Jovin Lobo — DevOps Engineer
About Me: Passionate and results-driven security professional with extensive experience in driving robust security measures to safeguard organizational assets. Proven track record in spearheading initiatives such as Security Champions programs, Static Application Security Testing (SAST), End of Life (EOL) management, Pentesting and Bug Bounty Program management, LLM (Large Language Models) security, and Threat Modeling. Skilled in collaborating with cross-functional teams to identify and remediate security vulnerabilities effectively. Professional Experience: * Security Program Management: Revitalized Security Champions programs to foster a culture of security awareness and collaboration across engineering pods. Conducted regular training sessions and provided guidance to enhance security posture and awareness. Collaborated closely with Security Champions to identify and address security vulnerabilities promptly. * Threat Modeling and Rapid Risk Assessments: Conducted Rapid Risk Assessments to swiftly evaluate security risks in projects. Reviewed high-level architecture diagrams and documentation for newly designed application features. Provided expert guidance on security considerations during the design phase. * Static Application Security Testing (SAST): Led the implementation and maintenance of Semgrep via Github actions, optimizing results and customizing rules to detect organization-specific vulnerabilities. Ensured seamless operation of Semgrep toolset by managing licensing renewals and resolving technical issues. * End of Life (EOL) Management: Implemented proactive measures to identify and address end-of-life Docker base images, mitigating potential security risks. Conducted educational sessions for developers to understand EOL implications and recommended solutions for timely remediation. * Pentesting and Bug Bounty Program Management: Co-managed bug-bounty program, overseeing issue triage, reward management, and resolution coordination with development pods. Managed vulnerability response process, ensuring adherence to SLAs and expediting bug fixes with recommended security measures. * Compliance and Audit Support: Provided comprehensive support to compliance teams, assisting in documentation related to application security and providing evidence for audits. * LLM (Large Language Models) Security: Evaluated the security posture of LLM-based applications, including both OpenAI and Gemini platforms. Assessed and provided recommendations for enhancing the security of LLM prompts.
Stackforce AI infers this person is a Cybersecurity expert specializing in application security and vulnerability management.
Location: Pune, Maharashtra, India
Experience: 14 yrs
Skills
- Security Program Management
- Threat & Vulnerability Management
- Security Testing
Career Highlights
- Revitalized Security Champions programs for enhanced security culture.
- Led SAST implementation optimizing vulnerability detection.
- Managed bug bounty programs ensuring timely vulnerability resolution.
Work Experience
Verto
Devsecops Lead (1 yr 7 mos)
Razorpay
Application Security Lead (1 yr 8 mos)
NotSoSecure | part of Claranet Cyber Security
Senior Security Consultant (1 yr 7 mos)
Security Consultant (1 yr 2 mos)
Amdocs
Information Securtiy Specialist (2 yrs 8 mos)
Information Security Analyst (1 yr 11 mos)
Aujas Networks Pvt Ltd
Associate Consultant (11 mos)
null The Open Security Community
Pune Chapter Lead (5 yrs 3 mos)
Payatu Technologies
Application Security Consultant (2 yrs 5 mos)
Education
at SYMBIOSIS INTERNATIONAL UNIVERSITY
Master of Science - MS at Symbiosis Institute of Computer Studies and Research
