Jan 2022 – May 2024 · 2 yrs 4 mos · Dublin, County Dublin, Ireland

• 1. Developing understanding of products, services and architectures pertaining to Amazon Payments Ecosystem and build Secure Applications. Identify long term and short term security strategy to ensure that applications are designed and built securely. Trained over 150 engineers on secure coding practices, resulting in a 25% reduction in security vulnerabilities related to improper coding practices.
• 2. Responsible for ensuring applications (mobile/web) and services goes through the Secure SDLC workflow by conducting Architecture reviews, Threat modelling(STRIDE/PASTA), Code reviews(Automated and Manual), SAST, DAST, IAST, and Penetration Testing (including API testing). Performing Cloud Security reviews (AWS) and privacy audits on pre prod services.
• 3. Interpreting security tools and penetration testing results to stakeholders, providing advice on vulnerability remediation and risk mitigation. Formulating Security Policies, Framework and metrics to stakeholders and business leaders and deliver these in a clear, concise manner.
• 4. Leading projects involved in creating innovative and scalable tools, solutions, and processes to enhance the Amazon Payment Security Engineer’s operations.
• 5. Build/Develop Applications, Portals for Amazon Pay Security ecosystem and assist in creating Synergy/ Cross Collaboration among various Security teams at Amazon. Focus on enabling leaders to perform effective Technology Risk management through BI/Risk automation/tooling.

Mar 2019 – Nov 2021 · 2 yrs 8 mos · Bangalore

• 1. Conducted detailed security reviews, including SAST, DAST, and API testing, for Grab's infrastructure, securing 100% of applications in compliance with internal and regulatory standards.
• 2. Integrated security processes within CI/CD pipelines, leading to a 35% improvement in application release timelines by identifying and addressing vulnerabilities earlier in the development process.
• 3. Getting Security involved right from the development phase and integrate Security into DevOps and CI/CD pipeline. Assisted the team in facilitating the "Shift Left" concept into our existing Secure Software Development Life Cycle(SSDLC).
• 4. Developed Security tools and software to Automate Security testing and trained the development team in using them. Used Golang, Python, NodeJS, and Javascript to create tools for facilitating testing and effective closure of issues. Deployed Security automation to automatically identify instances where sensitive data got logged in Kibana and auto-identify the developer for a quick resolution.
• 5. Led Grab’s Bug Bounty program on HackerOne, resolving over 100 critical vulnerabilities. This initiative reduced potential financial losses by an estimated €1.2 million and incorporated lessons learned into future releases

Oct 2018 – Mar 2019 · 5 mos · bangalore

• 1. Identified and remediated vulnerabilities in IoT and embedded systems, preventing over 10+ potential service disruptions in critical industrial control systems by performing rigorous fuzzing and penetration testing on protocols such as Modbus, DNP3, and OPCUA.
• 2. Coordinated with the Security Operations Center (SOC) to manage incident response and infrastructure security across 500+ devices, reducing downtime during security incidents by 15%. Day-to-day Activities included the following:
• ➢ Incident Management
• ➢ Change Request Management
• ➢ Analysis & Troubleshooting
• ➢ Health Monitoring
• ➢ Researching Emerging Threats & their Mitigation of Security Devices (Firewalls, IDS & IPS - Cisco, Palo Alto, Checkpoint and Fortigate)
• 3. Conducted Web application penetration testing in adherence to the OWASP top 10 and CWE 25 standards. Identified vulnerabilities ranging from Authentication/Authorization to critical SQL Injections to exfiltrate sensitive data. Closely coordinated with the development team to implement the fixes before any breach in SLA dates. Conducted Source Code reviews as a part of SAST to identify vulnerabilities in the application code before deployment.

Aug 2016 – Oct 2018 · 2 yrs 2 mos · Bangalore

• Project 1: Network Penetration Testing (Government Clients)
• 1. Identified network and infrastructure security flaws in government client environments, determining risk exposure and fixing vulnerabilities.
• 2. Performed reconnaissance, port scanning, and service fingerprinting. Exploited systems using persistent shell, password dumps, privilege escalation, lateral movement, and backdoor installation.
• Helped address critical flaws that strengthened overall infrastructure security.
• Project 2: Mobile Application Security Assessment (Android) (Payment Service Provider)
• 1. Conducted manual and automated testing on mobile applications, focusing on identifying and mitigating vulnerabilities.
• 2. Applied techniques such as reverse engineering, static and runtime analysis, network analysis, and server-side testing to assess application security.
• 3. Bypassed root detection and SSL pinning and conducted error handling and data validation testing to identify critical security gaps.
• Project 3: Red Team Security Assessment (Multiple National Banks)
• 1. Led red team security assessments, including physical security testing and social engineering attacks like perimeter intrusion (spoofed authorization, RFID cloning), system and network intrusion (HID, USB, wireless attacks), and social engineering (phishing, fake surveys, dumpster diving).
• 2. Conducted wireless security testing and incident response exercises, ensuring better preparedness against real-world threats.
• Project 4: IT Risk Assessment/Cyber Security Audits
• 1. Helped improve risk management and governance frameworks across global locations, aligning with ISO, NIST, and PCI standards.
• 2. Conducted risk analysis based on current and expected controls, supporting clients during regulatory exams (e.g., RBI Annual Audits).
• 3. Engaged with senior management to create closure strategies and led risk evaluation and treatment, reducing organizational risk and enhancing compliance.

Apr 2015 – Jun 2015 · 2 mos · New Delhi, Delhi, India

• 1. Monitored and managed large-scale databases that tracked freight train services across India, identifying anomalies and ensuring data accuracy.
• 2. Developed custom tools to extract complex, raw data from the system and transform it into user-friendly, human-readable reports, improving data interpretation and decision-making for the operations team.