Apr 2022 – Jun 2023 · 1 yr 2 mos

• Led a team of 9 security engineers executing application security across Grab's engineering organization — technical design reviews, static analysis, penetration testing, and full remediation support across all product teams.
• Drove the cybersecurity roadmap with direct contribution to annual budgeting and resource allocation. Established and presented security metrics to senior leadership, quantifying application security debt reduction and demonstrating measurable ROI of the security program.
• Mentored security engineers on technically sound decision-making, helping product teams reduce their application security debt systematically.

Oct 2018 – Apr 2022 · 3 yrs 6 mos

• Progressed from Senior Security Program Manager to Security Engineering Manager, building and scaling a team of 10–15 penetration testing engineers using agile practices to maximize security review throughput across product teams.
• Owned the InfoSec organization budget and managed vendor procurement, interfacing with legal, finance, and procurement teams. Negotiated multi-year contracts delivering significant cost savings.
• Stepped up to lead the team through an engineering manager departure, maintaining continuity and improving the execution model for individual contributors. Led organization-wide incident response campaigns, keeping stakeholders including the senior stakeholders informed on progress.
• Evangelized security initiatives with leadership, securing buy-in for tooling investments. Initiated and delivered organization-wide technical talks presenting deep-dives on security issues discovered by the team.

Jun 2012 – Sep 2018 · 6 yrs 3 mos · On-site

• Transitioned from product development to becoming Symantec's internal security assessment lead, working across the Software Security Group (2012–2017) and Data Center Security (2017–2018).
• Conducted penetration testing across Web, Mobile, and Cloud domains with deep specialization in Android and iOS application security, assessing Symantec's own products for vulnerabilities.
• Built internal security assessment tools using Python, Perl, .NET/MVC, AngularJS, and Java — including a JavaFX-based tool that translated XML configurations into Selenium test cases, significantly reducing manual test development effort.
• Developed and delivered security training on C/C++ secure coding, mobile security, and secure design patterns across Symantec development centers in Pune, Chennai, Bangalore, and Culver City (US).
• Led research and evaluation of emerging mobile security tools and techniques. Drove penetration test coordination with external vendors, owning technical coverage specifications and achieving maximum coverage at optimum cost.
• Filed 4 invention disclosures on Android security. Attended BlackHat Asia 2015 and RSA Conference 2016/2017. Mentored junior engineers and served as project guide for university students on security research.

Nov 2003 – Jun 2012 · 8 yrs 7 mos · On-site

• 9-year progression across three product teams: Configuration Management (2003–2007), Enterprise Security Manager (2007–2009), and Endpoint Protection (2009–2012). Grew from Associate Software Engineer to Senior Software Engineer and team lead.
• Designed and developed the Remote Management and Monitoring (RMM) feature for Symantec Endpoint Protection's small business edition.
• Built a timeout-driven security technology re-enablement mechanism preventing endpoints from remaining vulnerable after administrator-initiated disabling.
• Designed agent-based automation architecture enabling QA to automate large-scale test case execution, including Linux agent development.
• Served on the customer response team analyzing and resolving complex escalations. Full lifecycle experience from requirements analysis through cross-location team collaboration.
• Filed 2 invention disclosures. Received multiple Symantec Applause Awards (Level 2 and Level 4) for contributions to Endpoint Protection releases.