DevSecOps Specialist2017 - 2021EMBL
Technologies: Web App Security, Cloud Security, Azure, AWS, DevOps, DevSecOps, CI/CD Pipelines, Terraform, Penetration Testing
- Created a security framework that integrates with the CI/CD pipelines, assesses the application and Docker-related vulnerabilities, generates SAST and DAST reports, and suggested mitigations. This was a hybrid cloud project on AWS and Azure.
- Created a self-service model for developers to add their changes as a Pull Request (PR) to the Gitlab CI tool for making changes to their application firewall rules in the Pulse Secure traffic manager. Changes and states are managed by Terraform.
- Conducted training sessions on web, platform, and application security to more than 600 employees and deployed a centralized knowledge base for security best practices in code and infrastructure management.
- Researched the threat response for hybrid and cloud-native environments and vulnerability disclosure policies and tools for SIEM and SOAR and created an SOP in association with the CISO. This was followed by 20+ teams in the organization.
- Developed ISO27001 and SOC2 compliances directly reporting to the CISO and submitted for compliance certifications.
Senior Staff Software Engineer - DevOps and Security2016 - 2017IBM
Technologies: Agile DevOps, Application Security, Azure, AWS, DevSecOps, Networking, CI/CD Pipelines, Kubernetes
- Created secure and automated deployments to hybrid cloud environments containing more than 1,200 VMs in different data centers with zero downtime. Ensured high availability of the applications.
- Awarded "Managers Choice Award" for performing a security audit and educating colleagues on cloud security and best practices. Leveraged open-source and licensed tools for security testing and audits.
- Deployed, managed, and monitored intrusion detection systems such as Wazuh and IBM internal security tools for platform security. As in a hybrid cloud project, delivered hands-on configuration in Azure, AWS, and GCP cloud security.
Senior DevOps Engineer2014 - 2016TEKsystems
Technologies: DevSecOps, DevOps, CI/CD Pipelines, AWS, Docker, ISO 27001, SoC
- Assisted several startup clients and performed penetration testing and security audits. Delivered ISO and SOC compliances. Ensured startups got quality and security compliance certifications.
- Dockerized and migrated the monolithic applications into microservices and used configuration management tools on the hybrid cloud.
- Synced local LDAP to cloud AD in VMware and Azure.
QA and Release Engineer2012 - 2014Zycus
Technologies: Software Testing Automation Framework (STAF), Security Testing, Python, Shell
- Served as an interim leader for the Release Engineering group. Redefined processes and implemented tools for software builds, patch creation, source control, and release tracking and reporting.
- Delivered performance and security testing of APIs and web and mobile applications using licensed, open-source tools.
- Developed and implemented automated scripts for testing and release automation of new deliverables in development, QA, UAT, and production-like environments.