Mar 2021 – Dec 2023 · 2 yrs 9 mos · Austin, Texas, United States · Hybrid

• Primary technical lead to build the next generation bootstrapping mechanism for PayPal’s centralized Key Management System by migrating from the legacy way of managing keys
• Offered consultation to the architecture, design, and feature rollout of TLSv1.2 for both client and server sessions at scale
• Developed and exposed REST APIs for PayPal’s centralized key management system for performing a variety of cryptographic operations
• Engineered a component that fetches tokens from the key management system which would be used by the applications to authenticate with the KMS
• Supervised and validated different certificate renewal and deployment for various internal entities
• Participated in the re-architecture of the topology of internal cryptographic systems to support high availability and disaster recovery
• Work closely with customers of the security engineering team in supporting and debugging encryption and key management products
• Support and monitor operational activities and work on immediate fixes to ensure the end-to-end availability of the business-critical systems

Jan 2020 – Mar 2021 · 1 yr 2 mos · Austin, Texas Metropolitan Area

• Serving as the primary architect and engineering owner of tokenization service that provides SST and FPE based encryption mechanisms to various internal applications
• Designed, architected, and engineered a data security engagement process in an internal portal that’s used to file security assessments. Automated various internal workflows including like X509 Certificates automation, HSM configuration etc., using spring-boot, MySQL, and REST APIs thereby reducing the on-boarding time from 4-days to just 4 minutes
• Technology owner for PKCS#11-based encryption services that’s used by COTS applications to protect their sensitive data-at-rest using application-level encryptions
• Perform in-depth security architecture reviews and threat modeling for applications’ that process PII/PAN data to identify data-security gaps, and propose appropriate protections (different flavors of encryption, tokenization etc.)
• Primary engineer responsible for building an automation utility, in python, that addressed bulk symmetric key creation problem faced by various clients
• Participated in various internal audits like ITDR, AAA certification, PCI DSS representing as a technology owner for some business-critical tier-0 applications

May 2017 – Mar 2021 · 3 yrs 10 mos · Austin, Texas Metropolitan Area

• Work closely with product development teams and other technology architects to ensure all sensitive data is secure and 100% protected at various levels
• Technical expertise in data-protection methodologies, protocols, and technologies including an understanding of cryptographic algorithms such as AES, 3DES, RSA, HMAC, SHA etc.
• Built an abstraction layer that uses REST and KMIP to integrate with the HSMs for crypto operations. This is consumed by the application teams, and greatly reduced the dependency and tight coupling with vendor solutions.
• Architected, and developed a live monitoring dashboard, using Grafana and sCollector, that monitors around 30+ operational metrics of internal HSM, PKI, and data protection appliances
• Participated in the vulnerability management program on a weekly basis to remediate security gaps/findings to harden our internal systems
• Researched and developed POVs for Salesforce’s Shield platform evaluating their BYOK solution offering and helped some internal teams integrate with the same for their key management use-case

Sep 2016 – Dec 2016 · 3 mos · Cambridge, MA

• Conducted security architecture review of critical applications hosted inside AWS to identify potential security weakness
• Identified external and internal risks to applications with the help of STRIDE Threat Modelling and a secure code review
• Researched, designed, and delivered a high-level risk assessment framework that prioritizes top risks to the company along with some recommendations on industry best practices to tackle the same

Jan 2016 – Apr 2016 · 3 mos · New York City Metropolitan Area

• Part of NBC’s Response Operations team to research and investigate the processes related to cybersecurity events alongside with monitoring security tools.
• Analyzed trends, and metrics from social media to detect and identify threats to the company for a list of events hosted/sponsored by NBC.
• Researched various types of malwares and attacks like virus, spam, phishing, unauthorized access, brute force, along with fake NBC domains from domestic and international proxies to take appropriate remediating actions.
• Performed vulnerability scan for servers and applications to spot high vulnerabilities and communicated the results along with action items to business security leaders
• Monitored and tracked down employees, third party vendors, and contractors trying to access restricted/unauthorized sites using company’s network