Feb 2021 – Sep 2021 · 7 mos · Bengaluru, Karnataka, India · Remote

• 1. Manage and pilot day to day work of the team
• 2. Ensuring timely delivery of committed projects.
• 3. Lead and manage a team conducting internal security reviews and vulnerability assessments.
• 4. Implemented DevsecOps pipeline as a service for internal development teams.
• 5. Conduct threat modelling and secure design reviews
• 6. Building tools and services that provide a shot view of the security posture of the organization, like access controls, vulnerabilities, etc
• 7. Help compliance and audits team to comply with various financial standards like SOX.
• 8. Plan and roadmap various technical transformational initiatives
• 9. Foresee and remediate technical/operational challenges to the team
• 10. Budget planning quarterly and yearly
• 11. Performance reviews and appraisal discussions

Jan 2020 – Feb 2021 · 1 yr 1 mo · Bengaluru, Karnataka · On-site

• 1. Working on decomposing the monolithic application to a microservice-based landscape.
• 2. Implementation of OAuth-based SSO service which integrates with various Identity Providers
• 3. Implementation of JWT based app to app authentication
• 4. Upgraded the application from Java 7 to Java 11.
• 5. Upgraded MySql from 5.7 to 8.
• 6. Introduction of Maven as a build management system.
• 7. Dockerization of the existing applications and deployment in AWS ECS
• 8. Introduced Redis as a cache (AWS Elasticache) to manage the increased burst of events during the COVID crisis.
• 8. Implementation of Auto Provisioning/Deprovisioning tool.
• 9. Introduction of Sonarqube as a code quality analysis and measurement tool and deployment on AWS EC2

Feb 2017 – Jan 2020 · 2 yrs 11 mos

• Designed and developed key management service for Apple point of sales systems.
• Developed and maintained Java based crypto web service for Apple point of sale
• systems to protect PCI/PII data.
• Leading the efforts to migrate the team to micro-services /Agile development lifecycle.
• Conducted design, source code and process reviews to ensure PCI, PII compliance
• standards and security best practices are implemented.
• Designed and implemented efficient ways to read SSL traffic and perform controlled
• man in the middle attacks.
• Helped in efforts to continuously identify security flaws and fix them in efficient ways.
• Resolve issues reported by Apple Infosec which are based on regular security scans.
• Working knowledge of penetration testing tools like Burp Suite, Wireshark.

Mar 2014 – Feb 2017 · 2 yrs 11 mos

• Developed Automated PCI Baseline verification Framework in Java/Python/Shell.
• Internal IT Auditor for Processes/Compliance for PCI DSS, SOX and Security in Production/QA environments.
• Involved in PCI Compliance of the Project and implementation of documentation and preparation of Security Baselines – MySQL/Tomcat Servers/Network based payments.
• PKI Implementation - Configuration and Implementation of SSL /Mutual Auth handshake using X509 certificates. OpenSSL/java keytool libraries.
• Developed Java based application to implement Role Based Authentication controls on MySQL databases.
• Involved in managing Penetration testing and remediation of vulnerabilities reported in them.
• Resolve issues reported by Apple Infosec which are based on regular security scans. ​
• Developed Flask based application that can review and audit membership of unix user groups.
• Creation of unit test using Junits
• Using code coverage tool Cobertura and its integration with Jenkins.
• Developed System of Records for ACLs in WWRC in Grails.
• MySQL version Upgrades (Using Shell Scripting/Python ) /Audit Trail Logging/Login Authentication/Timeout Configurations on MacOSX/ Linux(RHEL) : using tarball / rpm.
• Developing various QA/Dev/Prod Java Utilities for Security Team
• Security across distributed system of servers – Linux VMs/Datacenter servers/Load balancers.Managing the secure dataflow across the various servers.

Dec 2013 – Feb 2014 · 2 mos

• Co-ordinating with different vendors for all Application related issues.
• Working for end to end integration of new features.
• Debugging production issues and resolving.
• Collaborating with team of 20-25 associates (India and client location) tracking efforts and managing resources.
• Building new utilities for Production support and automating repetitive tasks.
• Responsible for deployment of new features to production

Oct 2012 – Nov 2013 · 1 yr 1 mo

• Managed, assigned tasks and status report presentation to Apple Managers for the SQE Ops Team.
• Developed a Java test-client program for server side, of the Apple's Self Checkout App.
• Provided fixes to the server side Bugs/Issues reported.
• Developed SoapUI test suites imitating Client side requests. Used for Load Testing.
• Created unit tests for the server side code using the JUnit framework.
• Developed Java and Shell Script based Utilities, which helped in analyzing and reporting of the Load tests.

Sep 2011 – Oct 2012 · 1 yr 1 mo

• Team lead for the introduction of new payment device (Ingenico iSMP) in UK and Spain for Apple Retail stores.
• Trained the team to understand the architecture, payment flows and testing best practices to ensure a smooth roll-out.
• Worked with architecture/client managers/ Ingenico for complete changes with server architecture for payment devices used in Apple Stores in France.
• Worked with iPhone configuration for payment device on client side.
• Worked with client team for personal information encryption in application/server logs.
• Worked for architecture change in ow (creation/updating/retrieval) of customer information in Apple POS. XML to XSD validation of the request and response calls for various application events.
• Developed UNIX Shell scripts for monitoring the performance of servers based on logs generated by the Store server and Central server
• Received appreciation notes from both on and o site colleagues and leads for successfully leading the team and developing/ deploying and monitoring scripts.

Apr 2010 – Aug 2011 · 1 yr 4 mos

• Involved in the complete QA process (SDLC) for POS systems used at Apple, concentrating on the functionality of the application and how well it integrates with their payment devices
• Responsible for sanity testing and analyzing the proper build deployment before testing SQA of the Personal Information, PCI encryption and Security related fixes.
• Deployment of the builds on the mobile applications and servers.
• Developed Squish Automation framework, which was used for validation of desktop application of POS.

Dec 2009 – Apr 2010 · 4 mos

• • Member of Initial Learning Program in TCS