Jul 2025 – Present · 10 mos · Remote

Apr 2025 – Sep 2025 · 5 mos · San Francisco Bay Area

• In this role, I am running multiple security functions for Databricks:
• 1. Security Development Lifecycle -- Threat Modeling, Design Review, White box Pentest, Code Review (Manual and Assisted), DAST/SAST, Fuzzing etc.
• 2. Red Team -- Exploit Chaining, hacking cloud, on-prem, employee laptops, spear phishing, Hacking SaaS vendors and everything we are legally authorized to do.
• 3. Enterprise Security -- Securing the backend infrastructure of Databricks including but not limited to IT, Finance, HR, ENG pipelines, Laptops, SaaS deployments, etc
• 4. Vulnerability Response -- Interfacing with external security researchers and reporters/customers who want to talk about security concerns in Databricks via HackerOne platform or Direct Emails.
• 5. AI Red Team -- Securing the GenAI offerings, attacking AI models, security training infrastructure including but not limited to supply chain security, and Responsible AI testing.
• 6. Continous Monitoring -- Building a ConMon system from scratch over Databricks, integrating with all that matters in Databricks and providing a single pane of glass for executive team and engineers.

Jan 2022 – Mar 2025 · 3 yrs 2 mos · San Francisco Bay Area

• Setup the SDLC program for Databricks from ground up, and worked closely with Engineering teams to support all new features in a data driven risk prioritized fashion. Also responsible for Offensive Security, Red Team, Vulnerability Response Program and Bug Bounty program for Databricks. I have been involved with M&A projects in Databricks for technical due diligence from a security perspective.
• Additional to traditional security functions, I also run the Responsibile AI functions including the AI Red Team for Databricks.

Mar 2020 – Dec 2021 · 1 yr 9 mos

• Leading a team of 90+ individuals in 5 global locations, to provide strategic security functions and guidance to development teams. In this role, I run the Offensive Security (Red Teams), Defensive Security (Blue Teams), Product Vulnerability Response, Bug Bounty Program, Security Automation, Crypto Compliance as well as the Logging & Monitoring Team for Citrix On-prem, Cloud and Line of Business Applications. I also support Incident Response functions on Citrix Infrastructure as well as Citrix Products.
• I have also been actively involved into M&A engagement (successful and unsuccessful) for Citrix in the Technical due diligence team.

Apr 2018 – Mar 2020 · 1 yr 11 mos

• Responsible for strategic execution of Security Development Lifecycle for all Citrix products (on-prem and cloud). Leading a team of 30+ individuals in 5 locations, to provide security support and guidance to development teams. Leading the Blue as well as the Red Teams for Citrix Security. Additionally, responsible for technical analysis and handling of Security Incidents against Citrix products.
• In the last one year, I have been actively involved into every M&A engagement (successful and unsuccessful) for Citrix in the Technical due diligence team. As our security functions have matured, I have launched and have successfully been running the Private Bug Bounty program for Citrix via HackerOne.

Apr 2017 – Mar 2018 · 11 mos

• As the Sr. Manager for Product Security, I lead a global team of security engineers and hackers in Citrix. The charter of this team is to design and run the Security Development LifeCycle processes for ALL Citrix products -- XenApp, XenDesktop, NetScaler, Sharefile, XenMobile, Citrix Cloud, as well as all the Cloud offerings of Citrix. As part of the Citrix SDL, we do security Design reviews, Threat Models, Manual & Automated Code Audits, Hands on Penetration Testing, Exploit Writing and Advanced Security Training creation and delivery.

Sep 2015 – Mar 2017 · 1 yr 6 mos

• I led the Product Security Team for Citrix out of the Santa Clara office. As the manager for this team, I was responsible for the Security Development Lifecycle execution of Netscaler, SDWAN and Netscaler Gateway products. In addition to the SDL, we also handled security incident response and security certification like NDcPP and DoD UC-APL for NetScaler.

Mar 2012 – Aug 2015 · 3 yrs 5 mos

• I led a team of security engineers/researchers for Citrix's Security Team in Bangalore. I re-built the entire team with lots of strategic hiring (talent pool creation by strategic long term initiatives) and aggressive restructuring. I was the primary technical mentor for the security team in Offensive (Penetration Testing) as well as Defensive security (Secure by Design).
• Experienced with working in a global environment across different time-zones (Sydney to California), leading global security initiatives and projects, optimizing the overall Team's performance and ensuring a consistent growth in team's technical skill set are some of my key achievements.

Jan 2011 – Feb 2012 · 1 yr 1 mo

• Worked as Senior Security Engineer for Citrix Systems, Bangalore in the Central Security Team. My primary responsibilities included:
• End to End Security Development Lifecycle implementation for Citrix Products including Threat Modeling, Manual Source Code Review, Penetration Testing, Final Security Review, etc.
• Responsible for Vulnerability Response Management from Engineering side.
• Lead for Penetration Testing effort for ALL products in Citrix.
• Responsible for Security Code Review for ALL patches released from India office of Citrix.
• Actively involved in internal security trainings in Citrix.

Jul 2006 – Dec 2010 · 4 yrs 5 mos

• Sep 2007 to Dec 2010
• Worked on application level Security Research for Symantec products. I was also involved in the vulnerability management for external attacks and conducting security trainings.
• July 2006 to Aug 2007
• I have worked on FS development for VxFS on HP-UX 11iv3 release. I had the ownership of ODM (Oracle Disk Manager) during that tenure