Skip to main content
Menu

Work

Currently interested in AppSec, InfoSec, DevSecOps, DevOps, Cloud Security.

Experience

I am an Information Security Professional with more than 8+ years of professional experience. I love to play with open-source tools and more inclined towards defense than offense in the Information Security domain. I works with the Operation and Development team, solving challenging between security and DevOps team.

  • Palo Alto Networks

    Technical Product Manager • Feb 2021 – Present

    • Working on technology, such as AWS Lambda, Azure functions, AWS Fargate, Docker, and Kubernetes along with other cloud services.
    • Research on the competitive landscape in Container and serverless security, formulate competitive strategy, and articulate key differentiation.
    • Execute competitive analysis projects by researching container security competitors and their key strengths and weaknesses.

    NotSoSecure

    Senior Security Consultant • Dec 2018 – Feb 2021

    Assesses, defines, implements, participates in and supports DevSecOps programs for NotSoSecure clients. Engagements span from simple IT projects to large-scale, enterprise-level transformation programs. Collaborate with teams and aid in developing consultative solutions to implement client DevSecOps capabilities to enable secure product development. Conduct methodology and architecture security assessments and define solutions to produce tailored DevSecOps platforms inclusive of target state people, process, and technology operating models.

    • Support clients achieving the benefits that DevSecOps can offer Contribute to/participate in the design and implementation of DevSecOps platforms which covers areas such as integrating security into build automation, deployment automation, test automation, SDLC orchestration, environment management, monitoring, and production release procedures.
    • Drive adoption of tools and practices as the client transitions to DevSecOps.
    • Containerization principles and frameworks (Docker, Kubernetes).

    Philips Healthcare

    Specialist, Product Security • Aug 2017 – Dec 2018

    Work closely in between the development and DevOps teams to help in implementations of security in their process. Use Docker, Tool Automation - ZAP, Burp, Webinspect, Nessus, Vagrant

    • Implementation of the security tools based on the design and specifications.
    • Work with the developers during the implementation and development of security features.

    Zebra Technologies

    Senior Security Engineer • March 2017 – Aug 2017

    Responsible for security testing of enterprise mobile computer products across OS platforms (Windows/ Android) for various features (including standard phone features, Barcode Scanning, RFID, NFC) and MDM solutions.

    • Participates in the design and execution of vulnerability assessments, penetration tests and security audits and provides recommendations for application design whenever required.
    • Review requirements specifications and technical design documents to provide timely and meaningful feedback.

    Xerox

    Senior Security Analyst • May 2015 – Mar 2017

    Part of Global Enterprise Vulnerability Assessment and Management team. Responsible for periodic vulnerability assessment and penetration testing activity.

    • Enterprise Vulnerability Management.
    • Internal and External Vulnerability Management.
    • Pentration Testing Web application and Network.

    iViz Techno Solutions

    Security Analyst • Aug 2013 – Apr 2015

    Responsible for performing penetration testing or vulnerability assessments of web applications, networks, wireless networks and firewalls in multi-protocol enterprise system for iViZ clients.

    • Performing VA/PT of web Applications, Networks, Wireless Networks and Mobile App.
    • Perform simple vulnerability analysis of the results from the testing as above and leverage experience beyond simply running vulnerability analysis tools.