Oct 2023 – Nov 2025 · 2 yrs 1 mo

• Directed secure design reviews for AI agents and LLM-powered assistants, proactively identifying and mitigating emerging threats such as prompt injection, tool misuse, and cross-agent task hijacking.
• Led comprehensive threat modeling for advanced AI use cases, including RAG pipelines, agentic workflows, and model fine-tuning to ensure data privacy and system integrity.
• Developed comprehensive Security Architecture Design Patterns and cloud-secure blueprints, aligning group security requirements with regulatory mandates and industry best practices.
• Established strategies to address risks associated with AI-generated code, integrating security into automated workflows to identify vulnerabilities that evade traditional analysis methods.
• Spearheaded the development of secure coding standards for AI systems, focusing on critical safeguards like output validation, robust model access controls, and prompt injection defenses.
• Championed a "Shift Left" approach by partnering with ML and Cloud engineering teams to embed security controls early in the AI development lifecycle.
• Collaborated with Product and ML stakeholders to define safety requirements for enterprise chatbots, including context boundary controls, intent validation, and fallback mechanisms.
• Conducted deep-dive research and documentation for new technology acquisitions, ensuring all emerging tech meets strict security posture requirements and organizational standards.
• Contributed to the Security Architecture risk evaluation process, proposing tactical and strategic remediation plans backed by thorough cost/risk benefit analyses.
• Advocated for secure-by-design practices across technical delivery teams, overseeing third-party deliverables and ensuring compliance with ISO 27000 and ITIL frameworks.
• Represented the organization in internal and external security matters, promoting security initiatives while staying abreast of global regulatory trends and industry shifts.

Mar 2020 – Aug 2022 · 2 yrs 5 mos

• Perform Security code review using automated and manual.
• Perform Security Architecture and Low-Level Application Security Design review involving CIA triad, IAAA.
• Collaborate with business units and perform threat modelling on new and existing products and features to help guide security activities, suggesting preferred implementation patterns and identifying areas of security risk for scrutiny.
• Perform risk analysis using Qualitative and Quantitative based approach.
• Maintaining a current awareness of trends, threats, and regulations (ex. PCI, GDPR) that impact related development processes and standards.
• Designing and deploying application security tools and processes to support OWASP Top 10 alignment of critical central Secure Software Development Lifecycle controls.
• Collaborating with internal and external development teams (Java, .Net, C#, etc.) to integrate security tools, standards, and processes into the product life cycle.
• Providing application security expertise to support the incident response and architecture review processes.
• Actively participate in Agile Scrum Methodology.
• Develop the application dashboard using rest with angular.
• Ensure the applications are in compliance with Organization Policies, Standards and Regulations such as SOX, GLB Act, NIST, PCI-DSS, ISO/IEC, and GDPR.
• Mentor junior engineers and help level-up their deep understanding of Application Security.
• Provide insight into the latest application security vulnerabilities and exploits
• Conduct manual security assessments against web applications and APIs across a variety of technology stacks.

Dec 2016 – Feb 2020 · 3 yrs 2 mos

• Proficient in secure coding practices with deep expertise in identifying and remediating vulnerabilities aligned with OWASP Top 10 and SANS 25.
• Conduct detailed security source code reviews across multiple languages and frameworks including JavaScript, Java, .NET, Node.js, Angular, and SPA-supporting technologies.
• Provide secure coding guidance and remediation support to development teams across the organization.
• Evaluate, deploy, and manage both commercial and open-source application security testing tools at enterprise scale.
• Conduct automated code and application scans, understanding the strengths and limitations of tools across diverse platforms.
• Provide strategic recommendations for Web Application and API Protection (WAAP) tooling, helping secure modern web and API assets.

Sep 2014 – Feb 2024 · 9 yrs 5 mos

• Led engaging threat modeling workshops across product, infrastructure, and data science teams—uncovering design risks early and embedding secure-by-default thinking into development.
• Designed and implemented security architectures across Azure, and AI/ML platforms, building strong, scalable foundations aligned with evolving business needs.
• Conducted secure code reviews in .NET, Java and Python, working closely with developers to identify vulnerabilities and improve secure coding practices.
• Translated regulatory requirements into actionable, audit-ready controls supporting Three Lines of Defense and enterprise governance models.
• Defined and tracked Key Risk Indicators (KRIs), performing root cause analyses to proactively resolve recurring issues and strengthen operational resilience.
• Acted as a trusted advisor to engineers, product teams, and executives during security reviews and incidents, helping drive informed and timely decisions.
• Provided technical guidance to internal teams, vendors, and partners, aligning security practices with software development lifecycles and DevSecOps pipelines.
• Championed secure SDLC adoption by integrating tooling, training teams, and embedding best practices across workflows.
• Supported the secure adoption of emerging technologies—AI/ML, microservices, and serverless—by shaping architectural decisions and risk mitigation strategies.
• Conducted deep risk assessments of AI pipelines, addressing ethical use, data privacy, and misuse prevention with proactive strategies.
• Developed and enforced governance policies for responsible AI, aligned with NIST, ISO, and internal ethical standards.
• Delivered executive-level updates on GenAI risks, threat trends, and mitigation approaches, helping leadership align on strategic priorities.
• Mentored peers and early-career professionals, fostering a culture of continuous learning and shared security ownership.

Sep 2014 – Nov 2016 · 2 yrs 2 mos

• Performed Security Code Review for various lines of business.
• Designed and developed Security Code Review dashboard.
• Developed reporting tools for Security Code Review.
• Implemented SSRS reports for delivering metrics to Leadership Team.

Aug 2013 – Sep 2014 · 1 yr 1 mo · Hyderabad Area, India · On-site

• Designed and developed secure applications using the Microsoft .NET stack (C#, ASP.NET, MVC), embedding security controls directly into application logic.
• Implemented authentication, authorization, MFA, and cryptographic protections (encryption and hashing) to secure sensitive data and privileged workflows.
• Conducted attack surface analysis, secure code reviews, static analysis, and white-box penetration testing across applications and APIs.
• Identified, assessed, and prioritized vulnerabilities using CWE, CVEs, and CVSS, working with engineering teams to drive timely remediation.
• Deployed and secured applications in cloud environments, addressing application and infrastructure risks while mentoring developers on secure coding practices.

Dec 2010 – Aug 2013 · 2 yrs 8 mos · Noida Area, India

• Bridged the gap between business and technical teams by coordinating with stakeholders to develop comprehensive Requirements Traceability Matrices (RTM) for functional and non-functional security requirements.
• Hardened application integrity by implementing delay signing on source code to prevent unauthorized tampering and ensured secure deployments.
• Led end-to-end vulnerability management, including performing penetration testing in pre-production environments and conducting deep-dive root cause analyses on security bugs.
• Eliminated OWASP Top 10 risks by performing rigorous source code analysis and manual peer reviews on enterprise-level applications.
• Architected robust access and data protection models, implementing Role-Based Access Control (RBAC) and managing complex cryptographic operations (encryption, hashing, and key management).
• Enhanced web service security by implementing WS-Security protocols and assisting the Security Architect in designing secure Service-Oriented Architectures (SOA).
• Ensured operational resilience through active participation in Business Continuity Planning (BCP), managing secure database backups, and conducting post-mortem analyses on critical production incidents.
• Maintained rigorous compliance and documentation standards, aligning development workflows with ITIL and ISO 27000 frameworks.
• Drove proactive risk discovery by developing use/misuse cases and identifying undocumented features during the testing lifecycle.
• Environment: Frameworks/Tech: .NET (C#, ASP.NET), WCF, REST, Web Services, SharePoint Server. Frontend: JSON, jQuery, JavaScript, XML. Database/OS: SQL Server. Tools: JIRA, HP Quality Centre, AccuRev, StarTeam (Version Control), IBM Core Metrics.

Sep 2010 – Aug 2013 · 2 yrs 11 mos · New Delhi Area, India

• Partnered with a diverse portfolio of international clients to deliver high-performance applications tailored for global markets.
• Demonstrated versatility across the SDLC, navigating both the structured requirements of Waterfall and the fast-paced, iterative nature of Agile environments.
• Strengthened e-commerce platforms by designing and implementing custom security frameworks to protect sensitive user data and ensure secure transactions.