May 2023 – Sep 2025 · 2 yrs 4 mos · Bengaluru, Karnataka, India · On-site

• Currently heading the Security charter under the CTO.
• Building capabilities and augumenting the Security posture under all the functional security pillars- Application Security, Cloud Security, Enterprise Security,GRC, Security Assurance and Security Operations.

Jan 2022 – May 2023 · 1 yr 4 mos · Bengaluru, Karnataka, India · Hybrid

Sep 2020 – Jan 2022 · 1 yr 4 mos · Bangalore Urban, Karnataka, India

Jul 2018 – Sep 2020 · 2 yrs 2 mos · Bengaluru Area, India

• End to End Product Security Ownership for multiple products both on-prem and cloud(AWS)
• Application Security across SDLC
• PKI (Public Key Infrastructure)
• SAST tools like Checkmarx, Sonarqube including Automation
• Security Automation into CI/CD pipeline including Jira Integration
• Automating Vulnerability Management cycle across products like Qualys/Nexpose
• Secure by Design
• Automated Threat Modelling
• Secure Code Reviews
• Platform Security
• Securing Next-Gen Authentication -FIDO
• SSL/TLS advisor
• Secure Authentication/Authroization

Jun 2016 – Jun 2018 · 2 yrs · Bengaluru Area, India

• Securing On-Prem MDM Software via
• 1- Manual Threat Modelling at the time of design for all High Value features
• 2- Code Review for Security Sensitive Features and Crypto Usage including Reviewing Legacy codebase for Security issues for critical pieces such as authentication
• 3- Gap Analysis of existing On Prem Infrastructure
• 4- Manage PSIRT(Product Security Incident Management) program for an Onprem product including interfacing with Customers via Blogs and tickets raised by Customers.
• 5- Vulnerability Management
• 6- Worked on Security Health Check tool for Customers to check if their deployments have followed recommended Security best practices and necessary guidance for failed checks.

Nov 2009 – May 2016 · 6 yrs 6 mos · Chennai Area, India

• Converted to full time at PayPal with the Security Engineering Team.
• Worked on various IRM projects, SafeBrowser, Password Strength Checker, Password Scrambler to name a few.
• Also part of the Ratelimiting team currently involved in countering day to day velocity attacks against Paypal, limited failed login attempts on Paypal, mitigated api login traffic velocity attack using Ratelimiter.
• Various key achievements during these years :-
• 1) Received PAT Award COSMIC KUDOS in H2, 2010.
• 2) Worked on creation of specification for the new custom pin verification command on payshield HSMs (Hardware Security Module) with external vendor Thales.
• 3) Worked on critical delivery project Touchstone HSM Pin Verification incorporating HSM PIN verification capabilities into poscryptoserv.
• 4) Received Spot award for successful completion of Point of Sale projects.
• 5) Successfully delivered multiple projects in Consumer Security Initiative for IRM namely Password Strength Checker and SafeBrowser Initiative.
• 6) Involved in the development and support of SecurityAPI, a basic security framework for basic encryption capabilities.
• 7) Worked in resolving bugs for Certicom based tools to be used for key management teams.
• 8) Worked on custom security tools from time to time for other vertical PayPal teams based on their requirements.
• a. Tools for QA to use to create various types of 1024/2048 encrypted versioned pinblocks in Java.
• b. Tools for encrypting/decrypting certain critical data for use in production
• 9) Also finished as finalist in Hackathon 2011 (24 hour coding challenge) for Restaurant Management App ( IOS App based + Central Web based Restaurant Management Framework)
• 10) Represented PayPal in NullCon conference in a 2 day event in Pune.
• 11) Worked on educating developers on basics of Password Security through Pin-up Cartoon strips.