Arun Pillai
Verified Expert in Engineering
DevSecOps Architect and Developer
Dubai, United Arab Emirates
Toptal member since December 1, 2022
Arun is a senior DevSecOps architect with 12 years of experience and a master's degree in IT. He has worked with government departments, banks, telecoms, healthcare companies, and small to medium-scale enterprises worldwide. Arun also has solid expertise in IT security consulting, focusing on DevSecOps, risk assessment, threat and vulnerability management, vulnerability assessment penetration testing, secure code review, security architecture review, and cloud security and migrations.
Portfolio
Experience
- Consulting - 11 years
- Risk Assessment - 10 years
- Security Architecture Review - 10 years
- Application Security - 10 years
- Security Architecture - 10 years
- DevSecOps - 8 years
Availability
Preferred Environment
Azure DevOps Services, Threat Modeling, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), AZ-900, Microsoft
The most amazing...
...thing I've developed is an application security framework for a software service provider as part of an incident investigation security consulting engagement.
Work Experience
DevSecOps Expert
Standard Chartered Ventures - Furaha
- Implemented CIS controls for greenfield fintech startups. Wrote policies, standards, and procedures. Defined, established, and operationalized SLA and KPIs.
- Implemented security tooling into SDLC and AWS cloud. Performed DevSecOps integration with Lambda, AWS Security Hub, SNS topics, AWS Inspector, Jira, Jira ITSM, and Github advanced security and action scripts.
- Defined, established, and operationalized security governance, risk, and compliance. Faced CIS control readiness audit with internal and external stakeholders.
Senior DevSecOps Architect
Wipro
- Built DevSecOps service offerings and a go-to-market strategy, achieving the revenue target of $2 million for DevSecOps offerings in the first year of role out.
- Defined, standardized, and operationalized DevSecOps solutions for customer demos, presale collaterals, and sales enablement to position DevSecOps offerings.
- Developed Wipro's application security framework to conduct threat modeling, architecture reviews, and control definition.
- Established and operationalized the penetration testing center of excellence (COE) for an energy and manufacturing customer account, moving toward freelance-based resourcing capabilities.
- Created and published skill-specific training programs for DevSecOps and architecture COE to increase the organization's enterprise security architecture skills.
Security Manager
Accenture
- Led end-to-end security architecture analysis, design, and implementation and ensured that the product fulfilled requirements, working with the solution integration architect, other project team members, and client stakeholders as needed.
- Identified and proactively managed security-related project risks.
- Worked with the customer and end users to define security technical and functional requirements.
- Liaised with the client security team to understand and follow security procedures and fulfill required control measures.
- Defined the security architecture, ensuring it met the business requirements and performance goals defined by the client's long-term direction.
- Collaborated with other architects and leads to ensure that the security components, including security technology, operations, and management, were integrated as defined in the requirements.
- Analyzed the capabilities and limitations of the security components.
- Obtained stakeholder buy-in and relevant sign-offs for the security requirements design.
- Functioned as an information security architect to implement various security solutions and controls for banks to meet legal and regulatory compliance in various areas, including its internal employee or user authentication strategy.
- Implemented security solutions and controls for banks to meet regulatory compliance in security orchestration, automation, and response; internal security awareness and training programs; and the security risk remediation project: Duo Uplift.
IT Security Architect
Cognizant
- Worked with project teams to define security requirements for new systems in line with the enterprise information security architecture.
- Provided security design recommendations based on enterprise information security architecture and solution patterns.
- Guided and assisted in the development of security standards for IT platforms in line with the information security architecture.
- Maintained an up-to-date understanding of emerging information security architecture trends and applied new techniques to the principle's information security architecture.
- Performed control reviews and system assessments to develop risk profiles for IT systems and evaluate the efficiency and effectiveness of the IT control environment.
- Identified efficiency to improve the performance and responsiveness of the ITSSR information security architecture function.
- Prepared and presented security design and architectural review reports to system owners, business units, and others.
- Evaluated the principle's current software security posture and proposed mitigation and remediation plans to meet software security assurance requirements.
- Translated technical security deficiencies into business risks understandable by business stakeholders to get buy-in for security investments.
- Collaborated with the certification and accreditation team in building and designing the DevOps pipeline and designed and delivered an Azure Identity solution across the World Bank Group's IT estate.
IT Security Project Manager
QAssure Technologies
- Reported to the CEO and, depending on the project, managed up to eight resources to set up consulting and advisory services on the IT security practice.
- Led the team in security activities like security and vulnerability assessments, penetration testing, and security audit for applications and infrastructure.
- Managed the development of in-house security toolkits and products to offer IT security consulting services for end-users and partners.
- Coordinated with partners on the client security leadership team in the development of their security strategies and solutions that align business priorities with technology options.
- Created a proposal and statement-of-work write-up and conducted a technical demonstration for professional service opportunities to support presales and sales activities during the tender bidding process.
- Conducted information security awareness training and workshops to build and grow the offshore team of security professionals, addressing change on the accounts.
- Developed the roadmap for offering consulting and advisory services within the IT security business unit.
- Devised strategies for building a reputation as an IT security service provider by teaming up with sales and top management.
- Delivered the vulnerability management program for a government cloud.
- Built a hardware-based hacking toolkit for point-of-sale penetration testing.
Experience
Security Architecture Review for Medical Devices
Annual Risk Assessment and Remediation for GRC
Incident Investigation for Field Apps
Schneider Electric SDLC Policy Creation
• Preparing policy table of content.
• Writing the SDLC framework that aligns with security, quality, marketing, legal, DevSecOps, and development practices followed within the client organization.
• Publishing SDLC framework for R&D and digital transformation group.
• Presenting SDLC policy to Schneider stakeholders.
DevSecOps Assessment and Roadmap Implementation
• Presented initial Hypothesis from the initial discussion.
• Conducted data analysis based on artifacts shared in the interview notes.
• Presented AS-IS report and reconciled findings based on stakeholder feedback.
• Wrote final recommendations and roadmaps and presented them to respective stakeholders.
• Built DevSecOps Blueprint and Sample Reference Architecture.
• Created SOW for Phase-1 and Phase-2 implementations.
• Implemented the Roadmap.
CloudEra Risk Assessment
• Calculating capture potential risk and discussing the prevailing risk to lower risk score.
• Publishing the initial draft with the risk score and associated mitigations.
• Publishing the final risk assessment report.
• Supporting remediation and advising the team on remediation efforts and coordination.
Education
Progress Toward a Doctorate in IT Security
Swiss School of Business and Management Geneva - Geneva, Switzerland
Master's Degree in Information Technology
Sikkim Manipal University - Manipal, India
Bachelor's Degree in Software System
Bharathiar University - Coimbatore, Tamil Nadu, India
Certifications
Microsoft Certified: Security Operations Analyst Associate
Microsoft
Microsoft Certified: Information Protection Administrator Associate
Microsoft
Microsoft Certified: Security, Compliance, and Identity Fundamentals
Microsoft
Microsoft Azure Fundamentals
Microsoft
Certified in Risk and Information Systems Control
ISACA
The Open Group Certified: TOGAF 9 Certified
The Open Group
Certified Information Systems Security Professional
(ISC)²
Skills
Libraries/APIs
Vulkan
Tools
HP Fortify, Checkmarx, Azure DevOps Services, Ansible
Paradigms
DevSecOps, Penetration Testing, DevOps, HIPAA Compliance, Security Software Development, Security Orchestration, Automation, and Response (SOAR), Azure DevOps
Platforms
Nexus, Azure, Duo, Microsoft, Amazon Web Services (AWS), Shopify, Linux, Windows
Industry Expertise
Security Advisory, Cybersecurity, E-learning, System Development Life Cycle (SDLC)
Storage
SQL Injection Protection, Azure Cloud Services
Languages
Python, Java, SAML, RAPID, Bash, JavaScript
Frameworks
TOGAF
Other
Application Security, Static Application Security Testing (SAST), Web Security, Security Architecture, Dynamic Application Security Testing (DAST), Risk Assessment, Risk Management, Security Assessment, Security Management, Security Architecture Review, SAMM, Web App Security, Threat Modeling, Consulting, Veracode, Vulnerability Assessment, IT Security, Information Security, Certified Information Systems Security Professional, Software Development Lifecycle (SDLC), Security, CISSP, Security Policies & Procedures, Axioma Risk Monitor, Monitoring, IT Systems Engineering, CI/CD Pipelines, Ethical Hacking, Endpoint Detection and Response (EDR), Endpoint Security, Vulnerability Management, OWASP, Managed Security Service Providers (MSSP), Source Code Review, AI Security, Technical Writing, Documentation, Mobile Security, Information Technology Enabled Services (ITES), Security Testing, Support & Maintenance, Enterprise Architecture, TOGAF ADM, Software Composition Analysis (SCA), Security Breach Consulting, Cloud Security, ISO 27001, Governance, WhiteSource, Aqua Security, Architecture, NIST, Vulnerability Identification, APIs, Cloud, IT Audits, Authentication, Single Sign-on (SSO), Microsoft Azure, Security Audits, Risk, Information Technology, Risk & Compliance, IT, Controls, Critical Security Controls (CIS Controls), Malware Removal, Identity & Access Management (IAM), Technical Program Management, Business Risk Assessment, Compliance, Communication, AZ-900, Assets, Operations, CISO, Configuration Management, Stakeholder Management, IT Deployments, Security Design, Artificial Intelligence (AI), Cloudflare
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring