Feb 2021 – Jun 2023 · 2 yrs 4 mos · Dublin, County Dublin, Ireland

May 2013 – Jan 2021 · 7 yrs 8 mos

• Conducted 100+ small to enterprise grade application architecture security reviews and threat modelling. Few notable products:
• .... o Licensing framework used by all Adobe desktop products
• .... o Central compute platform for hosting all Adobe’s ML web-services
• .... o AWS federated authN/Z provider used by all Adobe employees
• .... o Sandboxing of desktop app shipped with all Adobe products
• .... o Central code signing framework for all Adobe desktop products
• Conducted AWS & Azure deployments’ security reviews
• Researching on secure design patterns and architectures
• Contributing and driving security standards across company (AWS Security, & Container Security)
• Solving security engineering problems at scale – creating re-usable artefacts like guidelines/trainings, creating automation scripts, etc.
• Assisted on multiple security frameworks development (Vulnerability detection at scale, 3rd party libs’ vulnerability management, etc.)
• Handling externally reported product vulnerabilities: Technical assessment & remediation guidance
• Worked on investigating 0-days: Decoupling malware payload, De-obfuscation & Debugging, Root cause analysis, Creating MAPP signatures
• Community participation by sharing knowledge in InfoSec conferences (BlackHat/DefCon USA, OWASP AppSec EU, NullCon, BSides Vegas) along with active involvement in local chapters and academia
• Mentoring team of security researchers/architects to raise bar of security reviews
• Promoting team’s visibility and developing internal security engineering community by conducting security sessions, trainings, CTFs, etc.
• As an interview panel member, I am responsible ensuring the technical and functional fit to the organisation

Jun 2011 – May 2013 · 1 yr 11 mos · Gurgaon, India

• Manual/Automated application security penetration tests
• Manual/Automated infrastructure VA/PT (PCI and Non-PCI)
• Network devices (router, firewalls, etc.) configuration security audit
• Vulnerability research to create POC exploits
• Guiding development and infrastructure teams for vulnerabilities remediation
• Assisted in ISO 27001 internal audits

Sep 2010 – May 2011 · 8 mos · New Delhi Area, India

• [Freelance/Part-time]
• Worked on malware analysis & incidence response assignments
• Executed corporate application security trainings

Jun 2010 – May 2011 · 11 mos · Noida Area, India

• [Freelance/Part-time]
• Executed AppSec assessments for variety of government and private org.’s web applications (Thin client/Thick client/PKI)
• Consulted vulnerability remediation to the external development teams

Jun 2009 – May 2010 · 11 mos · New Delhi Area, India

• [Freelance/Part-time]
• Handled security assignments and information security trainings
• Led secure SDLC process and SEO for customer facing in-house applications

Jun 2008 – Aug 2008 · 2 mos · New Delhi Area, India

• [Freelance/Part-time]
• Conducted Information Security & Application Security trainings for academia