2 mos

  • Board Advisor at Cybersecurity Association of Food Industry
    May 2025 - Present · 1 yr 2 mos

  • T. Rowe Price (Owings Mills, Maryland)
    • AVP, Lead Security Assessment Engineer
      Jul 2019 - Oct 2021 · 2 yrs 4 mos

    • AVP, Sr. Security Assessment Engineer
      Aug 2016 - Jun 2019 · 2 yrs 11 mos

    • Application Security Specialist
      Jan 2016 - Aug 2016 · 8 mos

  • Senior Security Consultant at Polito Inc
    Dec 2015 - Aug 2016 · 9 mos

  • SDL Security Consultant at Microsoft
    Nov 2014 - Nov 2015 · 1 yr 1 mo

    https://www.microsoft.com/en-us/securityengineering/sdl