•Performed in-depth vulnerability assessments using WIZ, delivering comprehensive reports on cloud infrastructure security and providing actionable mitigation recommendations.•Administered AWS infrastructure components such as EC2, EKS, ECS, and Lambda, prioritizing integrating robust security solutions.•Implemented and configured Aqua Enforcer for securing containers in Kubernetes clusters, utilizing HELM charts and AWS integrations for seamless deployment.•Collaborated with Aqua Security to identify and manage vulnerabilities in serverless applications and containerized environments, analyzing vulnerability data across critical, high, medium, and low severity levels.•Proficient in PowerShell scripting for automating data processing and generating reports from vulnerability scans in cloud environments.•Led the resolution of critical vulnerabilities in cloud infrastructures by applying security patches and configuration updates in accordance with industry standards and best practices.•Developed automated workflows for vulnerability remediation using tools like WIZ and Aqua Security, ensuring prompt resolution of critical and high-risk issues in serverless and containerized environments.•Delivered actionable recommendations and applied security controls to address misconfigurations and compliance gaps, significantly reducing the attack surface of cloud workloads.•Performed vulnerability research, served as technical security/risk advisor for new technology/applications developed by AT&T.•Development teams on security disciplines like Threat modelling, Security code reviews, provide training and education to developers on software security best practices.•Develops repeatable application security patterns to ensure that systems are placed within the relevant security zones based on the data they house and their purpose.•Consulted and assisted with the security incident response process.

• Led the implementing of a corporate vulnerability management program, ensuring continuous remediation of vulnerabilities within compliance deadlines.• Led the integration of Checkmarks into the development lifecycle, automating static code analysis and ensuring the continuous identification and remediation of security vulnerabilities in .NET, (C#) and JAVA applications.•Developed and deployed robust security frameworks across cloud platforms like AWS, GCP to protect data, applications, and infrastructure from cyber threats.•Implemented multi-layered security models, including encryption (data-at-rest and in-transit), identity and access management (IAM), and network security controls (VPC, security groups, firewalls).•Ensured adherence to industry standards like NIST, GDPR, and HIPAA and developed cloud-specific security policies to maintain compliance.•Conducted hands-on security testing of RESTful and SOAP APIs using Postman and SOAP UI to identify critical vulnerabilities such as broken authentication, insufficient access controls, and injection flaws like SQLi, XSS.•Ensured secure API communication through the enforcement of best practices like OAuth 2.0, JWT (JSON Web Tokens), and SSL/TLS encryption, mitigating data leakage and unauthorized access risks.•Integrated API security testing into CI/CD workflows, automating vulnerability scans and validation checks with Postman and SOAP UI to ensure secure API deployments across different environments.•Developed custom scripts and test cases to validate API security policies, including rate limiting, input validation, and error handling, ensuring that APIs are resilient against brute force attacks, denial-of-service (DoS), and injection attacks.

• Skilled in developing strategies and programs to improve capacity including measurable objectives and goals.•Integrates into CI/CD pipelines to ensure ongoing application security during development and post-deployment for Automated and continuous Integration.•Utilized reverse engineering techniques to identify and resolve vulnerabilities in software systems, enhancing overall security posture. •Provided detailed reports on discovered vulnerabilities and exploits, with actionable remediation strategies for mitigation by using Penetration Testing.•Utilizes both human expertise and automated tools to identify deep and complex security flaws in Manual and Automated testing.•Embedded security practices within the DevOps lifecycle to ensure that security is part of the software development process from the start.•Uses tools like SAST, DAST, and security policies to automatically test code and infrastructure during development and deployment for automated security testing.•Fosters collaboration between development, security, and operations teams, improving overall security posture and response times to vulnerabilities.•Implemented various approaches to Black Box security testing without access to source code, simulating real-world attacks to evaluate security from an external perspective.•Provide support for security activities including meeting agendas, notes, reports, or other documentation using word processors and other software systems such as Microsoft Word, Excel, Outlook email, and calendar systems.•Assist developers in resolving security evaluation issues related to OWASP standards.•Learned how to independently solve operational issues through troubleshooting applications and components.•Identified vulnerabilities such as SQL Injection, XSS, and CSRF related to session management, privilege escalation, and other logical issues.