Jan 2023 – Jun 2023 · 5 mos · Mountain View, California, United States

Jun 2022 – Dec 2022 · 6 mos

• Lead for Automated Threat Modeling initiative to create a faster, secure way for developers to identify their security requirements & improve the quality of threat models by discovering security risks earlier in the process
• Partnering with multiple teams across Yahoo for Secure Design Reviews and Security architecting
• API Security: Improving overall security posture by identifying & bridging gaps in the current AuthN and AuthZ Implementations

Feb 2020 – Jun 2022 · 2 yrs 4 mos

Jul 2019 – Aug 2019 · 1 mo · Jersey City, New Jersey

• Worked on integrating reporting functionility to an security monitoring software (SNYPR) for customer satisfaction by extracting violations, case management, activity data from MySQL and SOLR
• Involved in customer satisfaction by providing security investigation support, threat and vulnerability analysis
• Developed python scripts involving socket programming, vulnerability scanners, measuring internet speed, brute force attacks, preprocessing SYNPR data
• Tools and Languages used: JasperSoft, Java, Python, Bash, MySQL, SOLR Queries

Jun 2017 – Jun 2018 · 1 yr · Chennai Area, India

• Web and Mobile application vulnerability assessment:
• Understanding Web and Mobile application vulnerabilities (OWASP) and ability to perform static and dynamic security assessments
• Designed and analyzed threat models using STRIDE, attack surface, protection trees and secure architecture for applications
• Involved in Test plan creation, Risk analysis, manual source code review for high risk vulnerabilities recognized by CheckMarx and AppScan
• Performed Dynamic assessment against OWASP and SANS controls by analyzing the application’s attack surface using BurpSuite Pro
• Categorizing identified vulnerabilities as per CVSS standards to prioritize patch management process and analyse business impacts
• Practices: Agile development practices- Security architecture reviews, sprint planning and triage incidents using Jira, Confluence
• Implemented ESAPI input validation in Java to patch vulnerabilities leading to Authentication, Database and Session compromise
• Coordinated with the development teams with patching all the vulnerabilities delivered in assessment reports containing their PoC and their mitigations thus hardening the Software/Application
• Deployed Honey Nets across the globe and integrated the data into Threat Connect instance via Python, ElasticSearch, REST APIs
• Performed binary analysis for Buffer and stack overflow vulnerability using gdb, Immunity Debugger and Ollydbg

Nov 2015 – Feb 2016 · 3 mos · Chennai Area, India

• Non-Invasive Imaging and Diagnostics Laboratory
• Developed an home monitoring system for patients undergoing physiotherapy
• The system comprises of an Arduino microcontroller and a tri-axial accelerometer attached to the patient's wrists.
• The system is used in conjunction with a smartphone application to analyze the correctness of the application.
• Simulated computational models of the human brain during explosions using COMSOL Multiphysics and MATLAB.