Jan 2023 – Feb 2025 · 2 yrs 1 mo · Chennai, Tamil Nadu, India · Remote

• Working Security in Presales (RFP/RFI, SOW), Secure Design & Architect Practices, AWS Well Architect Framework - Security Pillar implementations, DevSecOps solutions & implementations, Penetration Testing, Vulnerability Assessments & SOC Operations implementations.

Jul 2021 – Jan 2023 · 1 yr 6 mos · Chennai, Tamil Nadu, India · Remote

• Implemented & delivered end to end security activities for the applications or productions across the organization.
• Such as Security in Presales, Security Requirements, Secure Architecture and Design practices, Threat Model, Risk Assessments, Privacy Impact Assessment (PIA) as per the GDPR, Secure Component Selection Practices, Secure Coding, SAST, SCA, DAST, DevSecOps practices, Penetration Testing, Hardening, Vulnerability Scanning for production systems, Security bug fix & Retest etc.
• Technologies:
• Containerized Applications Docker, Kuberneties & Microservices, Cloud & IoT based solutions, 5G Solutions, Embedded Devices, Mobile Applications.
• Security Standards Followed:
• Ericsson SRM (internal), OWASP TOP10, SANS CWE TOP25, NIST 800-XX, ISO 27001, ISMS audit, ISO 31000 Risk Assessment, SEI CERT, MISRA, CIS bench mark etc.
• Security Tools used:
• Threat Model: Microsoft Threat Model Tool, OWASP Threat Dragon & Manaul Approaches
• Privacy Impact Assessment (PIA): OneTrust & Trade Compliance
• SAST: Snyk, Sonarqube, Detectsecret, Dependency Tracker
• SCA: Dependency Tracker, Blackduck
• Containerized Scan: Kube hunter, Kube Bench, Trivy, Snyk
• DevSecOps Stages & Integration: SAST, SCA, DAST, Penetration Test, Vulnerability Scan, Governance Dashboard
• Penetration Test: Burpsuite, KALI Linux Tools
• Vulnerability Assessment: Rapid7, Tenable SC, Nessus Professional
• SOC Operations: SIEM Tools & Monitoring
• Cloud Security Tools: Amazon Inspect, Security Hub, Amazon Artifact, Cloud Watch & Cloud Trail
• Organization Security BootCamp Training: Owned Security Bootcamp Training & Practices across the organization
• Domain: Teleco Security, Medical Domain Security. Automotive Domain Security, Banking & Fintech Security, E-Commerce Security, Office & Industrialized Automations etc.

Jul 2019 – Jul 2021 · 2 yrs · Chennai Area, India

• Implementing the executing the below mentioned Cyber Security Solutions across the Organization products.
• 1. Implementing and executing the Cyber Security Risk Management, Risk Assessments, Cyber Security Solution and Architect frameworks,
• Penetration Testing, Secure Coding, Secure product development life cycles, Security Automation etc. These Solutions and Services included for different products and domains like Medical & IoT devices, Healthcare Applications, ICS with IoT, Embedded with IoT devices, Linux kernels and Chipsets etc.
• 2. Implementing the Cyber Security Solutions with Data Science and Machine Learning (ML) Models and solving the current Cyber Security Solutions, Challenges in the product development life cycles.
• 3. Implementing and standardizing the Cybersecurity process and Artifacts across the organization quality management systems.
• 4. Implementing the End to End Cyber Security Solutions for Embedded firmware, Chipset, Linux kernel, Web Application, Web Services, Protocols Stack, SDK etc.
• 5. Cyber Security Solutions for major domains such as Medical, Healthcare. ICS, Banking/Fintech, Automotive.

Dec 2018 – Jul 2019 · 7 mos · Chennai Area, India

• Penetration Testing frameworks developments, Penetration Test Execution.
• Secure SDLC, Secure Sprint, DevSecOps framework development and implementations.
• Static & Dynamic scanning using Veracode Platform and tools like BurpSuite.
• Secure Architect Review, Threat and Risk Analysis for applications and AWS infrastructure.

Mar 2012 – Dec 2018 · 6 yrs 9 mos · Chennai

• Expertise to design & develop the Penetration test frameworks and conducting the Penetration testing for different technology based products including Application Security, Network Protocols including Layer2/Layer3 Security, IoT/Cloud Security, Embedded Security, BACnet/Modbus Protocols Security, Wireless Security, Mobile Security and Infrastructure Security.
• Expertise in performing the attacks simulation for external and internal attacker aspects using security tools. Also expertise to use security tools like Burp suite professional, ZAP proxy, Nessus, wireshark and other Kali Linux tools.
• Expertise in conducting the penetration testing on BLACK BOX, GRAY BOX and WHITE BOX aspects. Expertise in executing the in-depth manual security penetration test, known vulnerability assessment and CVE vulnerabilities. Expertise to test the Security Penetration Test in different platform and framework (including Java, C# .NET, C/C++, Python etc).
• Expertise to provide the mitigations or countermeasures to prevent the attacks in penetration testing & security in SDLC.
• Expertise in developing the new technologies, approaches and automations in cyber security domain including penetration testing, DevSecOps/Secure SDLC/Security in SDLC. Expertise to provide the training on Security Penetration Test, DevSecOps and security automations.
• Expertise in developing the DevSecOps/Security in SDLC/Secure SDLC frameworks for web application, rich application, IoT/Cloud based embedded applications, Mobile/Wireless applications, Network/protocols based applications, ICS applications etc.
• Expertise in developing the DeVSecOps/security in SDLC/Secure SDLC approaches & automations to get secure requirements, secure design patterns, secure coding guidelines both development & operations phases.

Feb 2010 – Feb 2012 · 2 yrs · Hyderabad Area, India

• Network and Protocols Testing
• Layer2, Layer3 Protocols Testing
• Wireless and Telecommunication Protocols Testing
• ADSL2/2++ Routers and Wimax CPEs Protocols Testing
• Linux, Perl, Python scripting and Automation Development
• Layer2 protocols like VLAN, STP, RSTP, MSTP, IGMP Snooping, VTP testing
• Layer3 Protocols like EIGRP, OSPF, BGP testing
• Layer4 protocols UDP and TCP testing
• Application Protocols like DHCP, SNMP, SMTP, HTTP, HTTPS, SMB, NTP testing
• Telecommunication protocols like SIP, RTP, RTCP testing

Apr 2005 – Feb 2010 · 4 yrs 10 mos · Chennai

• Layer2/Layer3 Protocols Testing
• Wireless (CorDECT) System Testing
• System Load and Performance Testing
• Linux shell scripting
• UDP socket programming using VC++

Jul 2001 – Mar 2005 · 3 yrs 8 mos · Chennai

• Micro controller based System Testing.
• Micro controller interfaces Testing like RS232, RS485, Parallel Port, ISR.
• SMPS, DC/DC converter Testing and development.