M

Mohammed Irfan M A

Associate Consultant

Dubai, United Arab Emirates4 yrs 11 mos experience

Key Highlights

  • Expert in AI-driven security assessments and vulnerability remediation.
  • Architected Zero Trust Architecture for cloud and on-prem environments.
  • Proven track record in enhancing CI/CD security and compliance.
Stackforce AI infers this person is a Cybersecurity and DevSecOps expert with a focus on AI-driven solutions.

Contact

LinkedIn

Skills

Core Skills

CybersecurityDevsecopsAppsecInfrastructureSoftware DevelopmentBack-end EngineeringWeb Development

Other Skills

Agentic AIArchitecture Risk AnalysisAI assessmentsSecurity architectureVulnerability remediationZero Trust ArchitectureSecurity toolsGoogle Cloud Platform (GCP)blackduckCI-CD securitySupply chain securityCI/CD pipelinesDevSecOps toolsDockerSQL

About

As a Professional Services Senior Consultant (CyberSec|DevSecOps) at Black Duck, I specialize in developing and integrating AI models and conducting end-to-end security assessments, such as AI Maturity Action Plans (AI MAPs), to identify architectural vulnerabilities. By engineering custom guardrails and implementing 'Security as Code' patterns, our team prevents critical issues like prompt injection and data poisoning in production environments. I have also worked extensively on Black Duck Signal to enhance real-time vulnerability remediation using agentic AI and multi-LLM code analysis, streamlining the mitigation of exploitable risks. I hold a Bachelor of Engineering degree in Computer Software Engineering from Visvesvaraya Technological University. My work is driven by a commitment to secure ecosystems, as demonstrated by architecting AI-driven security tools like OPNSense NGFW, Microsoft Sentinel SIEM/SOAR, and Wazuh XDR for robust monitoring and Zero Trust Architecture. My goal is to continue advancing secure and efficient development workflows by leveraging advanced tools and methodologies in cybersecurity and DevSecOps.

Experience

4 yrs 11 mos
Total Experience
--
Average Tenure
--
Current Experience

Black duck

2 roles

Professional Services Senior Consultant (CyberSec|DevSecOps)

Promoted

Feb 2024Feb 2026 · 2 yrs

  • Developed and Integrated AI Models/Agents and conducted end-to-end security assessments like AI MAPs to identify architectural vulnerabilities; engineered custom guardrails and 'Security as Code' patterns to prevent prompt injection and data poisoning in production environments.
  • Implemented Black Duck Signal across the SDLC to leverage agentic AI for real-time vulnerability remediation; utilized its multi-LLM code analysis to eliminate false positives and autonomously patch exploitable risks, significantly reducing developer friction."
  • Architected an ecosystem with AI Driven Security tools (OPNSense NGFW/ Microsoft Sentinel SIEM/SOAR, Wazuh XDR and File Integrity Monitoring) to enforce Zero Trust Architecture in cloud and on-prem infrastructure along with Data loss prevention.
  • Architected Zero Trust access models on Azure using Microsoft Entra (RBAC/PIM) and enforced continuous compliance (MCSB/NIST) via Azure Policy, ensuring a hardened, audit-ready infrastructure for sensitive workloads.
  • Integrated workflows with custom automations that bridged the gap between organisation workflows to security scanning and security posture management.
  • Carried out migrations of security tools with latest versions and integrating it with multiple CI-CD environments like (Jenkins, ADO, Travis, Github Actions) in their respective pipeline files for the projects of different technical stack.
  • I have assessed and improved security tool detection capability by analysing( Prisma Cloud Security and IaC Checkov) results along with other AppSec tools with false positive ratios and enhanced the tools by tweaking the configurations leading to high performance.
  • Designed, Developed and Maintained a security pipeline infrastructure that was an offering at the same time 100's of security assessors using it for their custom assessments on SAST, SCA, IAST, Container Scanning, IaC scanning and Secret Scanning.
Agentic AIArchitecture Risk AnalysisCybersecurityDevSecOps

Security Services Associate Consultant (AppSec|DevSecOps)

Sep 2022Feb 2024 · 1 yr 5 mos

  • Performed CI-CD security reviews in different environments to ensure there is no supply chain attack possibilities and we are safeguarding the environments with PoLP and Zero Trust Architecture
  • I built and maintained cloud-native CI/CD pipelines for 100s of applications, integrating DevSecOps tools (SAST, SCA, Terraform/CloudFormation scanning etc.) to enforce security and compliance at scale.
  • Identified and mitigated high-impact design vulnerabilities in multi-cloud application architectures by conducting Threat Modeling and Architecture Risk Analysis (STRIDE, PASTA).
  • Onboarded hundreds of development projects on enterprise security tools like SRM, Polaris, and BlackDuck to improve compliance and threat visibility.
  • Conducted in-depth SAST, SCA, IaC, DAST and Threat Modeling vulnerability assessments, generating detailed reports and remediation guidelines for NIST 800-53.
  • Responsible for vulnerability triage for applications, prioritizing findings according to OWASP Top 10 and SANS Top 25 risks, and communicating mitigation strategies to both technical and non-technical stakeholders.
Google Cloud Platform (GCP)blackduckAppSecDevSecOps

Datamatics

2 roles

Consultant Trainee (DevSecOps)

Aug 2021Sep 2022 · 1 yr 1 mo

  • Designed and Implemented CI/CD multi-branch pipelines and scalable merge strategies for 40+ active projects, significantly increasing deployment velocity and supporting rapid Agile software releases.
  • Spearheaded DevSecOps integration across both on-premise and AWS environments, successfully architecting systems that maintained 99.99% uptime for critical applications and minimized security risks.
  • Executed complex, zero-downtime upgrade activities across the infrastructure stack, successfully modernizing GitLab, Ubuntu/RHEL application servers, and MySQL/Oracle DBs while ensuring continuous service availability.
  • Orchestrated enterprise-wide containerisation using Kubernetes and Docker, implementing auto-scaling strategies that resulted in a 3x increase in deployment efficiency and optimised cloud resource utilisation.
DockerSQLDevSecOpsInfrastructure

Trainee ( Back-End Engineer)

Feb 2021Jul 2021 · 5 mos

  • Delivered robust software features on a two-week sprint cycle, consistently meeting strict business requirements and driving product feature completion.
  • Eliminated critical application defects by implementing comprehensive unit testing and rigorous peer review, leading to a 40% reduction in production errors post-deployment.
  • Designed and executed complex, performance-specific SQL queries (e.g., recursive CTEs, optimized joins) to efficiently process large datasets, reducing report generation time by 25%.
  • Actively participated in daily stand-ups, sprint planning, and retrospectives within an Agile/Scrum framework to ensure timely and collaborative project delivery.
PHPBack-end OperationsSoftware DevelopmentBack-End Engineering

Novigo solutions

Web Development Intern

Jul 2019Aug 2019 · 1 mo · Mangalore, Karnataka

  • Hands on experience over the REST API's and Server Deployment.
PHPWeb DesignWeb DevelopmentSoftware Development

Spidev

Software Engineer

Feb 2018Dec 2020 · 2 yrs 10 mos · Kasaragod, Kerala, India

  • A freelancing firm with five more young brilliants to strive in the field of technology and human relations.
GitBack-End Web DevelopmentSoftware DevelopmentBack-End Engineering

Education

Visvesvaraya Technological University

Bachelor of Engineering - BE — Computer Software Engineering

Jan 2016Jan 2020

Stackforce found 100+ more professionals with Cybersecurity & Devsecops

Explore similar profiles based on matching skills and experience

SH

Sandeep H S

Data Platform Technical Lead

at Syncron

Bengaluru, India20 yrs 5 mos exp
Data ArchitectureBig Data
MS

Mangesh Shinde

Manager – Data Migration and Resiliency

at Yotta Data Services Private Limited

Pune, India9 yrs 6 mos exp
Disaster RecoveryCloud resiliency
DK

Dor Kviatkovski

Regional Sales Manager

at Palo Alto Networks

Tel Aviv-Yafo, Israel11 yrs 6 mos exp
CybersecurityAI SecurityPublic Sector SalesDigital Process Management
RK

Rejaul Karim

Founder

at ReZ

Dubai, United Arab Emirates6 yrs 6 mos exp
EntrepreneurshipDigital Marketing
Safeeq B

Safeeq B

Senior Security Engineer (L3)– InfoSec

at Kroll

Bengaluru, India5 yrs 9 mos exp
Security Architecture DesignPenetration TestingApplication Security
Naga Venkata Sai Krishna Gunturu

Naga Venkata Sai Krishna Gunturu

Security Services Associate Consultant

at Synopsys Inc

Vijayawada, India7 yrs 1 mo exp
Mahmoud Abo AlGhar

Mahmoud Abo AlGhar

Presales Engineer

at Mantrac Distribution

Cairo, Egypt4 yrs 4 mos exp
Network EngineeringNetwork SecurityTechnical SupportNetworking
Jyotirmoy Bhattacharjee

Jyotirmoy Bhattacharjee

Security Consultant

at Black Duck

Bengaluru, India3 yrs exp
Penetration TestingWeb Application Security