Karl Marx Thangappan, Developer in London, United Kingdom
Karl is available for hire
Hire Karl

Karl Marx Thangappan

Verified Expert  in Engineering

Bio

Karl is a security architect and cloud engineer with 14+ years of experience in the IT industry. He specializes in product security and compliance, cybersecurity, DevSecOps, auditing, system automation, business continuity, and database management. Karl is also working as a security consultant and blog writer to share knowledge about AWS, Azure, GCP, database, and Oracle Apps DBA.

Portfolio

Genesys
Information Security, CISSP, Cloud Security, Information Audits, Security, NIST...
Letshego Microfinance Bank
Amazon Web Services (AWS), Authentication, Azure, CISSP, Security...
Nedbank Group
Authentication, Database Security, Core Banking Systems...

Experience

  • Core Banking Systems - 10 years
  • Information Security - 9 years
  • Cloud Security - 7 years
  • Cybersecurity - 7 years
  • ISO 27001 - 5 years
  • DevSecOps - 5 years
  • CISSP - 1 year

Availability

Full-time

Preferred Environment

ISO 27001, Databases, Cloud Security, Vulnerability Management, CISSP, Information System Audits, Identity & Access Management (IAM), Amazon Web Services (AWS), DevSecOps, Azure, Access Control, Architecture

The most amazing...

...thing I've done is designing, deploying, and reviewing security for a cloud infrastructure solution.

Work Experience

Product Security and Compliance Manager

2021 - 2022
Genesys
  • Managed end-to-end product security and compliance, worked in groups to ensure the product was secure across AWS and Azure SaaS offerings, implemented DevSecOps for 70 products, and updated application security policy.
  • Worked on AWS, Azure, GCP, CyberArk, Jira, Aha!, and DevSecOps tools such as Prisma, Black Duck, Checkmarx, and Tenable on CD/CI pipeline for 60+ products to ensure compliance with SOC2, ISO, and PCI DSS.
  • Reviewed security of a new product called HLA, AWS and Azure infrastructures, and development and operational stages.
  • Collaborated with the engineering and development teams to ensure all the products complied with policy and security standards, including ISO, SOC2, HIPAA, UK Cyber Essentials, PCI, and GDPR.
  • Designed and implemented a PAM solution with CyberArk, applying RBAC, just-in-time access, and least privilege principles. Enforced security policies for on-premise and cloud environments for consistent access control and minimal privilege abuse.
  • Evaluated new security requirements, tools, and products and designed and mapped the PII data flow for each product.
  • Designed infrastructure and managed and deployed products in the AWS environment while utilizing VPC, routing, security group, internet gateway, EC2 instance, CloudWatch, CloudTrail, and Security Hub.
  • Collaborated with the product manager to ensure all the products were reviewed using threat modeling, pentest, 3rd-party vulnerability, and static and dynamic code analysis.
  • Presented a security roadmap each quarter to leadership. Published an intranet blog for security standards and best practices and updated the security policy and standards.
  • Designed and implemented OneLogin for enterprise Identity and Access Management (IAM), optimizing secure access and identity governance across the organization.
Technologies: Information Security, CISSP, Cloud Security, Information Audits, Security, NIST, Azure, Google Cloud Platform (GCP), Software Architecture, Vulnerability Assessment, Risk Management, Threat Modeling, Security Testing, Solution Architecture, PCI DSS, PCI Compliance, Amazon Web Services (AWS), HITRUST Certification, Authentication, Vulnerability Identification, APIs, Cloud, CyberArk, ISO 27001, Cybersecurity, Identity & Access Management (IAM), Security Engineering, Communication, API Gateways, Host-based Security Systems (HBSS), Data Center Migration, IT Systems Architecture, DevSecOps, Migration, Security Architecture, Software Development Lifecycle (SDLC), Middleware, Network Security, SecOps, Application Security, CISO, AWS DevOps, Amazon S3 (AWS S3), CI/CD Pipelines, Penetration Testing, Network Protocols, Networks, Security Analysis, Okta, Access Control, AWS IAM, HIPAA Compliance, Architecture, Splunk, Secure Containers, Containers, Container Orchestration, Kubernetes, Python, Disaster Recovery Plans (DRP), Rapid7, OWASP, .NET, SIEM, SOC 2, Compliance, Monitoring, IDS/IPS, Antivirus Software, Fuzz Testing, Blockchain & Cryptocurrency, Go, Single Sign-on (SSO), Vulnerability Management, Asset Management, Endpoint Security, Security Audits, Azure Key Vault, SharePoint, OAuth, SAML, OpenID, Automation, Azure Cloud Security, Cloud Infrastructure, Product Security, Terraform, Active Directory (AD), OAuth 2, OpenID Connect (OIDC), SAML 2.0, Privileged Access Management (PAM), B2B, Cloud Architecture, B2C

Technical Consultant

2017 - 2021
Letshego Microfinance Bank
  • Managed 11 countries' IT systems, security, and monitoring.
  • Implemented PAM CyberArk for all 11 countries with system design and grouping of the admin and onboarding admin accounts.
  • Migrated data to the cloud from the datacenter to AWS and Azure.
  • Developed and implemented a self-service IAM system with seamless workflow integration into the HR system (SAGE) and service desk.
  • Designed and managed Joiner, Mover, and Leaver processes, ensuring division- and role-based access tailored to specific organizational needs.
  • Integrated the SAGE system to automate identity and access management for each employee’s lifecycle event.
  • Created a self-service portal for users to request roles, with an approval process before automatic assignment.
  • Ensured streamlined user experience and adherence to security policies while minimizing manual intervention through automation and regular audits.
  • Established a comprehensive audit process, allowing business owners to attest to users and their roles every six months, ensuring compliance and security.
  • Handled the internal IT audit and review of the external audit findings. Deployed the SOC and IDS systems for security monitoring on all the systems.
Technologies: Amazon Web Services (AWS), Authentication, Azure, CISSP, Security, Cloud Security, C#.NET, Online Banking, Core Banking Systems, Know Your Customer (KYC), Databases, API Gateways, Oracle, Host-based Security Systems (HBSS), Data Center Migration, IT Audits, IT Systems Architecture, CyberArk, ISO 27001, PostgreSQL, Information Audits, Cybersecurity, Identity & Access Management (IAM), Security Engineering, Communication, Threat Modeling, DevSecOps, Migration, Security Architecture, Software Development Lifecycle (SDLC), Middleware, Network Security, SecOps, Application Security, CISO, AWS DevOps, Amazon S3 (AWS S3), CI/CD Pipelines, Penetration Testing, Network Protocols, Networks, Security Analysis, Access Control, AWS IAM, Architecture, Splunk, Disaster Recovery Plans (DRP), OWASP, .NET, SIEM, SOC 2, Compliance, Monitoring, IDS/IPS, Antivirus Software, Fuzz Testing, Single Sign-on (SSO), Vulnerability Management, Asset Management, Endpoint Security, Windows PowerShell, Security Audits, Azure Key Vault, SharePoint, OAuth, SAML, OpenID, GitHub Actions, Automation, Azure Cloud Security, Azure DevOps, Cloud Infrastructure, Terraform, Active Directory (AD), OAuth 2, OpenID Connect (OIDC), SAML 2.0, Privileged Access Management (PAM), B2B, Cloud Architecture, B2C

Solution Architect

2015 - 2017
Nedbank Group
  • Developed the system design for new regions as per compliance requirements.
  • Handled the security review of all the deployment and new systems.
  • Managed vulnerabilities for core banking systems for the application and back-end database.
  • Optimized the reporting system for faster and high reliance.
Technologies: Authentication, Database Security, Core Banking Systems, Disaster Recovery Plans (DRP), IT Automation, Data Centers, IT Audits, Migration, CISSP, Security Architecture, Software Development Lifecycle (SDLC), Middleware, Network Security, SecOps, Application Security, Network Protocols, Networks, Access Control, AWS IAM, Architecture, Splunk, OWASP, SOC 2, Compliance, Monitoring, Antivirus Software, Fuzz Testing, Single Sign-on (SSO), Vulnerability Management, Asset Management, Security Audits, Azure Key Vault, SharePoint, OAuth, SAML, OpenID, Automation, Azure Cloud Security, Azure DevOps, Cloud Infrastructure, Terraform, OAuth 2, OpenID Connect (OIDC), SAML 2.0, B2B, Cloud Architecture

Consultant

2012 - 2015
Bancabc
  • Worked on data asset security, identifying and maintaining various data sources and ensuring the data classification was aligned with business requirements.
  • Handled software development security, designing a system focused on building secure access control and auditing capability that involved integration between the core banking and independent credit verification system.
  • Contributed to security operations, designing, testing, and managing the automation of disaster recovery procedures, as well as integrating them with the application and infrastructure within MTD across all five geographies.
  • Managed the security posture using the Center for Internet Security (CIS).
  • Transformed the system security for identity verification and validation capabilities into government identity systems.
  • Implemented Entra ID for IAM, enhancing security through risk-based login management and policy deployment. Streamlined access controls and enforced policies to ensure secure authentication and compliance across the organization.
Technologies: Oracle, Core Banking Systems, IT Audits, Web Security, Cloud Security, Information Security, System Design, Database Security, Amazon Web Services (AWS), Migration, CISSP, Security Architecture, Software Development Lifecycle (SDLC), Middleware, Network Security, SecOps, Application Security, AWS DevOps, Amazon S3 (AWS S3), CI/CD Pipelines, Network Protocols, Networks, Access Control, AWS IAM, Architecture, Disaster Recovery Plans (DRP), OWASP, .NET, SIEM, SOC 2, Compliance, Monitoring, Single Sign-on (SSO), Vulnerability Management, Asset Management, Endpoint Security, Windows PowerShell, Security Audits, OAuth, Automation, Azure Cloud Security, Cloud Infrastructure, Active Directory (AD), OAuth 2, OpenID Connect (OIDC), Privileged Access Management (PAM), B2B

Privileged Access Management Product

https://swotpam.com/
• Developed and implemented a comprehensive PAM solution for clients focused on securing privileged accounts. Key features included a centralized password vault for storing and rotating credentials, ensuring encrypted protection.
• Seamlessly integrated with LDAP, AWS, Azure, network tools, and databases, providing uniform management across hybrid and multi-cloud environments.
• Enabled just-in-time (JIT) access and enforced role-based access control (RBAC), adhering to least privilege principles to minimize over-privileged access.
• Automated workflows for privileged user requests, including multi-step approvals, provisioning, and revocation, with full audit trails.
• Implemented policy enforcement and compliance monitoring, aligning with regulatory standards such as SOX, GDPR, NIST, and ISO.
• Integrated multi-factor authentication (MFA) to strengthen security and provided real-time session monitoring and recording for privileged user activities.
• Designed the solution for scalability, supporting enterprise growth while ensuring robust security for both on-premise and cloud environments.

Lead DevSecOps Engineer

I spearheaded a transformative project to fortify our development pipeline by integrating advanced security measures, streamlined automation, and enhanced collaboration tools. The project primarily focused on implementing static application security testing (SAST) and dependency check scans using Snyk while seamlessly integrating these processes with Jira for efficient issue tracking and resolution.

The journey began with a comprehensive analysis of our existing infrastructure and development practices. Recognizing the critical importance of security in modern software development, I initiated the adoption of Snyk to conduct SAST and dependency check scans. Leveraging its powerful capabilities, I developed custom scripts to automate the scanning process, ensuring a thorough examination of code for potential vulnerabilities and dependencies.

I also engineered a sophisticated script to parse and categorize scan results, creating separate Jira tickets for different projects and development teams based on severity and status.
I integrated Gitlab, Snyk, and Splunk, a centralized logging and analytics platform.

Lead Operation Security

• Worked on operational security management, leveraging tools such as Datadog, GCP Security Command Center, and SonarQube to enhance system protection and compliance.
• Spearheaded the implementation of ISO 27001 standards, ensuring alignment with regulatory and security frameworks.
• Led risk management initiatives, identifying and mitigating potential threats to minimize vulnerabilities.
• Played a key role in multiple projects focused on integrating DevSecOps tools into the CI/CD pipeline, driving continuous improvement in security and development practices.
• Conducted thorough code reviews utilizing SonarQube, alongside executing manual security testing with Burp Suite to identify and resolve vulnerabilities.

Cloud Security

• Led the creation of policies for microservices, DevSecOps tooling standards, and security incident management.
• Integrated GCP Security Command Center with Jira for unified security incident management.
• Implemented Lacework for enhanced threat detection and compliance monitoring.
• Deployed SonarQube for SAST and container scanning to ensure code quality and vulnerability assessments.
• Managed third-party library scans with Graye to mitigate potential vulnerabilities.
• Implemented WAF technology with Reblaze for web application security.
• Managed log data using DataDog efficiently for enhanced monitoring and incident response.
• Demonstrated expertise in managing GRC and ISO27001 controls to ensure regulatory compliance.

DevSecOps

• Implemented DevSecOps with the CD/CI Jenkins pipeline.
• Deployed CheckMarx, Black Duck, OWASP ZAP, Nessus, and PrismaCloud as part of the SAST, DAST, container scan, network scan, and managing the vulnerability part of the BAU.
• Worked with the development team to ensure critical and high vulnerabilities were fixed.

AWS System Design

• Architected AWS infrastructure and services in alignment with existing on-premise requirements, ensuring a seamless migration of systems to the AWS environment and thorough functionality testing.
• Implemented CIS Benchmark standards to enhance security posture and enabled comprehensive monitoring through AWS services such as CloudTrail, CloudWatch, Security Hub, and the Web Application Firewall (WAF).

Risk-based Vulnerability Management

• Automating different sources of vulnerability (Qualys, DevSecOps scan, and cloud projects) into the Central repo.
• Mapping with client risk management.
• Prioritizing the vulnerability based on the risk assessment.
• Mapping with company policy violations.
• Mapping with control weakness.
• Automating with the Jira ticket system.
• Assigning to the asset owner and working with different teams to fix the vulnerabilities.

DevOps Pipeline Setup With GCP and GitHub

GitHub Repository Setup:
• Established a GitHub repository to host the project's source code and configurations.
• Managed access control to the repository, granting developer permissions.

CI/CD Pipeline Development:
• Implemented a robust CI/CD pipeline using GitHub Actions, enabling automatic builds and deployments.
• Configured distinct workflows for development, test, and production environments to ensure code quality and reliability.

GCP Cloud Integration:
• Seamlessly integrated the project with Google Cloud Platform services.
• Utilized GCP Cloud Run for containerized application deployment and scaling.
• Leveraged GCP Cloud Build for automating build processes and resource provisioning.

Workflow Automation:
• Engineered an approval workflow within GitHub to ensure controlled code promotion.
• Designed a system for code reviews and approvals before moving code changes between different environments.
MARCH 2022 - PRESENT

Certified Information System Security Professional (CISSP)

ISC2

NOVEMBER 2020 - PRESENT

Certified Ethical Hacker (CEH)

EC-Council

MAY 2020 - PRESENT

Stanford Advanced Computer Security Program

Stanford University

FEBRUARY 2020 - PRESENT

Certified Information System Auditor (CISA)

ISACA

JANUARY 2020 - PRESENT

AWS Certified Security Specialty

Amazon Web Services

DECEMBER 2019 - PRESENT

Azure Security Engineer Associate

Microsoft

Libraries/APIs

OpenID

Tools

AWS IAM, Splunk, Azure Key Vault, SonarQube, Jenkins, GitHub, Terraform

Frameworks

OAuth 2, .NET, Windows PowerShell

Paradigms

DevSecOps, Fuzz Testing, Automation, Azure DevOps, B2B, B2C, Security Software Development, Penetration Testing, HIPAA Compliance, .NET Security Model, DevOps

Platforms

Amazon Web Services (AWS), Azure, Kubernetes, SharePoint, Google Cloud Platform (GCP), Oracle, QualysGuard, Rapid7

Storage

Databases, PostgreSQL, Amazon S3 (AWS S3), Azure Cloud Services, Database Security, Data Centers

Industry Expertise

Cybersecurity, Network Security

Languages

Go, SAML, YAML, C#.NET, Python

Other

Information Security, Cloud Security, Vulnerability Management, CISSP, Identity & Access Management (IAM), Security, Authentication, Vulnerability Identification, Cloud, IT Security, IT Audits, IT Systems Architecture, Disaster Recovery Plans (DRP), Migration, Security Architecture, Software Development Lifecycle (SDLC), Middleware, Architecture, Compliance, Monitoring, Privileged Access Management (PAM), ISO 27001, CyberArk, Information Audits, NIST, Software Architecture, Vulnerability Assessment, Risk Management, Threat Modeling, Security Testing, Solution Architecture, SecOps, Application Security, AWS DevOps, CI/CD Pipelines, Network Protocols, Networks, Security Analysis, Access Control, AWS Certified Solution Architect, Secure Containers, Containers, Container Orchestration, OWASP, SIEM, SOC 2, Single Sign-on (SSO), GitHub Actions, Asset Management, Endpoint Security, Security Audits, OAuth, Azure Cloud Security, Cloud Infrastructure, Active Directory (AD), OpenID Connect (OIDC), SAML 2.0, Cloud Architecture, Security Management, Security Engineering, IT Governance, Business Continuity, Information Asset Protection, Information Gathering, Hacking, Cloud Computing, Cryptography, Information System Audits, Information Security Management Systems (ISMS), PCI DSS, PCI Compliance, HITRUST Certification, APIs, Online Banking, Core Banking Systems, Know Your Customer (KYC), API Gateways, Host-based Security Systems (HBSS), Data Center Migration, IT Automation, Web Security, System Design, Communication, CISO, Assets, Coding, Ethical Hacking, Information Systems, Acquisitions, Development, Implementation, Operations, IT Management, Web Applications, Wireless Networking, Okta, Security Assessment, Risk, GRC, IDS/IPS, Antivirus Software, Blockchain & Cryptocurrency, Web Application Firewall (WAF), Detection Engineering, Product Security

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring