Jun 2023 – Jan 2026 · 2 yrs 7 mos

• Responsible for code quality and technical feasibility for complex private cloud environments. Built and mentored a specialized forward-deployed engineering team to deliver DSPM and privacy products at petabyte scale.
• 1. Team Leadership & Expansion: Led two implementation engineering teams focused on K8s deployments and asset classification.
• 2. Large Scale AI/RAG Architecture: Engineered a semantic search system for ~ 100M documents using Python, vLLM, and ElasticSearch. Scaled across 8 GPUs to achieve 5000 document/sec ingestion rates and 100+ concurrent users.
• 3. Local LLM Services: Orchestrated K8s Kustomize deployments for a 100B parameter local LLM code assistant, managing containerization, Artifact repository, ingress, and shared model storage.

Jun 2022 – Aug 2023 · 1 yr 2 mos

• My responsibilities involve mentoring engineers and lead solution design for complex privacy and technical security requirements from customers and prospects.
• 1. Architected a multi-node K3s provisioning framework using Terraform and Ansible across hybrid cloud (Azure, AWS, VMware/Proxmox). This automation enabled rapid scaling of customer POCs and deployments, supporting growth from 10 to over 200 customers.
• 2. Data-Driven Deployment Acceleration Project: Architected a scalable, Prometheus/Grafana/Pandas troubleshooting framework that empowered support teams with instant, data-driven insights, achieving
• a 95% reduction in customer support turnaround time (TAT).

Nov 2021 – May 2022 · 6 mos · Hyderabad, Telangana, India

• Responsible for technical responses, solution architecture and scale for advanced application security at GitHub customers. Built POVs for use cases for pre-sales demos, customer and partner enablement on
• Infra-as-code/CICD/Reporting/SAST and custom-security-rules use cases.
• Designed and deployed custom SAST (Static Application Security Testing) rules to identify and prioritize sophisticated, real-world vulnerabilities. This system analyzes code patterns and operational sequences to prevent commits that lead to security exploits, significantly improving fix rates and developer security awareness.

Mar 2019 – Nov 2021 · 2 yrs 8 mos

• Responsible for the successful adoption of our Fortify and Voltage solutions, building value faster and driving early adoption programs for strategic customers in the Asia-Pacific region.

May 2016 – Feb 2019 · 2 yrs 9 mos

• Responsible for project management, preparing proposals, SOWs and implement security consulting assignments for Fortify/data-security customers in APJ & South Pacific Regions.
• ● Assist with technical responses (RFx) regarding data and email security, dynamic analysis (DAST), static analysis (SAST) and runtime protection (RASP) products from Voltage and Fortify
• product lines.
• ● Designing and implementing large scale application assessment and security infrastructure, processes and partner programs using fortify technologies.
• ● Working with field teams, product sales and existing customers for fortify license and implementation requirements, knowledge management, training (remote and in classroom events), troubleshooting, and the creation/organization of available demonstration materials, environments, and guidelines.
• ● Speaking at conferences, workshops, webinars, partner training and marketing events to promote fortify business in the APJ region.

May 2014 – May 2016 · 2 yrs

• My present ownership includes:
• 1. Design and specification of SOA platform services for InsideView SAAS and LOB applications.
• 2. Building and improving InsideView security platform and security libraries.
• 2. Identity architecture for InsideView products and services.
• 3. Security Development Lifecycle (SDL) for out products and line of business applications.
• As software security architect at InsideView, I am the product owner for implementing responsible for core application and identity services, security features and secure development lifecycle (SDL). My roles and responsibilities also include establishing and improving SDL standards for all production deployed / line of business code and systems, prepare and drive roadmap of security features like external integrations, compliance, security features, data security and privacy requirements for our line of business and software as a service (SAAS) platform and to act as a point of contact for anything and everything around software security for engineering and non-engineering stakeholders.
• Technology exposure: Java, OWASP, SANS, SAML, OAuth, AWS (Redshift, S3, Dynamo-db, RDS, SQS/SNS, Elastic Cache, EMR etc), CRM Integration and Identity systems.

Sep 2013 – May 2014 · 8 mos

• As security owner for InsideView sales and marketing products here at InsideView, Inc, my responsibilities are to design security features like cryptographic storage, authorization, application firewall, single-sign-on using technologies like JCE, SAML, OAuth, WS-Federation, OpenID, PKI, OCSP etc.
• Roles and Responsibilities:
• 1. Developing, establishing and auditing Application Security Enterprise policies, standards and guidelines for customer facing software products in InsideView.
• 2. Manage the application security impact of projects and programs, recommend approaches and approve security designs for new systems.
• 3. Ensure that information and application security architecture decisions are consistent and leverage opportunities for common approaches, across application development projects and programs.
• 4. Work with Customers to implement / validate security architecture and coordinate the knowledge transfer about security of InsideView platform.
• 5. Driving the perception change for security from being seen as an inhibitor, to it being seen as a business differentiator.
• 6. Driving security requirements through designing and building prototypes proofs of concept, ensuring architecture sign offs, delivering design documents and standards, and creating user stories for key security pieces for the InsideView platform..

Mar 2012 – Sep 2013 · 1 yr 6 mos · Hyderabad Area, India

• As part of the Microsoft's ACE (Assessment Consulting and Engineering), I get to manually review code for security vulnerabilities, analyse security considerations for products and solutions, conduct privacy reviews around applications and technologies like windows phone, Azure, ADFS, .NET MVC etc. for internal teams and external customers of Microsoft.

Aug 2010 – Mar 2012 · 1 yr 7 mos

• Project details:
• As part of CA’s global software security team, my work involves performing code assessments / SCA automation / SCA audit training, penetration testing and architectural risk analysis for CA products to achieve General availability (GA) targets as part of SDLC check gates.
• Role and Responsibilities:
• Execute penetration testing assessments on websites and services.
• To work with product teams to scope and execute software security activities for product GA.
• Create automation infrastructure for SCA integration in the build process.
• Train developers to identify and analyze SCA results and eliminate false positives.
• Analyze, implement and test customer security escalation, public disclosure for product teams.
• Design and automate business intelligence dashboards by enabling these to pull data from fortify 360 server, quality centre, JIRA and MOSS 2007.
• Collect and communicate business object requirement for executive level reports on implementation of policy, training etc.
• Technology Deployed /tools:
• HP WebInspect,
• Rational Appscan,
• Fortify 360 Server,
• HP Quality Centre
• MOSS 2007

Aug 2009 – Aug 2010 · 1 yr

• A managed services projects to deliver application risk assessments for applications belonging to client and their third party vendors. Delivery of application security assessments to client, explaining third party vendors the control failure and suggested remediation. Being a managed services project means working with SLAs, Interfacing with site delivery, and ensuring that delivery meets deadlines.
• Role and Responsibilities:
• 1. Penetration Testing for assessments.
• 2. Interface with the client delivery teams and third party vendors to deliver security assessment reports and explaining controls failure.
• 3. Suggesting remediation for controls failure and assisting the client in re-assessment of these applications.
• 4. The day-to-day generation of quality control metrics, training documentation, run book updates, project procedure plans etc.
• 5. Application security training to new consultants.
• 6. Internal consulting work on secure SDLC implementation for different projects.

Aug 2007 – Jul 2009 · 1 yr 11 mos

• Risk assessment and testing of customer security requirements for products in Amdocs product portfolio. These includes various types of internet facing applications like AMSS, QPASS, CRM, OMS, CRAMER, Exposed webservices, Single Sign-On systems, Secure storage requirements, Encryption and Hashing requirements of data, SOX requirements, Backend security applications like Websphere user management console , Product Integration etc.
• My daily work involved:
• 1. Estimation / Reviewing security requirements/solutions for different projects and Accounts.
• 2. Threat modeling activity of requirements/products.
• 3. Planning security testing scope of products.
• 4. Fortify Source code scan of application code in various phases of delivery.
• 5. Vulnerability scanning of applications and deployments using enterprise software like Watchfire
• Appscan, Acunetix Web Vulnerability Scanners etc.
• 6. Risk assessment based on PCI-DSS, PA-DSS, ASPR standards.
• 7. Reviewing Calendar designs for penetration testing.
• 8. Penetration testing for ST and UAT deployments, Opening and tracking security defects.
• 9. Researching and Creating Proof of Concepts on Amdocs Applications for variants of security attack
• vectors like GIFAR, CSRF, XSS, Injection, Authentication and Authorization flaws etc.
• 10. Conducting course on
• a. Application security for QA testers.