Mar 2025 – May 2025 · 2 mos · Fulshear, Texas, United States · On-site

• Develop and implement security strategies for product development lifecycles.
• Conduct threat modeling to identify and mitigate potential risks in product designs.
• Collaborate with development teams to integrate security into software products.
• Define and enforce secure coding standards and best practices by adding security requirments into Jira business use cases.
• Review and assess product architectures to ensure compliance with security policies.
• Conduct security risk assessments and manage product vulnerabilities.
• Oversee compliance with industry regulations, standards, and certifications.
• Evaluate and integrate third-party security tools and technologies into products.
• Perform security reviews of application designs, including APIs and microservices.
• Create and enforce application security guidelines, policies, and frameworks.
• Lead and enforce secure software development lifecycle (SSDLC) initiatives.
• Evaluate and select application security tools, such as SAST, DAST, SCA, Contiaer Security , DevSecOps Cloud and IAST.
• Collaborate with DevOps teams to ensure secure CI/CD pipeline practices.
• Deliver training and mentorship on secure coding to developers and engineers.
• Perform security assessments, including vulnerability scans and penetration testing.
• Identify and document vulnerabilities, misconfigurations, and compliance gaps.
• Create detailed reports of security findings and provide recommendations.
• Support remediation efforts by collaborating with developers and engineers.
• Stay updated on the latest security threats, exploits, and trends.
• Implement and maintain application security tools like SAST, DAST, SCA, DevSecOps, Container Security, Cloud Security.
• Write and enforce secure coding guidelines and standards.
• Perform code reviews to identify vulnerabilities and ensure secure practices.
• Design and implement robust authentication and authorization mechanisms.

Mar 2024 – Feb 2025 · 11 mos · Sofia City, Bulgaria · Remote

• Develop and implement security strategies for product development lifecycles.
• Conduct threat modeling to identify and mitigate potential risks in product designs.
• Collaborate with development teams to integrate security into software products.
• Define and enforce secure coding standards and best practices by adding security requirments into Jira business use cases.
• Review and assess product architectures to ensure compliance with security policies.
• Conduct security risk assessments and manage product vulnerabilities.
• Oversee compliance with industry regulations, standards, and certifications.
• Evaluate and integrate third-party security tools and technologies into products.
• Perform security reviews of application designs, including APIs and microservices.
• Create and enforce application security guidelines, policies, and frameworks.
• Lead and enforce secure software development lifecycle (SSDLC) initiatives.
• Evaluate and select application security tools, such as SAST, DAST, SCA, Contiaer Security , DevSecOps Cloud and IAST.
• Collaborate with DevOps teams to ensure secure CI/CD pipeline practices.
• Deliver training and mentorship on secure coding to developers and engineers.
• Perform security assessments, including vulnerability scans and penetration testing.
• Identify and document vulnerabilities, misconfigurations, and compliance gaps.
• Create detailed reports of security findings and provide recommendations.
• Support remediation efforts by collaborating with developers and engineers.
• Stay updated on the latest security threats, exploits, and trends.
• Implement and maintain application security tools like SAST, DAST, SCA, DevSecOps, Container Security, Cloud Security.
• Write and enforce secure coding guidelines and standards.
• Perform code reviews to identify vulnerabilities and ensure secure practices.
• Design and implement robust authentication and authorization mechanisms.

Mar 2023 – Mar 2024 · 1 yr · Hyderabad, Telangana, India

• As Application Security Engineer/Consultant my responsibilities include but not limited to,
• Design and implement security controls within the software development lifecycle (SDLC).
• Perform static (SAST) and dynamic (DAST) application security testing.
• Conduct secure code reviews to identify and mitigate vulnerabilities.
• Develop and enforce security policies, standards, and best practices.
• Work with development teams to remediate security flaws in applications.
• Implement and manage security tools such as SAST, DAST, SCA, and RASP.
• Research and integrate the latest security technologies and frameworks.
• Conduct penetration testing and threat modelling for applications.
• Automate security testing within CI/CD pipelines.
• Collaborate with compliance teams to ensure regulatory security requirements are met.
• Analyse and assess security risks in applications and software systems.
• Monitor applications for security threats and vulnerabilities.
• Perform security assessments, including penetration testing and code reviews.
• Track, report, and recommend fixes for identified security weaknesses.
• Support incident response efforts related to application security breaches.
• Assist in implementing security policies and guidelines for development teams.
• Educate developers on secure coding practices and common attack vectors.
• Evaluate third-party software and open-source components for security risks.
• Maintain security documentation and compliance reports.
• Work with security engineers to enhance overall application security posture.

Mar 2021 – Feb 2023 · 1 yr 11 mos · Hyderabad, Telangana, India

Jul 2017 – Mar 2021 · 3 yrs 8 mos · On-site

Jun 2013 – Jun 2017 · 4 yrs · On-site

Jul 2012 – Jul 2013 · 1 yr · Mumbai Area, India

Sep 2010 – Jul 2012 · 1 yr 10 mos · Mumbai Area, India

Sep 2008 – Sep 2010 · 2 yrs · Mumbai Area, India

Sep 2007 – Sep 2008 · 1 yr · Mumbai Area, India