Jan 2022 – Present · 4 yrs 3 mos

• As a technical Head of Security for Adobe Document Cloud, I lead end-to-end security strategy and execution across application and infrastructure layers, while ensuring compliance and supporting customer assurance at scale. My role bridges deep technical expertise with cross-functional leadership to drive secure innovation across web and mobile platforms (iOS and Android).
• Security Architecture & Threat Modeling:
• I oversee threat modeling and security architecture reviews for core Document Cloud applications, embedding security into the development lifecycle and mitigating design-level risks early.
• Compliance & Regulatory Alignment:
• Partnering with internal governance, risk, and compliance (GRC) teams as well as external auditors, I support certifications such as PCI, HIPAA, and FedRAMP, providing the evidence and controls needed to meet rigorous regulatory requirements.
• Customer Assurance & Trust:
• I serve as a trusted advisor to customers, articulating our security posture, explaining control implementations, and addressing concerns to support enterprise adoption and maintain customer confidence.
• Application & Cloud Security Testing:
• Hands-on experience leading and executing both static and dynamic penetration tests across web and mobile applications, including secure DevOps reviews for AWS and Azure environments.
• Red Teaming & Offensive Testing:
• Drive red teaming initiatives across Document Cloud and broader Adobe services to simulate real-world attack scenarios and harden defenses through continuous adversarial testing.
• Security Research Collaboration:
• Actively engage with external researchers and Adobe’s PSIRT team to triage and remediate vulnerabilities in accordance with Adobe’s security standards.
• Bug Bounty Leadership:
• Lead the Document Cloud bug bounty program on HackerOne and Bugcrowd, managing researcher relations, triage, and secure remediation processes in collaboration with engineering teams.

Feb 2019 – Dec 2021 · 2 yrs 10 mos

• Work as a product security lead for one or more product teams providing expertise in:
• Customer Relation - Working with customers to answer their security questions and help them understand security controls are in place for Document Cloud services.
• Compliance / Legal and Privacy - Working with internal GRC team (Governance Risk and compliance), and external auditors to provide necessary information needed for compliance certifications PCI, HIPAA, FedRamp etc.
• Hands on Web and Mobile automated and manual pentest for various Adobe services.
• AWS and Azure - network security review and pentest (DevSecOps role)
• Red Teaming exercise for Document Cloud and Adobe services .
• Performing threat modeling for web and mobile (iOS and Android) applications. Working with Google and Apple to make sure Adobe applications are in compliance with Google Play store and Apple store policies.
• Working with external security researchers and PSIRT team to triage the findings and making sure to get remediate in a timely manner based on Adobe standards.
• Running bug bounty program on HackerOne and Bugcrowd for Document Cloud services and working with external security researchers to provide all necessary information, triage the findings etc.

Jul 2014 – Jan 2019 · 4 yrs 6 mos

• Work as a security engineer / security researcher for one or more product teams, providing expertise in threat modeling, manual pentest, red teaming, network scan, vulnerability assessments, iOS/Android mobile apps review/pentest and conformance with good security practices and corporate governance.