Apr 2022 – May 2024 · 2 yrs 1 mo · Bangalore Urban, Karnataka, India

• Leading and mentoring a high performance, agile, cross-functional and geographically distributed team [India & US] of Security Architects, Developers and Engineers in the domain of Application Security, Malware, Threat & Vulnerability Management.
• Responsible for continued operational and engineering excellence of security services & infrastructure including robust on-call process, business and operational KPIs.
• Lead a team for development, scaling and maintaining security products - home grown and commercial to suit large scale deployment for the entire Salesforce ecosystem.
• Work with peers from CSIRT, Threat Detection & Response, Cloud Security and other stakeholders (Product, Program, CXOs, Customers, etc.) for critical risk reduction programs.
• Collaborate in creating long-term roadmaps and annual execution plan for owned products/services. Quarterly release planning with stakeholders and ensure deliverables as per schedule.
• Responsible for continuous uplift of Application Security and Malware detection enterprise program by improving signal-to-noise ratio, developer experience, addition of detection for new attack vectors and ongoing tech debt remediation.
• Representing Salesforce at various C-level/Executive security conferences/events. Got featured in Salesforce Blog and Engineering Blog.
• As part of Salesforce India security leadership, responsible for overseeing and execution of several initiatives for entire India Security Org - Scaling Security, Easy Collaboration, Growth, Equality & Diversity

Oct 2020 – Apr 2022 · 1 yr 6 mos · Bengaluru, Karnataka, India

• Heads the Security Engineering and Product Security Teams for Citrix Endpoint Management, Citrix Workspace App on Android, iOS, MacOS, Linux, Windows, Chrome platforms, Linux VDA, Wrike and Security tools automation teams working closely with peers and teams located primarily in India, China, UK and US - East and West coasts.
• Part of the leadership team in Global Security Org headed by the CISO responsible for execution of key product security initiatives related to cloud, automation, privacy, identity, attack surface management, logging, left-shift initiatives combined with Developer training, etc.

Apr 2019 – Aug 2022 · 3 yrs 4 mos · Bangalore

• Taking key decisions and chair the Chapter [7 Board Members, 200+ Chapter Members] proceedings.
• Successfully spearheaded and organized several meetups with help from other Board Members.
• Collaboration with other national and international Chapters/Conferences/Groups/Companies
• Attended (ISC)² Regional Chapter Leadership Meeting 2019, APAC and put across my views, suggestion, concerns in front of delegation of all APAC countries.

Jan 2019 – Oct 2020 · 1 yr 9 mos

• Spearheaded the Engineering Platform (Infra and Product) Security team at Cloudera - "The Enterprise Data Cloud Company". He was responsible for company-wide SDL and even actively engaged with Customer CISOs to resolve their concerns regarding Cloudera's product and SaaS platform. Platform security team helped our Sales org win many multi-million dollar deals by providing timely support with Customer concerns. He led many DevSecOps project to reduct TAT for Customer queries which resulted in less Engineering escalations and more developer productivity.
• Speaker at Data Works Summit, Barcelona 2019 presenting Apache Knox - Hadoop Security Swiss Knife.

Jan 2018 – Jan 2019 · 1 yr

• Founding member of Platform Security team in Hortonworks India Development center and grew the function from scratch.
• Speaker at Data Works Summit, 2018, San Jose [talk about "Securing your Hadoop Ecosystem and challenges"]
• Contributor to Apache Knox, Apache Zeppelin and Apache Spark.
• Driving static code analysis, penetration testing, architecture review, software composition analysis and change management activities.
• Help in identifying and fixing security issues during product development via effective collaboration with multiple teams spread across Globe.
• Analysing Design Documents for Security issues, Threat modeling and Attack Surface Reduction.
• Delivering internal trainings on Secure SDLC, Secure Coding, OWASP Top 10 PoC and remedies.
• Collaborating and working with Customers, Contractors, Consultants, 3rd Party Auditors and Vendors.
• Nominated Horton Heroes for Hortonworks, Q2, 2017
• Writing and executing system, security and high availability tests in Java/Python/Shell.

Sep 2015 – Jan 2018 · 2 yrs 4 mos

Oct 2011 – Sep 2015 · 3 yrs 11 mos · Mumbai Metropolitan Region

• Managed Platform Security (System, Applications, Database, Infra & Network), Security Operations, Threat Intelligence and GRC for national and state e-governance projects on behalf of Ministry of Electronics & Information Technology (MeitY), Govt. of India with a team of 10+ Engineers, PgMs & Consultants. Team activities included Secure Design and Architecture review, Vulnerability & Patch Management, SAST, DAST and Penetration Testing, External Audit (ISO 27001).
• Also managed a team for DevOps and SecOps. Change and Configuration Management. Planning BCP and Disaster Recovery drills. Managing nation-wide Solution/Service Deployment and System Integration. Providing L2 Linux Administration Support, Performing Hardening and Performance tuning of O/S, Web Applications. Cluster Configuration and Troubleshooting. Managing SAN, Tape Library, Load-balancers, Switches, Deployment of Services on Cloud. Evaluating Security Products.
• Managing Vendors - Hardware, Software, Security Solutions, RFPs, Price Negotiation.
• Providing Internal Training. Keeping an eye on relevant Security domains and new attack vectors.

Mar 2008 – Sep 2011 · 3 yrs 6 mos · Mumbai Metropolitan Region

• Job responsibilities included Programming, Research, OSINT, continuous monitoring and detection, vulnerability management and incident response for 3 Datacenters hosting services like Web, App, Database, DNS, DHCP, Mail Server, LDAP, Firewalls, proxy server, firewall, Windows Active Directory, etc. Also implemented defense-in-depth by hardening Operating System, Application, Network and Database as per NSA recommendations and CIS Benchmarks.

Jul 2006 – Apr 2007 · 9 mos · On-site

• Website development, System and Network administration. Hardening and patching Windows Infrastructure.