Pradeep Kishore Somesula, Developer in Bengaluru, Karnataka, India
Pradeep is available for hire
Hire Pradeep

Pradeep Kishore Somesula

Verified Expert  in Engineering

Security Architect and Developer

Location
Bengaluru, Karnataka, India
Toptal Member Since
October 26, 2022

Pradeep is a lead security advisor with 20 years of experience in the IT sector. He is keen on product and enterprise security architecture, vulnerability, incident response management, application security, risk management, and threat modeling. Pradeep has also worked on enterprise architecture for product development and has become an expert in performing security reviews and assessments.

Application SecurityWeb SecurityComputer ScienceWeb App SecurityInformation SecurityTransport Layer Security (TLS)CryptographyData ProtectionVulnerability ManagementSecurityAuthenticationAPI DesignSingle Sign-on (SSO)Security ArchitectureNISTSecure CodingCCPAApplication Performance MonitoringCertified Information Systems Security Professional (CISSP)

Portfolio

Dell
Java Security, Web Security, IoT Security, Cloud, Application Security, Java...
ColorTokens India Private Limited
APIs, Application Security, Cloud, Dynamic Application Security Testing (DAST)...
CA India Technologies
Java, Architecture, Secure Coding, Threat Modeling...

Experience

Application Security - 20 yearsWeb Security - 20 yearsJava Security - 20 yearsRisk Management - 12 yearsVulnerability Management - 12 yearsCloud - 10 yearsThreat Modeling - 8 yearsSecurity Architecture - 6 years

Availability

Full-time

Preferred Environment

Application Security, Web Security, IoT Security, Java Security, Python, Cloud, Risk Management, NIST, Privacy, Compliance

The most amazing...

...role I've performed is that of a security advisor and architect for various cloud apps.

Work Experience

Senior Principal | Director | Security Advisor

2020 - 2022
Dell
  • Served as a security advisor for 15 solutions, including cloud applications, on-premise products, and firmware. Acted as the director of cyber security for about six months until the position was filled.
  • Spearheaded the security architecture, security code reviews, threat modeling, and vulnerability and risk management.
  • Drafted risk management policies and standards based on NIST 800-37, high-value asset standards, and risk escalation procedures.
  • Assisted the VP of engineering in making customer-first decisions within the acceptable risk levels and helped engineering teams by advising on different risk mitigation strategies.
  • Drove the security champion program and improved the security maturity of products and applications by two levels.
  • Met all of the products' security and privacy requirements.
Technologies: Java Security, Web Security, IoT Security, Cloud, Application Security, Java, Python, Vulnerability Identification, Security, Authentication, Vulnerability Assessment, Architecture, Design, Secure Code Best Practices, C, C++, Azure, Amazon Web Services (AWS), DevSecOps, DevOps, Containers, Secure Containers, Risk Analysis, Risk Assessment, NIST, Information Security, Cloud Security, Cybersecurity, IT Security, Single Sign-on (SSO), SAML, SIEM, SecOps, Data-level Security, Compliance, Data Protection, Security Architecture, IT Management, Web Architecture, Database Security, Data Security, Identity & Access Management (IAM), CI/CD Pipelines, Amazon S3 (AWS S3), AWS SDK, OpenSSL, Transport Layer Security (TLS), Cryptography, Trusted Execution Environments (TEE), Embedded Systems, ISO 27001, ISO 27002, Asymmetric Encryption, Cloud Architecture, API Design, System Architecture Design, API Architecture, Security Analysis, Configuration Management, Web App Security, Penetration Testing, Dynamic Analysis, Go, Checkmarx, Security Engineering, Group Policy, OWASP Top 10, Risk Modeling

Principal Architect

2018 - 2020
ColorTokens India Private Limited
  • Conceptualized, architected, and implemented a runtime application security product (RASP).
  • Did extensive research on OWASP top 10 and OWASP API top 10 vulnerabilities and developed algorithms to detect them in real-time with less resource footprint. Filed several patents, of which two were granted already.
  • Managed secured coding, secure code reviews, implementing authentication and authorization, DevSecOps, CI/CD, vulnerability testing, and fixing.
Technologies: APIs, Application Security, Cloud, Dynamic Application Security Testing (DAST), Java, Java Security, Python, .NET, PHP, JavaScript, Architecture, Design, Vulnerability Identification, Security, Vulnerability Assessment, Secure Code Best Practices, C, Azure, Amazon Web Services (AWS), DevSecOps, DevOps, Containers, Secure Containers, Risk Analysis, Risk Assessment, NIST, Information Security, Cloud Security, Cybersecurity, IT Security, Single Sign-on (SSO), SAML, SIEM, SecOps, Data-level Security, Compliance, Data Protection, Security Architecture, IT Management, Web Architecture, Database Security, Data Security, Identity & Access Management (IAM), CI/CD Pipelines, Amazon S3 (AWS S3), AWS SDK, OpenSSL, Transport Layer Security (TLS), Cryptography, Trusted Execution Environments (TEE), Embedded Systems, ISO 27001, ISO 27002, Asymmetric Encryption, Database Design, Database Architecture, Cloud Architecture, API Design, System Architecture Design, API Architecture, Security Analysis, Configuration Management, Web App Security, Penetration Testing, Dynamic Analysis, Go, Checkmarx, Security Engineering, Group Policy, OWASP Top 10, Risk Modeling

Senior Principal Software Engineer

2008 - 2018
CA India Technologies
  • Architected an application performance monitoring project. Acted as the subject matter expert for developing agents with Java bytecode instrumentation techniques.
  • Led secure design reviews, threat modeling, static code analysis, software composition analysis, SAST, DAST, vulnerability identification, and vulnerability fixing. Acted as the security point of contact for the product.
  • Ensured all the features of the products were secured by design and secured by default as part of the architecture review board.
Technologies: Java, Architecture, Secure Coding, Threat Modeling, Static Application Security Testing (SAST), Static Analysis, Dynamic Application Security Testing (DAST), Vulnerability Identification, Security, Authentication, Vulnerability Assessment, Design, Secure Code Best Practices, C, DevSecOps, DevOps, Containers, Secure Containers, Risk Assessment, Cloud Security, Cybersecurity, IT Security, Single Sign-on (SSO), SAML, Data-level Security, Compliance, Data Protection, Web Architecture, Database Security, Data Security, CI/CD Pipelines, Transport Layer Security (TLS), Cryptography, Information Security, Asymmetric Encryption, Database Design, Database Architecture, Cloud Architecture, API Design, System Architecture Design, API Architecture, Security Analysis, Configuration Management, Web App Security, Dynamic Analysis, Application Performance Monitoring, OWASP Top 10, Risk Modeling

Application Engineer

2005 - 2008
Oracle
  • Developed Oracle applications ERP modules using the Oracle application framework.
  • Managed vulnerability fixing, secure coding, and secure code reviews.
  • Acted as point of contact for security-related matters managing secure by design and secure by default.
Technologies: Java, Oracle Application Framework (OAF), Secure Coding, Vulnerability Identification, Security, Authentication, Architecture, Design, Secure Code Best Practices, Cybersecurity, Web Architecture, Data Security, Transport Layer Security (TLS), Cryptography, Asymmetric Encryption, Database Design, Database Architecture, System Architecture Design, OWASP Top 10

Software Engineer

2004 - 2005
IBM
  • Developed software for activating mobile connections of a telecommunications service provider called SPRINT.
  • Acquired expertise in secure design, coding, and code reviews.
  • Provided expert-level java programming, web application development, and web security.
Technologies: APIs, Java, Security, Application Security, Architecture, Web Architecture, Transport Layer Security (TLS), Cryptography, Asymmetric Encryption, Database Design, Database Architecture

Application Security Monitoring

Conceptualized, architected, and implemented an application security product. It monitors applications running in production, detects vulnerabilities in real time, and prevents incidents. I filed several patents and incorporated those features into the product.

Security Advisor

Being a security advisor, I managed the overall secure development of multiple products and applications deployed in the Cloud, including Pivotal Cloud Foundry (PCF), AWS, and Azure. Provided security solutions to different engineering teams.

Enterprise Architect

As an enterprise architect with expertise in advanced Java programming, secure design, coding, and reviews, I architected, designed, and implemented several features for a runtime application security product (RASP) and application performance monitoring (APM).
1999 - 2002

Master's Degree in Computer Applications

Sri Venkateswara University College of Engineering - Tirupati, India

1996 - 1999

Bachelor's Degree in Mathematics and Computer Science

Sri Krishnadevaraya University - Anantapur, India

MARCH 2024 - PRESENT

Certified Information Security Manager (CISM)

ISACA

DECEMBER 2022 - PRESENT

CISSP-ISSMP

ISC2

SEPTEMBER 2022 - PRESENT

CISSP – Certified Information Systems Security Professional

ISC2

Languages

Java, SAML, Python, PHP, JavaScript, C, C++, Go

Libraries/APIs

Java Security, OpenSSL, Node.js

Tools

Checkmarx, AWS SDK

Paradigms

Secure Code Best Practices, DevSecOps, DevOps, Web Architecture, Database Design, API Architecture, Penetration Testing

Platforms

Windows, Amazon Web Services (AWS), Linux, Azure

Industry Expertise

Cybersecurity

Other

Application Security, Web Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Vulnerability Management, Zero-day Vulnerabilities, Threat Modeling, Risk Management, Applications, Computer Science, Computer Security, APIs, Security, Authentication, Vulnerability Identification, Vulnerability Assessment, Architecture, Containers, Secure Containers, Risk Assessment, NIST, Information Security, CISSP, IT Security, CISM, Single Sign-on (SSO), SIEM, Data-level Security, Compliance, Data Protection, Security Architecture, Data Security, Transport Layer Security (TLS), Cryptography, ISO 27001, ISO 27002, Asymmetric Encryption, API Design, System Architecture Design, Security Analysis, Certified Information Systems Security Professional, Web App Security, Dynamic Analysis, OWASP Top 10, Risk Modeling, Cloud, Risk Analysis, Cloud Security, CISO, SecOps, IT Management, Identity & Access Management (IAM), CI/CD Pipelines, Trusted Execution Environments (TEE), Embedded Systems, Cloud Architecture, Configuration Management, Security Engineering, Group Policy, IoT Security, Monitoring, Design, Secure Coding, Static Analysis, Mathematics, Physics, Chemistry, Enterprise Risk Management (ERM), Governance, IT Governance, Data Governance, Data Privacy, Privacy, GDPR, California Consumer Privacy Act (CCPA), Application Performance Monitoring, Information Security Management Systems (ISMS), Product Security

Storage

Database Security, Amazon S3 (AWS S3), Database Architecture

Frameworks

.NET, Oracle Application Framework (OAF)

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring