• Worked directly under CISO and provided weekly update on application security progress/concern to Global Information Security team• Conducted Security code reviews and worked one-on-one with dev teams on remediation.• Reviewed security requirements, security designs, and architecture for distributed system• Secured web applications via code review sessions, SAST, DAST and Pen testing• Developed in-house application for metrics tools that displays real-time vulnerabilities (graphically) discovered from security tools that are integrated with the CI/CD pipeline• Conducted training sessions with dev teams on secure design/coding.• Manually Threat Modelled legacy applications as well as led the effort to automate Threat modelling process

• Function as subject matter expert for evaluating emerging security technologies and solutions. Build test cases, periodically review and compare security tools (SAST, Open Source Scan, DAST, IAST, RASP) effectiveness.• Create and update Cybersecurity requirements for secure coding practices, conduct company-wide security training sessions.• Built the whole Application Security process which includes the Security Development Lifecycle Process• Manually Threat Modelled legacy applications as well as led the effort to automate Threat modelling process• Provide guidance for secure coding practices and proactive controls based on OWASP Top 10 and SANS 25• Contribute to creation of security training and delivery to internal teams