Senior Information Security Engineer
CurrentEstablished a formalized Application Security program by leading the following initiatives:• Developed and implemented application security policies, standards, and procedures in alignment with industry best practices and compliance requirements.• Conducted security architecture reviews for critical applications and partnered with Enterprise architects to establish secure design patterns. • Managed relationships with third-party security vendors and coordinated penetration testing and security assessments of external-facing applications.• Developed and maintained a scalable and extensible security pipeline library for CI/CD to automate security testing and vulnerability scanning processes (SAST, SCA, IAC, and Container Security). • Facilitated secure coding training sessions for development teams and provided guidance on addressing security issues during the software development lifecycle (SDLC).• Partnered with Platform teams to implement a catalog of secure by design software and infrastructure components to facilitate developer productivity and expedite secure feature development.• Led the implementation of a Web Application Firewall (WAF) solution to protect external-facing applications. • Led the implementation of application runtime protections for serverless and containerized services. • Designed and implemented a standardized logging architecture for ingest of security logs into SIEM. • Developed real-time SIEM alerts to detect and notify on anomalous security events.• Conducted bi-annual Governance, Risk, and Compliance (GRC) gap analysis and briefed the CISO and ISMS committee on key performance indicators (KPIs) and key risk indicators (KRIs). • Engaged with Audit & Risk teams to demonstrate security policies and procedures and gather evidence for ISO27001/SOC2 certifications.