Feb 2023 – Feb 2025 · 2 yrs · Pune, Maharashtra, India

• Led India's Corporate Security team, securing cloud resources and maintaining client trust.
• Spearheaded Data, Cloud and DevSecOps implementation for several enterprise projects.
• Integrated security at all development stages and conducted comprehensive reviews.
• Enhanced defense with penetration testing and source code reviews.
• Promoted a security-conscious culture through training and Privacy By Design embedded in core-developer-workstreams

Jun 2021 – Feb 2023 · 1 yr 8 mos · Pune, Maharashtra, India

• Key player in the Corporate Security team, dedicated to securing our data warehousing solutions, enterprise applications and ensuring client confidence in our cloud-based services.

Mar 2019 – Jun 2021 · 2 yrs 3 mos · Dubai, United Arab Emirates

• Leveraged cloud technologies, Python, and DevSecOps for asset protection
• Specialised in containerisation and big data security on AWS
• Anchored cloud security to PCI DSS and GDPR standards
• Utilized PaaS, IaaS, and Security as a Service for Security services implementations
• Implemented CI/CD pipelines and various testing methods
• Conducted threat modeling and risk analysis
• Automated security monitoring and incident responses
• Secured micro-services, and managed mobile and network security
• Promoted security culture with strong stakeholder management
• Built adaptable, future-ready security infrastructure

Apr 2018 – Mar 2019 · 11 mos · Singapore · Hybrid

• Led a team of 15 consultants providing security solutions to a major telecom brand in South East Asia.
• Focused Services: Penetration testing, Secure code review, DevSecOps implementation, threat modeling, threat hunting.
• Conducted security assessments for banking and financial organizations with comprehensive reporting.
• Advised clients on technical issue resolution and remediation strategies.
• Established business relationships, applying security standards and designing security strategies.
• Led baselining exercises to identify and enhance security performance.
• Focused on project management, SSDLC implementation, architecture risk management, and incident response.

Dec 2016 – Mar 2018 · 1 yr 3 mos · Bengaluru Area, India

• As an SQA Engineer, I've executed Secure-Code Reviews, Threat Modeling, Red-teaming assessments, and Architecture Risk Analysis, contributing to a secure software development lifecycle. I’ve integrated security testing automation into DevOps using Python, promoting seamless interaction with Agile Development Cycles.
• I performed manual and automated web application analysis from a production viewpoint and managed security defects, prioritizing their fixes based on demand. I offered remediation guidance to the team and conducted compliance checks according to CA/B Forum guidelines.
• My responsibilities also included incorporating Static Analysis Automation into our CI/CD and Agile models. I provided Secure Coding Training to developers and Web Application Security Testing training to QA Engineers. In addition, I performed third-party vendor analysis for the integration of security tools. My overall mission has been to ensure our software's security resilience.

Jul 2015 – Dec 2016 · 1 yr 5 mos · Bengaluru Area, India

• As a Security Consultant, I've performed key duties, including Architecture Risk Analysis, Code Review, and Penetration Testing, bolstering application security. I've also trained individuals on security and development-related programs.
• Part of my role involved identifying security vulnerabilities and effectively communicating the associated business risks to stakeholders. My experience extends to Enterprise Infrastructure security and assurance, fortifying the security architecture across the organisation. Overall, I've worked relentlessly to integrate security into all aspects of our business operations.

Oct 2013 – Jul 2015 · 1 yr 9 mos · Essen Area, Germany; Frankfurt, Germany; Bangalore, India; Chennai, India

• I've been integral to development and maintenance activities, consistently interacting with the onsite delivery team and clients. I've provided support for multiple profiles, working both onsite and offshore to ensure seamless project execution.
• My responsibilities extended to Quality Assurance, where I performed Code Security Analysis and Reviews, enhancing the security and efficiency of our software products. In addition, I took on team management responsibilities, driving the success of our collaborative efforts towards meeting project objectives. In all, my roles have given me a comprehensive perspective on project delivery, from development to management, enhancing the overall quality of our software solutions.

Jun 2012 – Aug 2012 · 2 mos · New Delhi Area, India

• Work on Vulnerability Assessment for Enterprise Business Networks

Jun 2011 – Aug 2011 · 2 mos · New Delhi Area, India

• Working on the Network Security Implementation on Layer 3 Telecom Network(MPLS, IPVPN)

Oct 2005 – Sep 2013 · 7 yrs 11 mos · Delhi, India · Hybrid

• As an Information Security Trainer, I have worked hand-in-hand with management and industry experts to identify learning objectives, develop impactful content, and deliver security-focused training. I have catered to a diverse audience, from college graduates to seasoned professionals, providing training on topics like Information Security, Ethical Hacking, and Secure Coding.
• In partnership with PCO managers, I've ensured the effectiveness of our training by conducting follow-ups at 10/30/60 day intervals, and offering tailored workshops for focused topics. My commitment has been towards designing engaging, forward-thinking training methods that meet the needs of our evolving audience.