Jan 2024 – Aug 2025 · 1 yr 7 mos · Bengaluru, Karnataka, India · On-site

• Led and contributed to the development of cloud security solutions, for both CSPM and ASPM with a profound grasp of industry/market dynamics and new-age customer needs.
• Own and Deliver the technical strategy, architecture and execution, to address evolving challenges and enhance overall cloud security posture.
• Developed security reference architecture, articulated DevSecOps pipeline to drive product development with cross-functional teams.
• Orchestrated and automated multi-cloud security solutions from conceptualization, implementation and execution phases.
• Demonstrated expertise in developing scalable AI/ML products on public cloud platforms(AWS/GCP), within SaaS distributed systems and Big Data environments, leveraging a diverse range of open-source technologies.
• AI & Security Automation: Leverage AI/ML-driven threat detection, anomaly detection, and automated response to enhance security posture.
• Cloud Security Architecture: Design and implement secure cloud environments across Google Cloud (GCP), and AWS ensuring compliance with industry best practices.
• Zero Trust & Identity Security: Implement Zero Trust security models, IAM best practices, and IAP for secure access control.
• Network & Perimeter Security: Architect micro-segmented networks, WAF policies (Cloud Armor, AWS WAF), and firewall rules for enhanced protection.
• Compliance & Governance: Ensure adherence to GDPR, ISO 27001, NIST, and SOC 2 security frameworks for cloud deployments.
• DevSecOps & Secure AI Pipelines: Embed security into CI/CD pipelines, AI/ML models, and cloud-native applications to prevent vulnerabilities.

May 2022 – Jan 2024 · 1 yr 8 mos

• Ambassador of Security for Internal Teams.
• Heavily involved in the design and development of innovative security architectures.
• Writing road maps, design and create blueprints, implement and support a secure cloud infrastructure that meets the business needs and aligns with the company's strategic vision.
• Breadth of responsibility includes - planning and design, implementation review and post-audit, and day-to-day guidance and approvals for changes/builds.
• Expertise - Collaborate with Delivery Managers, Operations Managers, and InfoSec teams, to architect and design cloud security solutions.
• Delivery - Complete architecture assessments across projects, and proven use of security solutions to support new distributed computing solutions.
• Security Technology Strategy - Work with engineering, service and business teams to create technology implementation roadmaps.
• DevSecOps - Led, define and map digital architecture processes for designing large scale Ci/CD pipelines
• Mentoring-
• Led training and technical forums, serves as both a formal and informal mentor, and executes other initiatives to share knowledge across Security Platforms and/or Technology teams.
• Identifies, recommends, coordinates, and/or conducts informal/formal training sessions to deliver timely knowledge to support teams regarding technologies, processes or tools.

Jun 2021 – May 2022 · 11 mos

• Researcher of modern approaches to security problems, offensive and defensive processes, tooling and techniques.
• Extensive experience in Computer Science/Forensics, Intelligence, Cyber Security, International Affairs/GRC, or other relevant forensic/ security analysis-oriented work.
• Investigative experience in spam, phishing, malware, account takeover, apps and ads fraud.
• Cybersecurity Threat & Vulnerability management framework and necessary operational activities that include identify, risk assess, and monitor of vulnerability and associated remediation.
• Vulnerability and compliance assessment plans and manage continuous vulnerability discovery to report weaknesses, prioritise hardening efforts, and track remediation efforts.
• Conducting on going security assessment and testing for applications and facilitate any adversary simulation activity to respective assets.
• Cybersecurity monitoring and incident management including developing/updating respective procedures and play-books.
• Subject Matter Expert in implementing security controls, threat protection, managing identity and access, protecting data, advanced OSINT research methods, applications and networks in web, cloud and hybrid environments.
• Extensive experience in integrating security automation and worked towards incorporating security into SDLC, assisting project development teams move towards DevSecOps.
• Ensuring customer success by focusing on best practice, helping them develop a long-term security strategy.
• Partnering cross-functionally to review and ensure integration efficiency, deliver high quality service and ensure customer engagement.
• Experience of delivering solutions at scale for both public and private cloud i.e. For Public: AWS/ Azure services | For Private: Openshift/ kubernetes.
• People management skills and delivery within a highly distributed team with an ability to review design patterns and advise developers on best practices (TDD, code reviews)

Feb 2021 – Jun 2021 · 4 mos

• Plan, conduct and lead Vulnerability assessments and penetration tests, and simulate attacks on OSN’s internally or externally hosted web applications, mobile applications and IT infrastructure with an emphasis on critical functions and services in hybrid cloud environments.
• Understand Internal Applications landscape & keep track of ITIL processes to provide security recommendations when needed.
• Continuously monitor and protect the organisation attack surface from vulnerabilities and security threats and co-ordinate with other teams to resolve the security incidents quickly and efficiently.
• Provide technical recommendation for remediation of vulnerabilities in IT systems and web applications and maintain a feedback loop to ensure that they are timely addressed.
• Mentor and train the team on attack techniques, tools, intelligence analysis and adversarial tactics.
• Expert hands-on source code auditing - both DAST & SAST techniques.
• Develop controls to mitigate the process/security gaps identified in the information systems and DevOps practices

Nov 2018 – Feb 2021 · 2 yrs 3 mos

• Planning, Implementing, Managing, Monitoring, and Upgrading security measures for the protection and risk mitigation of the Web application security.
• Develop and Design application security framework and review existing application architecture and Define baseline security configuration for the operating system across multiple platforms.
• Strong exposure to application security standards including OWASP TOP 10, SANS TOP 25 and information security frameworks, leading security practices and regulatory requirements
• Strong Understanding of network architecture and concepts, application architecture, interoperability of these architectures with one another and able to provide detailed network Security
• Strong technical ability in security-related architecture design and assessment (manual approach to penetration testing)
• Strong understanding of cryptography, authentication, authorization, network security protocols, web application security, and windows application security
• Discovered, Researched, and responsibly disclosed numerous vulnerabilities in web applications.
• Extensive exposure on Security related activities in development such as Risk and Privacy Assessment, Threat Modeling.
• Extensive exposure in implementation of threats, main areas of protection, and analyzing mitigation
• Exhibited client-facing skills and capability to articulate technical concepts to technical and non-technical audiences

Jul 2017 – Oct 2018 · 1 yr 3 mos

• Perform vulnerability assessment and penetration testing for Embedded System
• Extensive experience in end to end security analysis and thick client application penetration testing
• Perform security GAP analysis, Risk Assessment, Security Audit, and Implementation based on NIST Framework.
• Defines baseline security configuration for the operating system across multiple platforms.
• Understand the data flow architecture for network segmentation and conducted Network Architecture review and Conduct Security network/server hardening.
• Conduct a review of business functions/process (BRD) from a security point of views and implement security controls
• Conduct and manage the portfolio of vulnerability assessment and penetration testing for the entire internet/intranet facing infrastructure
• Design and roll-out of Information Security awareness framework for internal employees.
• Create & deliver presentations on security awareness to the users which include details about the latest threats.

May 2016 – Apr 2017 · 11 mos · Gurgaon, India

• Performed host, network, and web application penetration tests
• Responsible for executing processes within all activities with respect to security Incident response life cycle.
• Security assessment of web applications to identify the vulnerabilities
• Identification of Injections in Business logic, Authentication, Session Management, etc... related flaws in applications and encasing attack scenarios and associated risk to the business.
• Providing preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy.
• Key contributor for developing templates such as Security Assessment Plan Security Assessment Reports, Rules of Engagement, Security Assessment Questionnaire, Kick-Off, and Exit Brief
• Created OWASP web application test cases and mapped them to associated NIST 800-53

Aug 2014 – Mar 2016 · 1 yr 7 mos · Gurugram · On-site

• Performed functional testing of ERP solution, Windows and Mac applications of Data undelete s/w’s
• Performed mobile application testing of Data undelete on Android and iOS platforms
• Performed mobile application testing of Embedded and IOT products on Android and iOS platforms
• Responsible for providing services to recover data deleted from hard drives, SD cards, mobile
• Responsible for recovering raw and scattered data from hard drives, SD cards, mobile using Winhex