Jul 2019 – Jul 2025 · 6 yrs · India

• 1) Provide security assurance in various Intel products and platform technologies. Evaluate security vulnerabilities per SDL processes. Threat analysis, architecture/design and implementation reviews to identify security issues. Propose and validate mitigation measures.
• 2) Responsible for Security Evaluation of various Intel product through Secure code review, Threat Model review, Fuzzing, Static & Dynamic code analysis, Pen Testing and also coordinating with Pen testing team.
• 3) Responsible for providing security training & coaching to various product team. Training like Threat Modelling, Cryptography, Advance Secure code development, Secure tools, Security Mindset etc.
• 4) Responsible for developing various secure coding guideline, organizing Security Hackathon.

Oct 2016 – Jul 2019 · 2 yrs 9 mos

• Responsible for Secure SDLC, requirements analysis, design and testing of security controls to ensure appropriate and effective security controls are embedded into information systems throughout the developmental lifecycle and security and solution considerations while working with Engineering & product team, and on-time delivery of those commitments.
• Responsible for translating the security requirements created by product owner & functional analysts into the architecture for that solution and describing it through the set of architecture and design artifacts.
• Performing impact assessment, threat modeling as well as technical and operational feasibility on the appropriate technology required to implement to solve the problem.
• Provide security consultancy and assessment services while introducing improvements in security implementation designs.
• Collaborate with solution architects, project managers, business analysts, and business process partners to ensure that security activities are efficiently and effectively supporting business objectives
• Maintenance and Development of SSRA Control Assessment and related processes
• Hands-on experience on AWS services such VPC, S3, RDS, EC2, RDS, CloudFront, ELB etc.
• Assessment and technical advisory on IAM solution/service (based on Forgerock and JanRain)
• Responsible for provide technical advice on military grade security of Philips Health Tech PaaS Solution for B2B and B2C markets
• Privacy and other regulatory requirements related to security
• Deep dive technical security advisory for Cloud Stacks for Connect, storage, Analytics etc. and orchestration.
• Coordinate, review and govern cloud API security testing, OWASP top 10, SANS top 25 etc.
• Worked on different technology stack and their security requirement like Redis, RabbitMQ, ELK etc.
• Research security assessment tools and provide a technical overview to management to support their buying decisions

Apr 2016 – Oct 2016 · 6 mos · Bengaluru, Karnataka, India

• Development of security related feature for CTMS team
• Worked as a security module developer i.e. password management feature, PKI etc.
• Security SME for Siebel Customer Relationship Management (CRM)
• Promote best practice throughout engineering team at all stages of SDLC by performing code reviews, giving training and mentoring. Secure coding guideline and Developer Education & Security Evangelist

Apr 2012 – Apr 2016 · 4 yrs

• Development of security module for Tizen (Samsung operating system)
• Own and drive the development of secure coding program including standards and best practices.
• Promote best practice throughout engineering team at all stages of SDLC by performing code reviews, giving training and mentoring. Secure coding guideline and Developer Education & Security Evangelist
• Requirements Gathering, Resource Planning, Scheduling, Process Improvement, Collaborative Leader, Knowledge of Design and Development various activity of Mobile Security Platform.
• Actively manage the security activities associated with Secure Software Development to address existing and evolving risks and threats appropriately.
• Application privilege design and implementation review
• Secure application life cycle (Permissions, Signing, SDK, and so on)
• Development of smack-policy-update and smack-security-report
• Development of Fingerprint scanner module for biometric security authentication
• Development of Secure Element for native framework (API for secure communications)
• Development of Pkcs#5 and Pkcs#8 (password based key derivation, encryption/decryption mac generation/verification, standard format to store private key and encrypted private key)
• Development of Cipher message sample app and Secure Element sample app, fixing its defect and maintenance of cryptography algorithm
• Responsible for Security Modules Development it includes (PKI, PKCS, X.509, Crypto, OCSP, Signing Tool, Access Control, SSL, OpenSSL), Platform Security Vulnerability Analysis.

Jul 2011 – Mar 2012 · 8 mos

• Development and maintenance of Quick Book(Intuit product) and payment gateway(PayPal)
• Fixing bug related to UI of Quick Book and in PayPal.
• Development of new feature in Quick Book and in PayPal.
• Regress testing of various module of Quick Book and in PayPal.