Oct 2022 – May 2023 · 7 mos

• Embedded security throughout the development lifecycle for clinical information systems, aligning with privacy requirements and regulatory compliance (e.g., HIPAA, GDPR).
• Led application security reviews, vulnerability remediation and penetration testing for both internal and external engagements across on‑premise, Azure and AWS environments.
• Integrated DevSecOps policies and tools into CI/CD pipelines to enforce secure coding practices and automate security checks.
• Managed security for cloud‑based healthcare products, including privacy and security plans, risk assessments and SBOM management, in collaboration with product and compliance teams.
• Managed security for the cloud offering products, ensuring robust protection and privacy.
• Performed penetration testing activity for both internal and external engagements to proactively identify and remediate vulnerabilities.
• Implemented DevSecOps policy and tool integration for Azure and AWS, enhancing automation and compliance.
• Developed privacy and security plans, risk assessments and SBOM management for cloud products.

Apr 2021 – Oct 2022 · 1 yr 6 mos · London, England, United Kingdom

• Managed triaging for vulnerability reports for a leading UK bank, reproducing issues and assessing severity.
• Delivered rapid threat assessments and design overviews to guide remediation efforts.
• Conducted SAST and DAST evaluations for critical products to identify and mitigate security vulnerabilities.
• Designed metrics driven dashboards for vulnerability tracking and developer engagement KPIs.

Apr 2021 – Oct 2022 · 1 yr 6 mos

May 2016 – Apr 2021 · 4 yrs 11 mos · Trivandrum

• Led offensive security testing for aviation and logistics clients, including Lufthansa, Qantas, Etihad and Chevron, delivering comprehensive VAPT for web, mobile and thick‑client applications.
• Built and mentored offensive security team, fostering expertise in penetration testing and secure development practices.
• Delivered secure code review training and contributed to secure SDLC adoption across products, enhancing vulnerability detection and remediation.
• Collaborated with cross functional teams to integrate security requirements into product development and ensure compliance with industry standards.

Feb 2015 – Apr 2016 · 1 yr 2 mos · Pune, Maharashtra, India

• Executed advanced penetration testing for client applications and infrastructure, identifying vulnerabilities and improving security posture.
• Organized and facilitated major InfoSec conferences (nullcon, hardwear.io), fostering collaboration among industry leaders.
• Developed comprehensive threat models to ensure proactive risk management in application security.
• Implemented secure coding practices within development teams, promoting secure SDLC adoption.

Jun 2012 – Jan 2015 · 2 yrs 7 mos · trivandrum

• Executed comprehensive security assessments for the Bounzd product, identifying and mitigating vulnerabilities.
• Conducted infrastructure hardening and application testing to ensure a robust security posture.
• Developed and implemented security best practices and policies across teams.
• Collaborated with development teams to integrate security into the software development lifecycle.

Jul 2011 – May 2012 · 10 mos · Bangalore

• Developed e‑commerce applications using CakePHP, integrating front‑end and back‑end functionalities to deliver customized online brand stores.
• Managed Linux server operations (FTP, SSH and Samba) and automated file uploads to Amazon EC2, ensuring efficient deployment and updates.
• Implemented MySQL database management, Linux shell scripting and test automation to improve application reliability and performance.
• Collaborated with clients to gather requirements, deliver technical solutions and ensure quality through unit testing and regression testing.

May 2010 – Jun 2011 · 1 yr 1 mo · Ernakulam

• Coding, Unit Testing and test case validation
• Impact Analysis for new requirements
• Preparing monthly work status report and updating technology specific documents
• operate FTP SSH Samba Server in Linux Environment
• Linux Shell Scripting
• Analyzing test results and communicating, findings/recommendations to team for issue resolution.