Suraj Shirolikar

Technical Program Manager

Bengaluru, Karnataka, India21 yrs 4 mos experience
AI ML PractitionerAI Enabled

Key Highlights

  • Led AI security development at Microsoft.
  • Achieved 100% compliance certification in security governance.
  • Secured $2.5M funding for Zero Trust product roadmap.
Stackforce AI infers this person is a Cloud Security and Compliance expert in the SaaS industry.

Contact

LinkedIn

Skills

Core Skills

Cloud SecuritySecurity GovernanceData ProtectionSecurity ComplianceNetwork SecurityFull-stack DevelopmentOperating System Security

Other Skills

AI-enabled security developmentAgile LeadershipAgile MethodologiesAmazon Web Services (AWS)Application SecurityAutomationAutomation processesAzure ADAzure DevOps ServicesAzure FunctionsBlackduckBurp SuiteBusiness DevelopmentC (Programming Language)C++

About

Experience with cybersecurity operations and implementation of AI products with robust Engineering security controls, guided by my expertise in AI and cloud security. We navigate the intricate landscape of product security and compliance, ensuring our AI innovations meet stringent standards and embody responsible engineering development practices.With strategic focus on risk assessment and mitigation, we have successfully conducted comprehensive security reviews as an Engineering team deployed vital patches Our commitment to security governance is unwavering, as we solidify Microsoft's position as a leader in security.SDLC & Agile Leadership of development teams to deliver high-quality software products, improving project delivery timelinesResponsible AI Systems Security: Implemented security measures for AI systems, reducing vulnerabilities of Application & Cloud Security: Enhanced security for AWS, GCP, and Azure environments, achieving a 40% reduction in security incidents.Network & System Architecture: Designed robust network and system architectures with security by design mindset.Dev-Sec-Ops & Secure Coding: Integrated secure coding practices and CI/CD pipelines, reducing code vulnerabilities by 35%.Power Firmware & Storage: Optimized firmware and storage solutions, improving performance by 15%.Firmware/Hardware/Hypervisor: Managed firmware, hardware, and hypervisor security, decreasing threat exposure by 20%.Filesystem, Encryption, Container, Kubernetes: Implemented secure filesystem, encryption, and containerization strategies, enhancing data protection by 30%.Cyber Security Leadership: Led cybersecurity initiatives, achieving a 25% improvement in overall security posture. Lead Product and programs for security.App-Sec & Product Security Controls: Strengthened application and product security controls.Customer centric Quality Assurance & Compliance: Ensured compliance with GRC standards, achieving 100% compliance certification. Experience creating business process flows framework and SOPsSecure Code Review & Threat Modelling: Conducted secure code reviews and threat modeling, identifying and mitigating 50% more vulnerabilities.EDR, Network DB, API & Endpoint Security: Enhanced endpoint detection and response, network database, API, and endpoint security, reducing incident response time by 30%.SAST, DAST, Code-QL, C-Governance: Implemented SAST, DAST, and Code-QL for code governance, improving code quality by 25%.Conducted VAPT and vulnerability assessments, reducing critical vulnerabilities by 40%.

Experience

21 yrs 4 mos
Total Experience
5 yrs 10 mos
Average Tenure
3 yrs 10 mos
Current Experience

Microsoft

Senior Program Manager

Aug 2022Present · 3 yrs 10 mos · Bengaluru, Karnataka, India · Hybrid

  • Led security development engineering teams with AI-enabled Microsoft products snd applications for feature development, collaborating with stakeholders and vendors. Threat Model, Security, Access management, User space, Business continuity, Encryption, MFA, FTP, secure logging features
  • Conducted VAPT security reviews with PSIRT teams and implemented third-party OS patching for vulnerability mitigation. Cloud and VM deployment configuration and migration on Cloud and on-prim
  • Managed governance for products with Copilot, Responsible AI, and LLM, ensuring adherence to security controls. Systems OS, ADO, Governance Risk and Compliance expert. working with Product and program managers
  • Lead development engineering org while responsible for Audit, Encryption access Storage & Network policy on cloud for Azure (AAD), AWS (IAM), GCP (Network security). DevSecOps, CI/CD, SAST DAST, Engineering development, Security features MFA, User access, Certificate management, IAM, AAD, Microsoft Defender, Incident management, On-call, Azure-Dev-Ops. AWS Networking, WAF
  • Led security operations for cloud-native applications, ensuring robust protection against threats.
  • Implemented Azure security measures and utilized MS Defender for Cloud to enhance enterprise security.
  • Conducted Threat Modelling and Vulnerability Assessments, significantly reducing potential security risks, implementation of DDOS, WAF, IAM on deployment and migration
  • Prioritize decisions and make tradeoffs for the portfolio of products, envision long term strategies in vision documents. Independently work with development teams to take them live and track post launch customer feedback and product usage.
  • Delivered User-Centric solutions for underserved markets, boosting engagement, Data-Driven analytics to optimize features, increasing product adoption
  • Led multi-department initiatives, reducing time-to-market, Security enhancement drove Min-Bar framework, improving policy compliance
AI-enabled security developmentThreat ModelingSecurity governanceCloud securityDevSecOpsIncident management+2

Dell technologies

Principal Software Engineer

Jan 2016Jul 2022 · 6 yrs 6 mos · Bangalore India · On-site

  • Led development and validation of data-domain storage products for container security and cloud security at Dell Technologies. File system, backup and recovery, data protection, User access security, SDL DevSecOps CI and CD, HCM, Kubernetes and containerization configuration Lead security scans like Nessus, Checkmarx, Burpsuite, Qualys, Blackduck, Tenable, Coverity, Fortify, MS defender, Trivy. Malware. Rootkit etc. Secure coding principles, Threat Modelling
  • Certified products for Common Criteria and APL certification for Federal government, utilizing tools like Coverity and Find-bugs/Spot bugs. Cloud Deployment of VM Azure GCP and AWS security
  • Identified and mitigated security misconfigurations in Kubernetes, microservices, config map, secrets scanner using Kubiscan and Kubehunte, while conducting penetration testing with Kali Linux and burp-suite.
  • Executive Stakeholder Engagement: Secured $2.5M funding via Zero Trust product roadmap pitch.
  • Industry Evangelism: Generated 300+ qualified leads through Microsoft conference keynotes.
  • Represented the product at industry conferences and webinars, driving brand awareness and generating 300+ qualified leads, influencing senior leadership through data driven insights.
  • Subject matter expert in data protection (Data Domain), providing field teams and customers with technical guidance, product documentation, and strategic advocacy.
Data-domain storage productsContainer securityCloud securitySecure coding principlesPenetration testingCloud Security+1

Ibm

Senior Staff Software Engineer

Oct 2010Jan 2016 · 5 yrs 3 mos · Bangalore · On-site

  • Led security compliance validation for IBM Power systems servers using Nessus and Qualys, implementing NIST & OWASP standards.
  • Developed firmware strategy for execution in a virtual cloud environment cluster manager on various servers, including Linux/AIX installations.
  • Responsible for hardware and server bring up, Managed network security ipmi, zone config, for IBM Power systems servers NIST Architecture ensuring certification to Common Criteria, APL, HIPPA, SOC2, FedRAMP and PCI standard.
Security compliance validationFirmware strategyNetwork securitySecurity ComplianceNetwork Security

Hcl technologies

Lead Engineer

Jan 2005Oct 2010 · 5 yrs 9 mos · Austin Texas USA, San Jose CA, Bangalore IND. · On-site

  • Validated Operating System AIX & Linux (Red Hat & SLES) EEH, network installations, and configurations.
  • Contributed as a full-stack developer with the Power Firmware Development team using Python.
  • Developed automation processes and features using C++, including encryption and certificate management user access and RBAC features
  • Established writing strategies and executed unit & functional CI CD for Service pack Dec-Sec-Ops Jenkins.
Operating System validationFull-stack developmentAutomation processesFull-stack DevelopmentOperating System Security

Education

B. V. Bhoomaraddi College of Engg. & Tech., Hubli

Bachelor of Engineering

Stackforce found 100+ more professionals with Cloud Security & Security Governance

Explore similar profiles based on matching skills and experience

Mani Bhushan

Mani Bhushan

Engineering leader

at OrbitronAI.com

Bengaluru, India10 yrs 7 mos exp
System ArchitectureCross-functional Team LeadershipGeospatial DataGeospatial IntelligenceAmazon Web Services (AWS)
Jason Martin

Jason Martin

VP FDE

at Databricks

San Francisco, United States33 yrs 5 mos exp
Professional ServicesConsulting
Howard Kelly

Howard Kelly

Founder & Director | Cyber Security, Technology, Data & AI

at Meliora

Hong Kong, Hong Kong SAR13 yrs 7 mos exp
Cyber SecurityRisk Management
Pratik G.

Pratik G.

Security Engineer

at eGain Corporation

Sunnyvale, United States5 yrs 1 mo exp
Cloud Security ArchitectureIAM Governance & Access ControlRisk Assessment & ManagementThreat & Vulnerability ManagementSecurity Controls Implementation & Validation
vishal sharma

vishal sharma

Product Security Engineer

at Newt Global

Bengaluru, India3 yrs 7 mos exp
Application SecurityVulnerability Assessment
Pavan Birlangi

Pavan Birlangi

SDE Intern

at Linux Socials

Bengaluru, India0 mo exp
Databases
B R Raghav

B R Raghav

Software Developer

at Tata Consultancy Services

Bengaluru, India2 yrs 9 mos exp
JavaSpring Boot
Jelit K Raju

Jelit K Raju

Software Developer

at bet365

United Kingdom7 yrs 6 mos exp
GolangMicroservicesJavaSQL