Feb 2019 – Sep 2025 · 6 yrs 7 mos · Hyderabad Area, India

• Lead and managed a team of 8 security engineers, driving application security strategy and execution.
• Directed penetration testing for web and mobile applications, identifying and remediating vulnerabilities.
• Drove threat modeling initiatives across high-risk applications, improving risk visibility and prioritization.
• Integrated Secure SDLC practices into design, development, and CI/CD pipelines, reducing vulnerabilities in production.
• Drove the organization’s API security initiative by implementing automated API scanning, and standardizing remediation processes, significantly enhancing resilience against modern attack vectors.
• Implemented Vulnerability Disclosure Programs (VDP) and Bug Bounty programs, enhancing vulnerability discovery.
• Established application security KPIs, dashboards, and reporting mechanisms for senior leadership visibility.
• Conducted AI/LLM application security testing (beginner level).

Nov 2015 – Feb 2019 · 3 yrs 3 mos · Hyderabad Area, India

May 2014 – Nov 2015 · 1 yr 6 mos · Hyderabad Area, India

• Setup secure SDLC practice
• Carried out web application security assessments
• Performed secure code review of Grails & Groovy applications
• Trained developers & QA teams on security domain

Jun 2006 – May 2014 · 7 yrs 11 mos

• Carried out over 200 penetration tests on a variety of web applications, Single sign on systems, Citrix hosted applications, Standalone applications, Secure File Exchange systems, Web services, Active X control, Flash, Flex and Java based applications, Report Creation applications and mainframe applications.
• Performed various other works like firewall rules verification, Source code reviews, web server configurations and database assessments.
• Performed security assessments of mobile applications - iPhone & Android.