 Managed dynamic application security testing (DAST) using IBM AppScan and Burp Suite to assess runtime vulnerabilities inweb applications. Automated Software Composition Analysis (SCA) with Snyk, monitoring and managing vulnerabilities in open-sourcecomponents. Automated and Manual penetration testing using Metasploit and Nessus in compliance with established industry standards forsecure coding practices Performed automated dynamic scans of Java and .NET applications using IBM AppScan and provided advanced training onIBM AppScan Enterprise and Security AppScan Source. Implemented Akamai Kona Site Defender to protect web applications against DDoS attacks, SQL injections, and XSSvulnerabilities, reducing security incidents by 80% Implemented security frameworks like OWASP API Security Top Ten to enhance API security posture. Configured and managed Web Application Firewall (WAF) rules within Akamai, optimizing traffic filtering and reducingfalse positives by 25% through continuous fine-tuning. Performed secure code reviews of API implementations, focusing on authentication, authorization, and data protectionmechanisms. Integrated Akamai Bot Manager to mitigate malicious bot traffic, reducing automated attack surface by 60% and enhancingsite performance for legitimate users. Integrated CoBIT governance framework to enhance security compliance in Oracle’s application development lifecycle. Utilized mobile application vulnerability scanners (e.g., Fortify, Veracode) to identify security weaknesses and provideddetailed reports for remediation efforts. Monitored security events and incidents using Akamai Security Center, enabling real-time threat detection and reducingincident response times by 40%. In-depth knowledge of Web Application Security, Application Security Controls and Validation, IT Risk Assessments,Regulatory Compliance and Secure Software Development Life Cycle.

Conducted comprehensive static and dynamic application security testing (SAST, DAST) with Fortify, OWASP ZAP, andBurp Suite Implemented Software Composition Analysis (SCA) using Snyk to identify and mitigate risks associated with open-sourcecomponents Led the implementation of Akamai Cloud Security Solutions across multiple web properties, ensuring compliance with GDPR,PCI-DSS, and other regulatory requirements Developed and executed security policies using Akamai’s Enhanced DNS, protecting against DNS-based attacks andimproving DNS resolution times by 25%. Led the deployment of Snyk across multiple microservices to ensure continuous monitoring of dependencies, resulting in theearly detection and resolution of over 100 vulnerabilities within the first quarter Led the application security compliance audits and facilitated the external audit process for ISO 27001. Integrated application security testing tools (SAST, DAST) into CI/CD pipelines to ensure continuous compliance. Integrated Snyk with issue tracking systems (e.g., Jira) to automate the creation of tickets for identified vulnerabilities,streamlining the remediation workflow and reducing resolution times by 25% Optimized Snyk's performance in large-scale environments by configuring advanced filtering and prioritization rules, ensuringthat critical vulnerabilities were addressed promptly without impacting development velocity Managed the identification, assessment, and remediation of API security vulnerabilities using tools like OWASP ZAP andBurp Suite. Conducted comprehensive security assessments using Snyk, providing detailed reports and actionable insights to stakeholders,which informed strategic decisions on codebase improvements and risk management Collaborated with Snyk’s technical support and product teams to troubleshoot complex integration issues and providefeedback on product enhancements, contributing to the continuous improvement of the platform

Supported the deployment and configuration of cloud-native applications in AWS, GCP, and Azure, ensuring security wasembedded in the DevSecOps pipeline. Worked with development teams to integrate security scanning tools (e.g., SAST, DAST) into CI/CD pipelines using Jenkins,Docker, and Kubernetes. Conducted comprehensive source code reviews and security scans for Java, J2EE, Spring, and JavaScript applications usingIBM AppScan and HP Fortify, covering dynamic, static, and mobile testing, and integrated these practices into DevOpspipelines with tools like Jenkins, Maven, ANT, and Gradle. Conducted source code reviews and security scans for Java applications using IBM AppScan and HP Fortify, integrated intoDevOps pipelines Managed enterprise security programs including SAST, DAST, IAST, and SCA, ensuring comprehensive security coverage

Supported the deployment and configuration of cloud-native applications in AWS, GCP, and Azure, ensuring security wasembedded in the DevSecOps pipeline. Worked with development teams to integrate security scanning tools (e.g., SAST, DAST) into CI/CD pipelines using Jenkins,Docker, and Kubernetes. Conducted comprehensive source code reviews and security scans for Java, J2EE, Spring, and JavaScript applications usingIBM AppScan and HP Fortify, covering dynamic, static, and mobile testing, and integrated these practices into DevOpspipelines with tools like Jenkins, Maven, ANT, and Gradle. Conducted source code reviews and security scans for Java applications using IBM AppScan and HP Fortify, integrated intoDevOps pipelines Managed enterprise security programs including SAST, DAST, IAST, and SCA, ensuring comprehensive security coverage Spearheaded containerization strategies using Docker and Kubernetes, resulting in a more secure and scalable deploymentprocess. Led Docker and Kubernetes security initiatives, conducting regular security risk assessments and implementing best practices

Developed a comprehensive application security program, focusing on SAST, DAST, SCA, and threat modeling Conducted extensive penetration testing and vulnerability assessments on business and web applications, identifying criticalsecurity issues Specialized in mobile application security, addressing vulnerabilities in input validation, authentication, authorization, anddata protection Used security tools like HP Fortify, IBM AppScan, Nessus, Burp Suite, OWASP ZAP, and Metasploit for comprehensivesecurity assessments Initiated and developed a comprehensive application security program, including the implementation of robust securitypractices from the ground up. Conducted extensive penetration testing and vulnerability assessments on over 20 business and web applications, focusing onidentifying and mitigating potential security threats. Led research and mitigation strategies to reduce information security risks across internet-facing platforms, coordinatingclosely with development teams to ensure the resolution of vulnerabilities. Expert in mobile application security

 Engineered a high-availability, scalable AWS infrastructure utilizing EC2, S3, RDS, ECS, EBS, and ELB, aligning with service level objectives (SLOs) and agreements (SLAs).