About
Highly accomplished Application Security Specialist with over 11 years of experience driving secure SDLC across diverse industries including finance, banking, retail, software, and IoT. Expert in integrating threat modeling, SAST/DAST/SCA/IAST/WAF, and DevSecOps practices to build robust, organization-wide secure coding standards. Proven track record of delivering measurable risk reduction, automating CI/CD security gates, and significantly strengthening overall security posture and compliance.
Work
Verisure
|Senior Security Engineer
Malmö, Sweden, Sweden
→
Summary
Currently leading product security initiatives for hardware and software teams at Verisure, managing the comprehensive Application Security program.
Highlights
Directed end-to-end product security for both hardware and software development, ensuring a robust security posture from design through deployment.
Managed the entire Application Security program, driving the adoption of best practices and continuous improvement across the product lifecycle.
Utilized a diverse toolkit including Snyk, SonarQube, GitHub Advanced Security, Proxmark3, Kali Linux, Flipper Zero, and HackRF for comprehensive security assessments and threat mitigation.
Collaborated with cross-functional product teams, leveraging AWS, Jira, and Confluence to embed security early in the development process.
IKEA via Telescope Services AB
|Security Engineer
Malmö, Sweden, Sweden
→
Summary
Managed Application Security and implemented secure SDLC best practices for IKEA, enhancing product security and vulnerability management.
Highlights
Led the Application Security function, implementing secure SDLC best practices across IKEA's product development lifecycle.
Collaborated with product teams to embed security, conducting threat modeling, SAST, DAST, and SCA to proactively identify and mitigate vulnerabilities.
Utilized a comprehensive suite of security tools including GHAS, Polaris, SonarQube, BlackDuck, and InsightVM to manage and remediate security flaws.
Integrated security processes within GitHub, GCP, Azure, and Jira environments to ensure continuous security monitoring and compliance.
Openinspect.io
|Cybersecurity Consultant (Self-Employed)
Bangalore, India, India
→
Summary
Provided expert cybersecurity consulting, managing application security and secure SDLC for public-facing web applications for private clients.
Highlights
Directed application security and secure SDLC for public-facing web applications, significantly enhancing security posture for private clients.
Optimized SOC operations by configuring SIEM alerts and crafting bespoke use cases in Splunk and ArcSight, improving threat detection accuracy.
Executed comprehensive AppSec tasks, including SAST/DAST/RASP, OSS, WAF implementation, and manual penetration testing.
Leveraged a wide array of security tools such as Fortify SCA, Coverity, Veracode, AppScan, Burp Suite, Akamai/Imperva WAF, and Jenkins for robust security assurance.
ASG Technologies
|Security Architect
Chennai, India, India
→
Summary
Designed and implemented robust security architectures, leading vulnerability management, application security, and compliance initiatives to protect critical systems and data.
Highlights
Led comprehensive vulnerability assessments and penetration testing (VAPT), significantly enhancing the security posture of key applications and systems.
Developed and implemented robust application security measures, ensuring critical software applications remained secure against evolving threats.
Oversaw network security protocols and data protection strategies, achieving compliance with industry standards.
Directed mobile application security initiatives, identifying and mitigating risks to user privacy and data integrity.
Conducted thorough API security testing, safeguarding integrations and data exchanges between systems.
Implemented DevSecOps practices, reducing vulnerabilities by embedding security into the development lifecycle.
Executed proactive threat modeling and utilized tools like Fortify, Nessus, and Qualys for real-time security flaw identification and remediation.
Ensured adherence to FIPS 140-2, US-CERT, and HIPAA standards, bolstering organizational compliance and trust.
Envestnet | Yodlee
|Security Analyst
Bangalore, India, India
→
Summary
Managed and enhanced security operations within a cutting-edge Security Operations Center (SOC), focusing on threat detection, vulnerability management, and compliance.
Highlights
Managed critical security operations within a Security Operations Center (SOC), ensuring robust defense for organizational assets.
Monitored, analyzed, and administered SIEM solutions (ArcSight, Splunk Enterprise), enhancing threat detection capabilities by 15%.
Developed and implemented tailored use cases, improving vulnerability addressal and overall security posture.
Conducted quarterly VAPT with Fortify and AppScan, proactively identifying and addressing security weaknesses.
Managed defenses against DDoS attacks, suspicious spikes, and insider threats, utilizing preventive and detective tools to maintain system integrity.
Oversaw DLP using SecureSync and Mimecast, safeguarding Personal Identifiable Information (PII) and ensuring data privacy.
Ensured compliance and patching of servers and network devices, strengthening the overall cybersecurity framework.
Integrated Web Application Firewall (WAF) Imperva with Splunk, improving web threat monitoring and response capabilities.
Lore Software Solutions
|Information Security Analyst
Bangalore, India, India
→
Summary
Responsible for ensuring global access control, physical security, and compliance, actively participating in audits and risk mitigation.
Highlights
Streamlined quarterly re-certification of over 300 global access points, ensuring proper authorization and compliance.
Managed worldwide user access via ZScaler, maintaining secure connectivity and consistent policy enforcement.
Oversaw physical security operations through ArcSight, supervising IronKey encrypted USB drives and RSA tokens for secure authentication.
Participated in internal audits and monitored organizational social media, proactively identifying potential compromises.
Maintained strict role-based access controls, reducing unauthorized usage and security risks across systems.
Supported business continuity planning during crises, conducting vulnerability scans on over 3000 servers and sites using QualysGuard.
Actively managed incidents, phishing investigations, and malware analysis, contributing to a strengthened security culture.
Education
The University of Manchester
→
Master's Degree
Advanced Computer Science with specialization in Computer Security
Dr. M.G.R. University
→
Bachelor's Degree
Computer Science & Engineering
Grade: CGPA 8.29/10 First Class with Distinction
JNV Katihar
→
High School
Secondary Education
Grade: 79.8%
JNV Katihar
→
High School
Secondary Education
Grade: 78.8%
Languages
English
Certificates
Certified Information Security Manager (CISM)
Issued By
ISACA
Security Assessment & Testing
Issued By
Cybrary
QualysGuard Certified Specialist - Vulnerability Management
Issued By
Qualys
Zscaler Certified Cloud Administrator (ZCCA)
Issued By
Zscaler
Certified Ethical Hacker v8
Issued By
EC-Council
CCNA Security
Issued By
Cisco
ITIL Foundation v3
Issued By
EXIN
Skills
Application Security
SAST, DAST, SCA, IAST, RASP, Threat Modelling, DevSecOps, OWASP Top 10, Burp Suite Pro, Vulnerability Assessment and Penetration Testing (VAPT).
Cloud Security
AWS, Azure, GCP.
Network Security
Zero Trust, ZScaler, VPN, Firewall, IDS, IPS.
Vulnerability Management
QualysGuard, Nexpose.
Cryptography
Encryption, Symmetric: DES, 3DES, AES, IDEA, RC4, Asymmetric: RSA, ECC, Diffie-Hellman, ElGamal, DSA.
SIEM / SOC Operations
Splunk Enterprise Security, ArcSight.
Data Loss Prevention (DLP)
SecureSync (in-house), Proofpoint, Mimecast.
Malware Analysis
Cuckoo Sandbox.
Endpoint Security
Forescout, McAfee, Symantec.
Programming Languages
Python 3.x, Java, JavaScript, C#, C++.
Interests
Travel
Travelling, Roadtrip.
Content Creation
Making Reels.
Finance
Stock Trading.