Apr 2020 – Mar 2023 · 2 yrs 11 mos

• At present, I am a Business Information Security Officer for Flipkart Health Plus as well as the Head of Security Assurance, Application, and Network Security for Flipkart Group companies, where I ensure a 360o view of the entire security charter for the company. Sastasundar, acquired by Flipkart and rebranded Flipkart Health Plus, is managed by me and I organize regular meetings with senior management as well as other stakeholders.
• In my role as a senior information security leader at Flipkart, I implement information security policies, procedures, and standards across their business; elevating the NIST score from 2.03 to 3.5. In the areas of cyber health and intelligence, I facilitate and enable support to business growth initiatives, including marketing engagements, proposals, and short-term program support.
• Additionally, I oversee all Flipkart security processes to support business objectives; work with CIS and groups to ensure documentation is complete and engineering quality is high.
• I also served as the Service Point of Contact (SPOC) for Flipkart Health Plus' business, leadership, engineering, product, IT, HR, Finance, and Legal teams; managed Flipkart Health Plus' security policies and standards.
• Through my skills, I identify non-compliances in IT security, and areas for improvement, develop and implement remediation measures; develop an understanding of business processes, systems, technologies, data, and customers; and facilitate reformatting implementation.

Apr 2020 – Mar 2023 · 2 yrs 11 mos

• My role encompasses risk management, compliance and governance, information security assurance, and third-party information security risks. Maintaining and implementing the Information Security roadmap and building long-term relationships with key stakeholders is my key responsibility.
• As a result of the skills gained, I ensured the Information Security transformation by maintaining a high standard of controls and ensuring they were implemented as required.
• Moreover, I contributed to the implementation of industry standards and best practices as part of an integrated security approach.
• Working with risk owners to develop & implement treatment plans, I identify and manage information security risks throughout the organization.

Feb 2019 – Apr 2020 · 1 yr 2 mos

• As part of this role, I mapped security vulnerabilities, threats, and events. Using STRIDE and Cyber Kill Chain frameworks, I have contributed to security architectural reviews and drafted use cases for infrastructure security, DevSecOps, AWS, and application security.

Feb 2016 – Jan 2019 · 2 yrs 11 mos

• To influence decision-making processes across all levels, I devised an application security strategy and used a risk management approach instead of a purely academic one.
• Through the skills gained, I was able to respond to all major incidents, as well as formulate metrics reporting, while deploying all the new and existing security tools, standards, and processes concerned with static analysis as well as runtime testing.
• Essentially, I was responsible for informing the organization of areas of non-compliance/gaps that needed to be rectified in an Agile and DevOps environment in order to meet all applicable security requirements, including PCI-DSS, HIPPA, and another state regulatory or industry standards

Jul 2014 – Feb 2016 · 1 yr 7 mos

• My responsibilities included auditing PCI certifications, leading 3rd party penetration tests, and reviewing security architectures on time. Utilizing the skills gained, I participated in security testing efforts against applications, including code reviews, black/white box testing, and maintaining a continuous testing process.

Jul 2013 – Jul 2014 · 1 yr

• By evaluating proprietary security tools that fit the Yodlee products, I performed security assessments for Yodlee products (Yodlee web & mobile architectures).
• By using the skills I gained, I reviewed and tested security source code for in-house products/applications, including web apps, iPhone/iPad apps, & Android apps; I also reviewed Java, J2EE, C/C, and Objective-C apps.
• Furthermore, I developed Java, J2EE, and Flex tools for public and private internal use, and conducted white box and black box penetration tests on high-profile web, mobile, desktop, and server applications.
• Meanwhile, I conducted penetration testing on the web, iPhone/iPad, and Android applications while attending yearly security audits. It would be fair to say that my work on the HP Fortify SCA tool consisted of developing custom rules and integrating them into various build tools for both web and mobile products and apps.

Jun 2012 – Jul 2013 · 1 yr 1 mo

• My responsibilities in this role included planning and assessing the security of internal web, iPhone/iPad, and Android applications. Aside from the testing high-profile web, mobile, desktop, and server applications, I also reviewed Java, J2EE, C/CMM, and Objective-C code.

Apr 2010 – Jun 2012 · 2 yrs 2 mos · Bangalore

• Develop an end to end of web applications using java/j2ee technologies and javascript source code review of other team members.
• Conducted penetration testing on Chase insurance application (Chase Insurance) and in-house developed applications and production systems. Assisted in a resolution of exposed security weaknesses.
• White and black box penetration testing of a wide variety of high-profile web applications and server software.
• Security architecture review of production infrastructure and software.

Jul 2009 – Apr 2010 · 9 mos

• Understand the system requirements document and design and code.
• Involved in designing, coding and bug fixing of the EMC Celerra Manager product (NAS).
• Involved in analyzing the existing code and design, class diagrams and sequence diagrams.
• Implementation of new features in the Celerra Manager GUI.
• Analyze and develop the solution for problems reported in EMC’s Storage products.
• Adding new features for the existing Celerra Manager, to support the latest storage concepts and customer demands
• Involved in fixing the real-time issues after post-production in warranty period.
• Code to the application functionality.
• Involved in the production deployment for quarterly releases, major bug fixes and enhancements.

Aug 2006 – Jul 2009 · 2 yrs 11 mos

• Understanding requirements of the client (Target-MIB and OTM) through Detailed Use Cases (DUC’s).
• Creating, writing blue prints and Technical design documents (Utility Framework)
• Development and support of ATG Framework Code
• Generation of Sequence diagrams and class diagrams using Rational XDE.
• Developing UI and server side by using JSP’s, servlets, Java Script and HTML.
• Involved in Integration and testing of the code written by other team members.
• Analyze and develop solutions for problems reported in Target’s MIB Application and OTM Application.
• Developed Complex Reports Using Web Focus Reporting Tool and embedded into MIB application and OTM application to access through GUI.
• Involved in trouble shooting performance issues with Web Focus Reporting tool.