Offically verified and certified member of International association of privacy professional

Eat, Sleep, Breath Fortify, Devsecops and application security

A security architect who helps developers and solution architects to design and develop secure applications. In UAE Exchange, my primary role is to build a secure and hybrid cloud deployment posture for supporting its PAAS (Payment as a Service) business.

I am a security architect and devsecops engineer who helps developers and solution architects to design and develop secure applications Key Job Responsibilities • I actively participating in architecture reviews/workshops to implement security features to ensure secure by design• I always approach securing an application based on the sensitivity of the data that is stored or processed• I perform Penetration testing, Static & Manual code analysis, Security Design Reviews, Threat modeling and Open source• I enhance the security of environment where applications are deployed by scanning for vulnerabilities and compliance• I provide right solutions to balance between security and business functionality• My security solutions are always designed considering the user experience and business goals• I develop strong relationship with key business and technology stakeholders in order to influence and drive the security• I have integrated security solutions such as IAST, SAST and DAST in jenkins pipeline• I perform manual penetration testing for all the applications to test business logic issues• I help vendors by providing solutions to fix the issues identified• I implement strong security requirements & controls such as ✓ VA and compliance scan✓ Application security assessment, IAST & Secure code review✓ Configure access to production via PAM (CyberARK) ✓ Ensure data at rest is encrypted (LUKS, Bitlocker and TDE)✓ Configure WAF for critical and highly sensitive apps✓ Ensure 2 factor authentication and DDos protection for public facing systems✓ Ensure credentials are either hashed or encrypted✓ Enhance and integrate DLP for sensitive data containing reports✓ Ensure network zoning as per regional regulations and sensitive data is masked in logs✓ Configure access controls through IAM and implement SSO✓ Encryption of data in transit e.g. TLS 1.2 (HTTPS, LDAPS, Secure JDBC and ODBC)✓ Strong crypto such as SHA3 or AES 256

Responsibility:• Manage and execute Penetration testing of core banking application and infrastructure• Present valid reports to management which helps them make strategic decisions when it comes to security • Security test Nordea collateral management application and infrastructure• Web service API security testing which includes SOAP, REST and XML• Devsecops implementation planning and support to implement tools like Fortify SCA, Gauntlt, BDD-Security and ZAP ATTACK proxy• Stack hardening – Enhance the security of environment where Core Banking application are deployed.• Fuzzing web application with Burp Suite and other mutation fuzzers• Reverse engineering web applications to identify the core security issues• Assist Vendor in providing proper remediation solution• Validate Vendor's security solution to identify potential loopholes• Implement devsecops model of automated security scanning and code scans during releases

• Write process and procedure for internal penetration testing, static security code reviews, security design reviews, and open source security analysis.• Handle Temenos customer queries regarding product security• Engagement with pre-sales team to demonstrate security features built into the product to enable security as a differentiator in sales • Leading a team of penetration testers and secure code experts• Perform extensive market research to identify new security products which could aid internal security teams • Actively participating in architecture reviews/workshops to implement security features to ensure secure by design• Develop relationships with key business and technology stakeholders in order to influence and drive the security agenda• Drive Penetration testing, Static and Manual code analysis, Security Design Reviews, Threat modeling and Open source analysis• Stack hardening – Enhance the security of environment where Temenos products are deployed• Security analysis and maintenance of free and open source libraries utilized by products developed in Temenos• Ensure Temenos products are rigorously penetration tested by external penetration testers by engaging with third party security firms on yearly basis• Work with internal development team to set up environments for security assessments and automate security testing both static and dynamic analysis in continuous integration• Identify opportunities to develop and improve existing automation processes in security analysis. • Devised and executed an organization-wide penetration testing for diverse products• Open SAMM (Software Assurance Maturity Model) Implementation• Delivered cutting edge security training for product developers and managers• Evaluated Temenos existing software security practices and built a balanced software security program in well-defined iterations • Effective Application Penetration Testing model combining security best practices from OWASP, SANS and WASC.

Roles / Responsibilities• Architecting Software with Secure Software Concepts• Vulnerability Management• Leading a team of 5 security experts in both secure code review, Security testing & Secure Design review activities • Performing automated code scans and manual analysis of vulnerabilities on monthly basis• Conduct penetration testing on Web, Mobile (Android & iPhone) applications• Perform secure architecture analysis for applications • Training development teams on secure design & secure coding practices • Conducting Security Forums to discuss the issues and concerns on application security with development teams • Provide metrics scorecard which ensures timely delivery, track and monitor issues to closureAccomplishments • Architect software applications with Secure by Design • Assist and recommend solutions to development teams for remediating complex security issues• Performed joint triage and actively follow-up with application teams to remediate code review findings • Tailored Secure coding Maturity Model (SCML) and published it across organization which assures prioritization of issues that are to be addressed. This also ensures psychological acceptability design principle• Conducted knowledge sharing sessions within the team and forums for developers at a firm wide level to increase awareness • Demonstrate skills on Design reviews enforcing Secure Design principles • Instigated Secure Coding Forum across organization to discuss and create awareness. • Proactively design and develop simple application to automate the code review and security testing reports.

• Secure Code review on projects / application developed by Banca Sella• Installation & management of Fortify SSC & SCA• Developing tools for automation of code review process• Defining the Strategy & Test Plan for Penetration testing the web & Mobile applications Developed by Banca Sella• Run & Analyze the security test (Manual & Automated) and notify security issues and suggest countermeasures for security improvements• Penetration Testing web application as per OWASP & PCI DSS standards

Roles:• Designing and implementing Threat modelling• Defining the Strategy & Test Plan for Penetration testing • Run & Analyze the security test (Manual & Automated) and pinpoint the security issues and suggest countermeasures for security improvements• Penetration Testing web application according to OWASP & PCI DSS standards • Provided suggestions regarding security, which helped for the betterment of the product• Successful completion of Penetration testing on Web applications developed by TEMENOS

Roles• Trouble shooting problems with Symantec Products faced by customer• Provide solutions and perform virus removal activities in customer PC