Oct 2023 – Apr 2025 · 1 yr 6 mos · India · On-site

• Automated security testing by integrating security tools into the development pipeline, achieving an 80% reduction in manual testing time.
• Integrated SAST tools into the CI/CD pipeline to identify vulnerabilities early, leading to a 40% reduction in post-deployment security issues.
• Have boosted developer security awareness by 20% with a Visual Studio static code analysis plugin, easing remediation.
• Conducted DAST scans to detect CWE Top 25/ OWASP Top 10 vulnerabilities such as SQL Injection, XSS, CSRF, and Security Misconfiguration.
• Analyzed scan results, validated findings, and worked with developers to remediate security issues.
• Have delivered security awareness training to development teams, resulting in a 30% increase in secure coding practices.
• Contributed to developing and implementing product security policies and architectural best practices.
• Provided CIAM best security practices to enhance authentication, authorization, and identity management for secure user access.

Apr 2021 – Aug 2023 · 2 yrs 4 mos · Hyderbad · Hybrid

• Cut security review time by 30% using Veracode Green light's IDE scan for real-time issue detection and fixing.
• Managed the Software Composition Analysis (SCA) tool to identify and mitigate vulnerabilities in open-source libraries, resulting in a 15% decrease in third-party security risks.
• Performed security assessments (e.g., dynamic analysis, static code analysis) to identify vulnerabilities in applications, leading to a 25% reduction in exploitable vulnerabilities.
• Prioritized vulnerabilities based on severity and risk, ensuring timely remediation of critical vulnerabilities.
• Reviewed code for common security vulnerabilities and provided recommendations for improvement.
• Worked with development teams to remediate vulnerabilities and mitigate the impact of security incidents.
• Provided secure coding training to development teams, promoting best practices to write secure and robust applications.
• Reviewed code for security vulnerabilities following industry standards (e.g., OWASP Top 10), ensuring code adheres to secure coding principles.
• Reduced manual training by 50% by creating multiple Standard Operating Procedures (SOPs).
• Reduced alert response time by 50% by integrating Splunk with ARCON PAM for automated alerting.
• Reduced manual effort by 90% by automating the daily report generation process.
• Enhanced security by implementing two-factor authentication in ARCON PAM to prevent unauthorized access.
• Concepts: SAST, SCA, DAST, PAM, IAM, Penetration Testing, Vulnerability Assessment, DevSecOps, CI/CD pipelines.
• Tools: Veracode, SonarQube, CheckMarx, BurpSuite, TeamCity, Git, Azure DevOps, Git, Arcon PAM, Splunk.
• Security Standards/ Frameworks: OWASP Top 10, CWE, CVE, ISO 27001, PCI DSS.
• Languages: Java (Intermediate), Python(Beginner), Shell/ Bash scripting (Intermediate)
• Certified AWS Cloud Practitioner Essentials.
• Achieved certificate of completion on DevSecOps and DevOps CI/CD pipelines conducted by Udemy

Dec 2020 – Apr 2021 · 4 mos · Uppal, Telangana, India · On-site