Jan 2018 – Present · 8 yrs 3 mos · Bengaluru Area, India

• Deep Armor offers world-class product security services for web applications, networking products, Internet of Things (industrial, consumer, healthcare, ...) and mobile platforms.
• See more at www.deeparmor.com, or follow us on LinkedIn <https://www.linkedin.com/company/deep-armor/> or Twitter (@deep_armor)

Apr 2015 – Dec 2017 · 2 yrs 8 mos

• Established the India site for the New Devices Group by building a software security team from ground zero. Redefined the Security Development Lifecycle (SDL) for bleeding-edge technologies for wearables and IoT ecosystems, including AWS-hosted node.js based web services, Android & iOS mobile apps and RTOS-based embedded systems.
• With a global team under my wing, I led full SDL efforts, including threat modeling, vulnerability discovery and incident response for multiple products and platforms. Discovered, reported and drove resolutions for a large number of security vulnerabilities before our products hit the shelves over the past two years. Drove initiatives within Intel and externally to adopt enhancements and new security paradigms in Bluetooth and CVSS. Represented Intel and the NDG Security team at numerous national and international security and software conferences

Jul 2012 – Apr 2015 · 2 yrs 9 mos

• Core member of the Intel Mobile Communications Group (MCG) Security team. Built a team to perform in-house security assessments and security code reviews for Intel Android platforms. Established new partnerships with external security assessment firms to complement the work carried out internally.
• Managed the security & functional validation team for a newly architected Trusted Execution Environment (TEE) for Intel Android platforms

Apr 2010 – May 2012 · 2 yrs 1 mo · Sunnyvale, CA

• Vulnerability management and incident response lead for HP webOS.
• Responsible for most things concerning security in webOS, including internal and external security coordination efforts, and working within the HP Palm GBU on security risk mitigation. Interfaced with other security teams in HP, and with third party consultants on evangelizing security, and improved the overall security of the webOS platform.
• Developed several new security features and tools for the webOS mobile and cloud platforms. Reported over 25 shell injection, Cross-Site Scripting and sensitive information leak vulnerabilities in multiple internal and user-developed webOS applications

Feb 2006 – Feb 2010 · 4 yrs · Menlo Park, CA

• Engineer with the Sun Security Coordination team in the Solaris organization, with PSIRT and security development responsibilities. Evangelized security best practices in Sun, analyzed and triaged security vulnerability reports, and coordinated public disclosures via security Sun Alerts.
• Implemented a new POSIX approved system call for the Solaris OS, rewrote the rm(1) file utility and worked on other security enhancements.
• Worked with engineers on root-causing vulnerabilities, developing PoCs, code-reviewing security fixes and proactively performing source code analysis to find new security bugs.
• Worked as an OpenSolaris sponsors - assisted OpenSolaris developers outside of Sun to integrate their code into Solaris.
• Represented Sun Microsystems at a Forum for Incident Response and Security Teams (FIRST) conference and at several CERT/CC Vendor Meetings.

Aug 2003 – Jul 2004 · 11 mos · Bangalore, India