Aditya is available for hire

Aditya Sharma

Verified Expert in Engineering

Application Security Engineer and Developer

Firozabad, Uttar Pradesh, India

Toptal member since July 30, 2024

Expertise

Windows Development Penetration Testing Java System Security C R

Bio

Aditya is an application security engineer with 8+ years of experience at enterprises like EY, Luxoft, Wipro, FIS Global, and TCS. He builds and implements end-to-end programs from scratch, including static, dynamic, and interactive application security testing (SAST, DAST, and IAST), software composition analysis (SCA), and vulnerability triage and remediation. Aditya also scales the programs to the organization's security posture requirements and trains engineers in the process.

Portfolio

Application Security, DevSecOps, Static Application Security Testing (SAST)...

Luxoft

Application Security, Static Application Security Testing (SAST)...

Wipro

Application Security, Application Security Posture Management (ASPM)...

Experience

Penetration Testing - 8 years
Application Security - 8 years
Static Application Security Testing (SAST) - 8 years
Dynamic Application Security Testing (DAST) - 8 years
Vulnerability Assessment - 8 years
Security Champions - 6 years
Threat Modeling - 5 years
Software Composition Analysis (SCA) - 5 years

Availability

Part-time

Preferred Environment

Windows

The most amazing...

...thing I've done is build & scale security, covering SAST, DAST, IAST, SCA, threat modeling, vulnerability assessment, penetration testing, & secure code review.

Work Experience

Manager

2023 - PRESENT

EY

Integrated several SAST and SCA tools, such as Checkmarx and Snyk, in the CI/CD pipeline to reach 100% code coverage for the enterprise.
Managed the complete triage process and introduced a new way to handle false positives, achieving faster code fixes and production releases and fostering the collaboration of the development and security teams.
Oversaw a multi-cloud IAM architecture with Envoy using "secure production identity framework for everyone" (SPIFFE) and the SPIFFE runtime environment (SPIRE).
Produced several sales pitches for requests for proposals.
Drove the application security L&D initiative for the firm to train freshers and experienced resources with industry-led technology and skills.

Technologies: Application Security, DevSecOps, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Interactive Application Security Testing (IAST), Secure Code Best Practices, Checkmarx, Snyk, Contrast Security, Risk Management Framework (RMF), Integrated Development Environments (IDE), Security Champions, Threat Modeling, Vulnerability Assessment, Wiz Cloud Security Platform

Senior Software Security Specialist | Application Security

2023 - 2023

Luxoft

Oversaw SAST and DAST platforms using Micro Focus Fortify and Fortify Software Security Center.
Managed JFrog XRay's Artifactory for SCA scanning.
Applied the security champions program to manage the secure coding guidelines for training developers.

Technologies: Application Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), HP Fortify, Security Champions, Vulnerability Assessment

Senior Project Engineer

2021 - 2023

Wipro

Created, managed, and scaled security programs from scratch, such as SAST, DAST, IAST, SCA, technical security review, secure design review, threat modeling, application security posture management, and vulnerability triage, remediation, and metrics.
Developed a security champions program from scratch and implemented it throughout the enterprise.
Oversaw several application development teams' projects within the enterprise, ensuring application security success.

Technologies: Application Security, Application Security Posture Management (ASPM), Vulnerability Assessment, Penetration Testing, Secure Code Best Practices, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Interactive Application Security Testing (IAST), Threat Modeling, Security Champions Program, Technical Security Assessment, Secure Design Review, Shift-left Testing, Invicti (Netsparker), Dazz, Wiz Cloud Security Platform, Lacework, ZeroNorth, HP Fortify, Checkmarx, Bright Security, DevSecOps, Security Champions, Snyk

IT Security Engineer 2

2021 - 2021

FIS Global

Served as a subject-matter expert for application security to support application development teams.
Procured and integrated the HCL AppScan Standard in the vulnerability assessment process for web application and API security assessments.
Performed manual secure code review for multiple critical banking applications, including the front and back end.

Technologies: Application Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Penetration Testing, Vulnerability Assessment, Security Champions

Information Technology Analyst

2016 - 2021

Tata Consultancy Services

Managed the security assessments of 1,000+ web applications, including SAST, DAST, secure code review, vulnerability assessment, and penetration testing.
Reduced the vulnerability triage process turnaround to two days, creating collaboration between development and security teams.
Oversaw and provided application security training to a group of freshers.

Technologies: Application Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), VAPT, Vulnerability Assessment, Penetration Testing, Secure Code Best Practices, Security Champions

Experience

Application Security Program

https://github.com/Sharmaditya/AppSec-Program

Created a generic application security program architecture that any enterprise can utilize to implement their own security process. This program contains all the secure SDLC and shift-left approaches by inculcating security practices at each SDLC stage.

Education

2016 - 2019

Master's Degree in Computer Science

SASTRA Deemed University - Thanjavur, Tamil Nadu, India

2013 - 2016

Bachelor's Degree in Mathematics and Computer Science

Dayalbagh Educational Institute (DEI) - Agra, Uttar Pradesh, India

Certifications

MARCH 2024 - PRESENT

Microsoft Certified: Azure AI Fundamentals

Microsoft

AUGUST 2022 - PRESENT

eLearnSecurity Web Application Penetration Tester eXtreme (eWPTXv2)

INE (formerly eLearnSecurity)

JULY 2019 - JULY 2022

Certified Ethical Hacker (CEHv10)

EC-Council

Skills

Tools

Checkmarx, IBM Security AppScan, Invicti (Netsparker), HP Fortify

Paradigms

Secure Code Best Practices, Penetration Testing, DevSecOps

Platforms

ZeroNorth, Windows, Azure

Languages

Java, R, C

Other

Application Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Vulnerability Assessment, Vulnerability Remediation, Vulnerability Triage, Snyk, Application Security Posture Management (ASPM), Computer Science, Security Champions Program, Technical Security Assessment, Secure Design Review, Shift-left Testing, Dazz, Bright Security, Software Composition Analysis (SCA), Threat Modeling, Security Champions, Data Structures, Interactive Application Security Testing (IAST), Risk Management Framework (RMF), Integrated Development Environments (IDE), Graph Theory, VAPT, Wiz Cloud Security Platform, Lacework, Contrast Security

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring