Sandeep Kumar Singh Email and Phone Number

As the Director of Application & Product Security at FactSet, I lead comprehensive security assessments to ensure the integrity and security of all our products and applications. This role requires strategic oversight of the entire security lifecycle, encompassing everything from initial planning to incident resolution.Responsibilities:• Direct security assessment initiatives for FactSet’s products and applications, ensuring robust defenses against potential threats.• Implement and manage end-to-end security processes including planning, prioritization, execution, release decisions, incident response, and resolution.• Oversee security automation and secure development lifecycle protocols to proactively address security concerns.• Conduct vendor reviews to evaluate and ensure compliance with security standards, enhancing the security posture of third-party engagements.• Collaborate closely with clients to align security strategies with their specific requirements and to fortify mutual cybersecurity objectives.• Provide leadership and strategic direction in all areas of application and product security.

Managed Security Assessment for McAfee's Consumer Products. Responsible for E2E Security Assessment covering planning security review efforts, prioritization, execution, release decision, incident response, and resolution.• Responsible for driving Security Assessment efforts of all Consumer Releases (E2E ownership including planning, prioritization, execution, and release decision)• Managing efforts of the Security team, responsible for enforcement of Security Development Lifecycle (SDL) across the organization• Responsible for vendor evaluation and engagement with B2B partners for security-related collaborations• Responsible for Secure Design Reviews & Threat Model Creation• Responsible for developing tools & PoCs for security vulnerability assessment• Responsible for automation of Security Tools and Tests• Responsible for training & mentoring co-workers on Secure Product Development• Responsible for handling PSIRT issues, writing Security Bulletins, CVSS scoring and design of security vulnerability fixes.• Well versed in Static Analysis, Dynamic Analysis, Security Code review and defect fixing.• Experienced in Third-Party Library evaluation for known vulnerabilities.• Expertise in Fuzzing using Peach fuzzer, Owasp ZAP, COM fuzzer, Defensics, etc• Expertise in DLL Injection, Insecure DLL Loading for horizontal and vertical privilege escalation.• Expertise in Web Application Security Testing for Web Platform Projects using tools like OWASP ZAP, Burp Suite, NetSparker, Fiddler, etc.• Experienced in Manual review for OWASP Top 10 Vulnerabilities like Injection attacks, XSS, CSRF, XML Injection and Session Management, etc.• Experienced in Product Hardening by designing apt migrations and Least privilege implementation.• Pentesting

Project: UI Patterns in Visual Composer Netweaver----------------------------------------------------------UI patterns is SAP’s web-based tool integrated with Netweaver.This tool ensures a unified layout of Web Reporting across all applications and easy creation and maintenance of Web Applications.My Responsibilities:--------------------------------• Automation of the Regression tests & New feature tests using QTP 9.1• Development of Automation Test Framework. • Development of Plug-ins using WebDynPro & JAVA.• Computing the Code Coverage using Emma tool. • Extensive maintenance of all the SAP J2EE Application Servers for Local development• Test Coordinator and Mentor for the Offshore Testing Center, Cognizant • Mentoring new joiners and giving product-specific training.• Provide technical consultation to the other integration projects

Human Inference is the European market leader in data quality solutions with a focus on high-quality solutions developed for large databases and critical systems.My Responsibilities:------------------------------------At Ness, I primarily worked as an Automation Engineer. I was also involved in UI development using Java. Prime responsibilities were:• GUI Development using Java• Writing Shell scripts for unit testing & performance testing. (AWK/SED) • Daily Interaction with the onsite team for discussion involving requirements specification, test planning & issue resolution.• Development of Demo Project along with demo database design.• Timely and accurate escalation of problems. • Mentoring new joiners and giving product specific training's.