United States
Experienced in the following areas: Vulnerability Assessments Application Security Assessments Penetration Testing Network Security Mobile Application Security (Android, iOS & Windows) Thick Client Application Security Web Services Security Assessment Wireless Security Payment Gateway Security Cloud Security Secure Code Review API Testing War-Dialing Mobile Device Management
Conduct security reviews, threat modeling, and design assessments of wealth management products and services. Collaborate with development teams to integrate security controls and secure coding practices into CI/CD pipelines. Perform secure code reviews, static and dynamic analysis, and vulnerability assessments across web, mobile, and API platforms. Define and implement application security standards aligned with financial regulations (e.g., SEC, FINRA, MAS). Identify security gaps early in the development process and recommend architectural improvements. Triage and respond to security vulnerabilities reported through bug bounty or internal testing. Partner with DevOps, Infrastructure, and Cloud Security teams to ensure secure deployment of applications on cloud-native platforms. Develop and maintain security tooling for automation, continuous monitoring, and developer enablement for Wealth Management Division Where I directly wok with the regional CISO to manage the security and compliance posture of all the applications under wealth management. Conduct periodic training and awareness sessions for engineering teams on application security best practices.
• Performing Manual penetration testing for web applications, web services and thick clients. • Network Penetration Testing. • Mobile Application Pen Testing • Bluetooth and Wi-Fi Pen testing. • In-house automation. • Internet of Things (Hardware Pen-testing). • Performing Manual penetration testing for web applications, web services and thick clients. • Network Penetration Testing. (Corporate Penetration Tests) • Mobile Application Pen Testing • Bluetooth and Wi-Fi Pen testing. (Airplay and Miracast) • Internet of Things (Hardware Pen-testing). • Threat Modelling.
• Responsible for Product security including (web, Mobile) application vulnerability assessment & penetration testing and Infrastructure security testing. • Plan, develop and manage the application and network secure architecture. • Implemented the infrastructure security automation using ansible. • Threat modelling and architecture review of product. • Implemented the AWS security automation Implemented security awareness programs and instituted compliance metrics to decrease enterprise risks. • Enterprise wide penetration tests and reviews conducted on various components to identify security loopholes and subsequently addressed with appropriate controls.