Jul 2019 – Oct 2020 · 1 yr 3 mos · Bengaluru, Karnataka, India

Jan 2018 – Jul 2019 · 1 yr 6 mos · Bangalore, India, KA

• BUILD, MANAGE AND TRAIN ALL THE BELOW TEAMS AND THEIR RESPECTIVE RESPONSIBILITIES BELOW:
• ===============================
• COMPONENTS OF SECURITY
• ===============================
• Infrastructure Security
• Application Security
• IT Security
• Data Leak Prevention
• Security Automation
• Security Awareness Campaigns
• Compliance
• ===============================
• Red Team - Offensive Security (Pen Testers)
• Find vulnerabilities in all the above components of security
• Code Review all the critical components
• Develop a Developer Best practices guide and ensure that the code review is done on the same standards
• Validate the integrations done with merchants for any security issues
• Own the Responsible Disclosure program (Validate, Fix and Follow up with external/internal researchers)
• Automation of test cycles (Scripting & Tooling)
• Propose a solution for every vulnerability/ security issue reported
• Anti-Fraud and Risk Team Collaboration
• Blue Team - Defensive Security (Security Architects)
• Alert Monitoring and Management
• Security Incident Management
• Maintain all security tools
• Internal Tools
• External Tools
• Traffic Quality management
• Attack Detection
• Setting up controls to block bad traffic
• Maintain latest rules and keep improving profiles based on new releases
• Anti-Fraud and Risk Team Collaboration
• Automation of Security Pen testing cases and coordinate with QA
• Bug Bounty Program Management (Internal & External)
• Purple Team - Compliance Team (Auditors)
• Plan and Drive quarterly Internal audits
• Create the monthly deviation report (Ref ISO and PCI standards)
• Follow up checklist and get tasks done
• Drive all Vendor Audits in a timely manner (Tracker to be maintained)
• Drive PCI Compliance (with trackers)
• Drive ISO Compliance (with trackers)
• Conduct Security Awareness Campaigns internally

Jul 2017 – Jan 2018 · 6 mos · Bengaluru, Karnataka, India

• R&D in Ad Fraud Industry.

Mar 2016 – Jul 2017 · 1 yr 4 mos · Bangalore

• SECURITY OPERATIONS & AGILE (DEFENCE STRATEGY):
• Architectural Reviews right at the inception of a concept and provide security strategies without affecting business needs
• Successfully Implemented Security Testing Lifecycle into the current existing SDLC
• Designed and Integrated IN-HOUSE WAF, ANTI DOS/DDOS & BOT MITIGATION SOLUTIONS
• Worked directly with engineers to improve secure coding practices (OWASP’s secure coding methods)
• Designed an End-to-End HoneyPot to flag bad-bots and Abusers on the Swiggy Platforms
• Implemented log aggregation + Alerts engine using ElasticSearch
• Designed and Implemented BUG BOUNTY HUNTING PROGRAM for Swiggy (https://www.swiggy.com/bug-bounty)
• OFFENSIVE SECURITY:
• Conducted static & dynamic application security assessments against a variety of web applications
• Conducted network security assessments against several data centers in a controlled environment
• Triaged, validated, prioritized and reported web application vulnerabilities and exploits
• Worked directly with product management and engineering to prioritize and resolve vulnerabilities
• implemented static source code analysis of web applications and Apps (Android and iOS) to address zero-day and known vulnerabilities with the help of the team built
• MANAGERIAL TASKS:
• Built a complete Security team
• Representing the Security Engineering Team in Cross-Pod interactions
• Hiring Manager for Security Engineering Team
• Conducting team meetings and scrums regularly ensuring that timelines are met
• Regular One-on-One meet ups with team members ensuring self and business progress
• Responsible for quarterly targets and achieving them in timely fashion
• Responsible for Annual Performance Reviews for the Team
• Providing KT to the Engineering pods as and when required
• Worked with the Legal Team to review contractual agreements with security relevance
• Have laid out the Security Terms & Conditions for end-users interacting with Swiggy ( https://www.swiggy.com/terms-and-conditions )

Nov 2014 – Mar 2016 · 1 yr 4 mos · Bangalore, India

• Integrated customer Web & API platforms onto the Akamai Web Application Firewall, enhancing security measures.
• Scoped web architecture and identified security pain points, providing tailored protection strategies.
• Developed custom logic mitigation strategies to address functional exploits and debugged attack scenarios.
• Configured DoS and DDoS mitigation gear, including rate limiting and addressing Slowloris attack vectors.

Oct 2013 – Nov 2014 · 1 yr 1 mo

• Working on Edge Routers and Load Balancers and Web Application Firewalls, Deploying and troubleshooting them in production Environments
• Contributing content to Barracuda Technical Library for better solutions and best practices on the Link Balancers, ADC Load Balancers and WAF Products
• Integrating web based applications over the ADC and WAF for Service Scalability and Security

Jul 2011 – Oct 2013 · 2 yrs 3 mos

• Working on Edge Routers and Load Balancers and Web Application Firewalls, Deploying and troubleshooting them in production Environments

Sep 2010 – Jun 2011 · 9 mos

• Network Services: Maintaining DHCP and DNS Servers for Bank of America (BofA)

Sep 2009 – Sep 2010 · 1 yr

• Provide L1 Support to the Corporate Client DOW Chemicals