Pradeep Kishore Somesula
Verified Expert in Engineering
Security Architect and Developer
Bengaluru, Karnataka, India
Toptal member since October 26, 2022
Pradeep is a lead security advisor with 20 years of experience in the IT sector. He is keen on product and enterprise security architecture, vulnerability, incident response management, application security, risk management, and threat modeling. Pradeep has also worked on enterprise architecture for product development and has become an expert in performing security reviews and assessments.
Portfolio
Experience
- Application Security - 20 years
- Web Security - 20 years
- Java Security - 20 years
- Risk Management - 12 years
- Vulnerability Management - 12 years
- Cloud - 10 years
- Threat Modeling - 8 years
- Security Architecture - 6 years
Availability
Preferred Environment
Application Security, Web Security, IoT Security, Java Security, Python, Cloud, Risk Management, NIST, Privacy, Compliance
The most amazing...
...role I've performed is that of a security advisor and architect for various cloud apps.
Work Experience
Senior Principal | Director | Security Advisor
Dell
- Served as a security advisor for 15 solutions, including cloud applications, on-premise products, and firmware. Acted as the director of cyber security for about six months until the position was filled.
- Spearheaded the security architecture, security code reviews, threat modeling, and vulnerability and risk management.
- Drafted risk management policies and standards based on NIST 800-37, high-value asset standards, and risk escalation procedures.
- Assisted the VP of engineering in making customer-first decisions within the acceptable risk levels and helped engineering teams by advising on different risk mitigation strategies.
- Drove the security champion program and improved the security maturity of products and applications by two levels.
- Met all of the products' security and privacy requirements.
Principal Architect
ColorTokens India Private Limited
- Conceptualized, architected, and implemented a runtime application security product (RASP).
- Did extensive research on OWASP top 10 and OWASP API top 10 vulnerabilities and developed algorithms to detect them in real-time with less resource footprint. Filed several patents, of which two were granted already.
- Managed secured coding, secure code reviews, implementing authentication and authorization, DevSecOps, CI/CD, vulnerability testing, and fixing.
Senior Principal Software Engineer
CA India Technologies
- Architected an application performance monitoring project. Acted as the subject matter expert for developing agents with Java bytecode instrumentation techniques.
- Led secure design reviews, threat modeling, static code analysis, software composition analysis, SAST, DAST, vulnerability identification, and vulnerability fixing. Acted as the security point of contact for the product.
- Ensured all the features of the products were secured by design and secured by default as part of the architecture review board.
Application Engineer
Oracle
- Developed Oracle applications ERP modules using the Oracle application framework.
- Managed vulnerability fixing, secure coding, and secure code reviews.
- Acted as point of contact for security-related matters managing secure by design and secure by default.
Software Engineer
IBM
- Developed software for activating mobile connections of a telecommunications service provider called SPRINT.
- Acquired expertise in secure design, coding, and code reviews.
- Provided expert-level java programming, web application development, and web security.
Experience
Application Security Monitoring
Security Advisor
Enterprise Architect
Education
Master's Degree in Computer Applications
Sri Venkateswara University College of Engineering - Tirupati, India
Bachelor's Degree in Mathematics and Computer Science
Sri Krishnadevaraya University - Anantapur, India
Certifications
Certified Information Security Manager (CISM)
ISACA
CISSP-ISSMP
ISC2
CISSP – Certified Information Systems Security Professional
ISC2
Skills
Libraries/APIs
Java Security, OpenSSL, Node.js
Tools
Checkmarx, AWS SDK
Languages
Java, SAML, Python, PHP, JavaScript, C, C++, Go
Paradigms
Secure Code Best Practices, DevSecOps, DevOps, Web Architecture, Database Design, API Architecture, Penetration Testing
Platforms
Windows, Amazon Web Services (AWS), Linux, Azure
Industry Expertise
Cybersecurity
Storage
Database Security, Amazon S3 (AWS S3), Database Architecture
Frameworks
.NET, Oracle Application Framework (OAF)
Other
Application Security, Web Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Vulnerability Management, Zero-day Vulnerabilities, Threat Modeling, Risk Management, Applications, Computer Science, Computer Security, APIs, Security, Authentication, Vulnerability Identification, Vulnerability Assessment, Architecture, Containers, Secure Containers, Risk Assessment, NIST, Information Security, CISSP, IT Security, CISM, Single Sign-on (SSO), SIEM, Data-level Security, Compliance, Data Protection, Security Architecture, Data Security, Transport Layer Security (TLS), Cryptography, ISO 27001, ISO 27002, Asymmetric Encryption, API Design, System Architecture Design, Security Analysis, Certified Information Systems Security Professional, Web App Security, Dynamic Analysis, OWASP Top 10, Risk Modeling, Cloud, Risk Analysis, Cloud Security, CISO, SecOps, IT Management, Identity & Access Management (IAM), CI/CD Pipelines, Trusted Execution Environments (TEE), Embedded Systems, Cloud Architecture, Configuration Management, Security Engineering, Group Policy, IoT Security, Monitoring, Design, Secure Coding, Static Analysis, Mathematics, Physics, Chemistry, Enterprise Risk Management (ERM), Governance, IT Governance, Data Governance, Data Privacy, Privacy, GDPR, California Consumer Privacy Act (CCPA), Application Performance Monitoring, Information Security Management Systems (ISMS), Product Security, Security Product Development
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring