Design and implement secure software architecture for web applications, APIs, and endpoints based on engineering requirements, business case, vendor partnerships, and use cases for 3rd party applications. Perform architecture reviews and threat modeling using STRIDE methodology to identify threats.Conduct manual code reviews, SAST and DAST scans against applications and provide mitigations to engineering teams.Conduct end-to-end security review for different applications and took part in bug bounty sessions. Conduct comprehensive security assessments of third-party applications, analyzing vulnerabilities and implementing mitigation strategies.Develop and implement standardized processes for evaluating the security posture of external software vendors and their products.Lead application security initiatives across the organization, performing static and dynamic application security testing (SAST/DAST) to identify vulnerabilities and reduce security risks by 90%Lead the integration of security tools and technologies to enhance third-party application security and streamline assessment procedures.Execute penetration testing and vulnerability assessments to identify weaknesses and provide actionable recommendations for remediation.

Performed end-to-end security assessment on applications processing critical and restricted data. Performed threat modeling and risk assessments on new applications and systems, identifying potential security risks and recommending mitigation strategies.Created full stack applications to justify architectural and operational recommendations to both technical and executive teams. Performed architecture reviews and threat modeling to identify existing threats to the application's overall architecture. Performed manual web application testing using burp suite Pro and custom-written scripts to perform specific tasks. Integrated security tooling into development pipelines e.g Integrated Snyk & Checkmarx security scanner to run on every pull request using Github actions & Jenkins. Designed robust and secure architecture for red applications to ensure security is built in at the onset of the SDLC. Conducted training in web application security, applied cryptography, and cloud computing. Conducted technical interviews to help security teams maintain a security high bar for new entrants. Conducted vulnerability assessments and threat analysis, manual code reviews, automated code reviews and penetration tests against applicationsProvided technical support to software and DevOps engineers on risk assessments and industry-sanctioned appropriate data security procedures during on-call hours.

Assisted in Digital Forensics Investigations: Support faculty in analyzing digital evidence from various devices like computers, mobile phones, IoT devices using forensic tools such as EnCase, FTK, Autopsy, or Cellebrite.Cybercrime Incident Response: Help investigate and document cyber incidents like data breaches, ransomware attacks, or unauthorized access by gathering and analyzing forensic data from compromised systems.Malware and Threat Analysis: Assisted in analyzing malware samples to determine their behavior and origin, including reverse engineering to understand how malicious software impacts systems.Network Forensics: Monitor and analyzed network traffic during simulated or real-world cyber incidents, identifying abnormal patterns or breaches using tools such as Wireshark.Data Collection and Documentation: Collected, organized, and documented research data, ensuring adherence to proper evidence handling procedures and maintaining a chain of custody where necessary.

Collaborated with cross-functional teams to implement security controls and ensure compliance with industry regulations such as SOC 2 and HIPAAConducted end-to-end security assessment on both legacy, emerging, and future, web applications.Conducted architecture review of software applications and their intersections with both on-prem and cloud infrastructure. Conducted vulnerability assessments, manual code reviews against web and mobile. I tested for OWASP top 10, DOD -inspired flaws, and business logic-specific security flaws.Conducted product reconnaissance to identify application dependencies, software bill of materials (SBOM), and third-party applicationsConducted development testing, and implementation of security plans, products, and control techniques.Conducted a penetration test that uncovered a major security flaw, preventing a potential security breach and saving the company from damagesReduced critical vulnerabilities by 90% in web and mobile applications by implementing automated security testing within the SDLC