Dec 2019 – Present · 6 yrs 5 mos · Greater Bengaluru Area

Dec 2019 – Aug 2022 · 2 yrs 8 mos · Chicago, Illinois, United States

• Understanding how the client's company works to perform a gap analysis - both in terms of Engineering (complete pipeline starting with how and where do engineers write code to how it gets deployed in production, what mechanisms exist to prevent security/privacy bugs slipping in, etc.) & Non-engineering (how do employees access company resources, how are they onboarded & granted access, how are endpoints inventoried & secured, etc.)
• Building a threat profile - and tailor recommendations for the client as per their size, maturity, low-hanging fruits, and compliance requirements - incorporating pillars of Data Classification, Least Privilege, Minimizing Blast Radius, Security Baselines & Continuous Security Assessment.
• SME for Identity provider (IdP), SAML, Mobile Device Management (MDM) & Endpoint Security.
• Evaluate risks & minimize security impact of 3rd party components, services or integrations.

Sep 2018 – Dec 2019 · 1 yr 3 mos · Mumbai Metropolitan Region

• As the seed member of the Security Team, I undertook the company's first threat modeling exercise to identify & prioritize areas of focus and be a PoC for everything security.
• End-to-end security review of every aspect of the service, both internal & external (monolith, remote device setup & cleanup mechanisms, CI & CD) - to discover and remediate critical exploits (multiple RCEs, SSRFs), highlight code smells & mechanisms of lateral movement/internal abuse.
• Collaborating with teams for widespread adoption of a central Secrets Management system.
• Deployment & Adoption of Security Information and Event Management (SIEM).
• Designing a resilient Site-to-Site VPN solution using WireGuard to umbrella our managed and unmanaged data centers & offices.
• Engineering a billing system overhaul to support complex packaging and other business logic in the trinity of our monolith (Rails), Zuora & Salesforce.

Feb 2017 – Sep 2018 · 1 yr 7 mos · Greater Hyderabad Area

• Worked for projects: TemptApp – a monetized platform to bring models and their fans together, Racecheck – a review and discovery app for endurance athletes participating in events, Boutique Baller – a closed boutique marketplace app for footballers, Betster – a betting app with social elements.
• o Designing the database models, interacting with complex third-party services (Apple Pay on Web, real-time odds from bookmakers), spinning out microservices (media processing, sync) and knitting them together with RESTful APIs using Django Rest Framework.
• o Contribution to configuration management code & carrying out data migration.
• o Ensured security protocols and standards across projects in the company.

Aug 2016 – Feb 2017 · 6 mos · Bengaluru, Karnataka, India

Aug 2015 – Apr 2016 · 8 mos