Karl Marx Thangappan
Verified Expert in Engineering
Security Architect and Developer
Karl is a security architect and cloud engineer with 14+ years of experience in the IT industry. He specializes in product security and compliance, cybersecurity, DevSecOps, auditing, system automation, business continuity, and database management. Karl is also working as a security consultant and blog writer to share knowledge about AWS, Azure, GCP, database, and Oracle Apps DBA.
Portfolio
Experience
Availability
Preferred Environment
ISO 27001, Databases, Cloud Security, Vulnerability Management, CISSP, Information System Audits, Identity & Access Management (IAM), Amazon Web Services (AWS), DevSecOps, Azure, Access Control, Architecture
The most amazing...
...thing I've done is designing, deploying, and reviewing security for a cloud infrastructure solution.
Work Experience
Product Security and Compliance Manager
Genesys
- Managed end-to-end product security and compliance, worked in groups to ensure the product was secure across AWS and Azure SaaS offerings, implemented DevSecOps for 70 products, and updated application security policy.
- Used AWS, Azure, GCP, CyberArk, Jira, Aha!, and DevSecOps tools such as Prisma, Black Duck, Checkmarx, and Tenable on CD/CI pipeline for 60+ products to ensure compliance with SOC2, ISO, and PCI DSS.
- Reviewed security of a new product called HLA, AWS and Azure infrastructures, and development and operational stages.
- Collaborated with the engineering and development teams to ensure all the products complied with policy and security standards, including ISO, SOC2, HIPAA, UK Cyber Essentials, PCI, and GDPR.
- Designed and managed a privileged access management (PAM) product using CyberArk.
- Evaluated new security requirements, tools, and products and designed and mapped the PII data flow for each product.
- Designed infrastructure and managed and deployed products in the AWS environment while utilizing VPC, routing, security group, internet gateway, EC2 instance, CloudWatch, CloudTrail, and Security Hub.
- Collaborated with the product manager to ensure all the products were reviewed using threat modeling, pentest, third-party vulnerability, and static and dynamic code analysis.
- Presented a security roadmap each quarter to leadership.
- Published an intranet blog for security standards and best practices and updated the security policy and standards.
Technical Consultant
Letshego Microfinance Bank
- Managed 11 countries' IT systems, security, and monitoring.
- Implemented PAM CyberArk for all 11 countries with system design and grouping of the admin and onboarding admin accounts.
- Migrated data to the cloud from the datacenter to AWS and Azure.
- Designed and implemented a self-service IAM system with complete workflow integration with the HR system and service desk.
- Implemented automation for batch jobs, automated the KYC verification and deployed end-to-end DR automation.
- Managed around 500+ systems for the application, database, and support system.
- Handled the internal IT audit and review of the external audit finding.
- Deployed the SOC and IDS system for security monitoring on all the systems.
Solution Architect
Nedbank Group
- Developed the system design for new regions as per compliance requirements.
- Handled the security review of all the deployment and new systems.
- Managed vulnerabilities for core banking systems for the application and back-end database.
- Optimized the reporting system for faster and high reliance.
Consultant
Bancabc
- Worked on data asset security, identifying and maintaining various data sources and ensuring the data classification was aligned with business requirements.
- Handled software development security, designing a system focused on building secure access control and auditing capability that involved integration between the core banking and independent credit verification system.
- Contributed to the security operation, designing, testing, and managing the automation of disaster recovery procedures and integrating with the application and infrastructure within MTD across all five geographies.
- Managed the security posture using the Center for Internet Security (CIS).
- Transformed the system security for identity verification and validation capabilities into government identity systems.
Experience
Privileged Access Management Product
Lead DevSecOps Engineer
The journey began with a comprehensive analysis of our existing infrastructure and development practices. Recognizing the critical importance of security in modern software development, I initiated the adoption of Snyk to conduct SAST and dependency check scans. Leveraging its powerful capabilities, I developed custom scripts to automate the scanning process, ensuring a thorough examination of code for potential vulnerabilities and dependencies.
I also engineered a sophisticated script to parse and categorize scan results, creating separate Jira tickets for different projects and development teams based on severity and status.
I integrated Gitlab, Snyk, and Splunk, a centralized logging and analytics platform.
Ops Sec
• Managing operational security (Datadog, GCP security command center, and SonarQube).
• Implementing ISO 27001.
• Handling risk management.
• Contributing to multiple projects for the CI/CD pipeline integration of DevSecOps tools and vulnerability.
• Reviewing the code from SonarQube and performing manual testing from Burp Suite.
Cloud Security
• Led the creation of policies for microservices, DevSecOps tooling standards, and security incident management.
• Integrated GCP Security Command Center with Jira for unified security incident management.
• Implemented Lacework for enhanced threat detection and compliance monitoring.
• Deployed SonarQube for SAST and container scanning to ensure code quality and vulnerability assessments.
• Managed third-party library scans with Graye to mitigate potential vulnerabilities.
• Implemented WAF technology with Reblaze for web application security.
• Managed log data using DataDog efficiently for enhanced monitoring and incident response.
• Demonstrated expertise in managing GRC and ISO27001 controls to ensure regulatory compliance.
DevSecOps
AWS System Design
Risk-based Vulnerability Management
• Automating different sources of vulnerability (Qualys, DevSecOps scan, and cloud projects) into the Central repo.
• Mapping with client risk management.
• Prioritizing the vulnerability based on the risk assessment.
• Mapping with company policy violations.
• Mapping with control weakness.
• Automating with the Jira ticket system.
• Assigning to the asset owner and working with different teams to fix the vulnerabilities.
DevOps Pipeline Setup With GCP and GitHub
GitHub Repository Setup:
• Established a GitHub repository to host the project's source code and configurations.
• Managed access control to the repository, granting developer permissions.
CI/CD Pipeline Development:
• Implemented a robust CI/CD pipeline using GitHub Actions, enabling automatic builds and deployments.
• Configured distinct workflows for development, test, and production environments to ensure code quality and reliability.
GCP Cloud Integration:
• Seamlessly integrated the project with Google Cloud Platform services.
• Utilized GCP Cloud Run for containerized application deployment and scaling.
• Leveraged GCP Cloud Build for automating build processes and resource provisioning.
Workflow Automation:
• Engineered an approval workflow within GitHub to ensure controlled code promotion.
• Designed a system for code reviews and approvals before moving code changes between different environments.
Certifications
Certified Information System Security Professional (CISSP)
ISC2
Certified Ethical Hacker (CEH)
EC-Council
Stanford Advanced Computer Security Program
Stanford University
Certified Information System Auditor (CISA)
ISACA
AWS Certified Security Specialty
Amazon Web Services
Azure Security Engineer Associate
Microsoft
Skills
Libraries/APIs
OpenID
Tools
AWS IAM, Splunk, Azure Key Vault, SonarQube, Jenkins, GitHub
Platforms
Amazon Web Services (AWS), Azure, Kubernetes, SharePoint, Google Cloud Platform (GCP), Oracle, QualysGuard, Rapid7
Industry Expertise
Cybersecurity, Network Security
Paradigms
DevSecOps, Fuzz Testing, Automation, Azure DevOps, Security Software Development, Penetration Testing, HIPAA Compliance, .NET Security Model
Storage
Databases, PostgreSQL, Amazon S3 (AWS S3), Azure Cloud Services, Database Security, Data Centers
Frameworks
.NET, Windows PowerShell
Languages
Go, SAML, YAML, C#.NET, Python
Other
Information Security, Cloud Security, Vulnerability Management, CISSP, Identity & Access Management (IAM), Security, Authentication, Vulnerability Identification, Cloud, IT Security, IT Audits, IT Systems Architecture, Disaster Recovery Plans (DRP), Migration, Security Architecture, Software Development Lifecycle (SDLC), Middleware, Architecture, Compliance, Monitoring, ISO 27001, CyberArk, Information Audits, NIST, Software Architecture, Vulnerability Assessment, Risk Management, Threat Modeling, Security Testing, Solution Architecture, SecOps, Application Security, AWS DevOps, CI/CD Pipelines, Network Protocols, Networks, Security Analysis, Access Control, AWS Certified Solution Architect, Secure Containers, Containers, Container Orchestration, OWASP, SIEM, SOC 2, Single Sign-on (SSO), GitHub Actions, Asset Management, Endpoint Security, Security Audits, OAuth, Azure Cloud Security, Cloud Infrastructure, Security Management, Security Engineering, IT Governance, Business Continuity, Information Asset Protection, Information Gathering, Hacking, Cloud Computing, Cryptography, Information System Audits, Information Security Management Systems (ISMS), PCI DSS, PCI Compliance, HITRUST Certification, APIs, Online Banking, Core Banking Systems, Know Your Customer (KYC), API Gateways, Host-based Security Systems (HBSS), Data Center Migration, IT Automation, Web Security, System Design, Communication, CISO, Assets, Coding, Ethical Hacking, Information Systems, Acquisitions, Development, Implementation, Operations, IT Management, Web Applications, Wireless Networking, Okta, Security Assessment, Risk, GRC, IDS/IPS, Antivirus Software, Blockchain & Cryptocurrency, Web Application Firewall (WAF), Detection Engineering
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring