Dec 2018 – Present · 7 yrs 3 mos

• Hired and built a security automation team of 13 FTE and 5 interns
• Architected and helped develop a PoC for an internal product using Microservices, Kubernetes on Google Cloud
• Created a light weight cloud security offering and trained multiple assessors on the offering
• Created a PoC using AI to reduce false positives with security testing tools (Burp, Appscan)
• Worked with Large Life Insurance, Airlines, Automobile, Payment Gateways, Banks

Nov 2016 – Dec 2018 · 2 yrs 1 mo

• Security consulting for architecture reviews, threat modeling, red teaming
• Worked with Life Insurance companies, Large Private Banks, Product Companies and Pharma companies
• Improve timeliness, quality and productivity for Managed Services
• Identify areas for automation and work with the team to implement and operationalize the solution
• Use automation to improve quality of findings and reduce repetitive manual effort
• Setup a metrics program using Tableau to measure effectiveness of automation (Level of Effort & Quality)
• Assisted with hiring (college and lateral) and helped scale the team from 35 to 130

Mar 2016 – Nov 2016 · 8 mos · Bangalore

• Cigital was acquired by Synopsys.
• Security consulting for architecture reviews, threat modeling, red teaming
• Worked with Life Insurance companies, Large Private Banks, Product Companies and Pharma companies
• Improve timeliness, quality and productivity for Managed Services
• Identify areas for automation and work with the team to implement and operationalize the solution
• Use automation to improve quality of findings and reduce repetitive manual effort
• Setup a metrics program using Tableau to measure effectiveness of automation (Level of Effort & Quality)
• Assisted with hiring (college and lateral) and helped scale the team from 35 to 130

Feb 2014 – Mar 2016 · 2 yrs 1 mo

• Team: Windows Devices Group Services - Windows Services, Xbox Live, Microsoft devices, Commerce Platform
• Application security - Websites, web services, rest apis, Source code audit
• Red teaming - Network audit, Infrastructure audit, reviewing applications
• Tool development - security tools required for redteam efforts, automation of manual tasks during redteam and appsec. Creating custom tools to evade detection during Penetration tests and Red-team engagements
• Collaboration with incident response - Coordinate with incident response teams to improve detection metrics.Assess third party security tools for effectiveness and risk introduced

Jul 2012 – Feb 2014 · 1 yr 7 mos

• Working on improving the security of Commerce Platform (central e-commerce platform for Microsoft products).
• The core responsibilities include Penetration testing, threat modeling and code reviewing.
• Penetration Testing - Parlaying research into actual exploits and doing in-depth hacking on Commerce Platform (CP). Identifying vulnerabilities through simulated external and internal attacks which validate Microsoft's ability to prevent, detect and respond.
• Emerging Threat Research - Being on the forefront of emerging threats which affect online services. This includes research of externally found exploits as well as proactive research on technology CP utilizes and depends on. Performing case studies of recent incidents affecting cloud/payment providers.
• Tool & Automation Development - Developing security toolset which increases the CP penetration testing team's ability to find network and web application vulnerabilities during security code reviews and live site attack & penetrate simulations.
• Threat Modeling - Performing threat models/architecture reviews from a security perspective on the new features being released.

Aug 2010 – Jun 2012 · 1 yr 10 mos

• Working in the Online services group on the online commerce platform which handles the billing and commerce of various online products like Windows Azure, Office, Business Productivity Online Std suite etc.

May 2007 – Aug 2008 · 1 yr 3 mos

• Worked on high speed embedded systems and mutimedia streaming.