Developed and executed a comprehensive cybersecurity strategy integrating cloud security measures tailored for consumer banking services. Conducted regular security architecture reviews and assessments to ensure alignment with regulatory standards (e.g., PCI-DSS, FFIEC).Collaborated with development and infrastructure teams to integrate security best practices across on-premise and cloud environments.Developed reference architectures and blueprints for secure cloud adoption, ensuring end-to-end protection for sensitive data and banking operations.Developed and managed the security team's penetration testing strategy, focusing on continuous improvement in detection and defense mechanisms.Spearheaded the implementation of automated vulnerability assessments and pentesting tools within CI/CD pipelines, enhancing the proactive identification of security flaws.Designed and implemented security awareness training programs (Security Champions), reducing human error-related security incidents in consumer banking operationsProvided oversight and guidance for third-party penetration testing teams, ensuring thorough assessments and effective reporting for executive stakeholders.

Developed and integrated Concourse/GitLab CI/CD pipelines across the CI/CD ecosystem, automating SAST and DAST scan tasks to enhance and streamline security assessments and development workflows for on-prem and cloud environment.Performed threat modeling and security architecture reviews for on-premises and cloud-based applications, ensuring robust security measures are in place to protect against evolving threats.Executed comprehensive penetration testing for web applications, thick client applications, mobile applications, and network environments, identifying vulnerabilities and recommending effective remediation strategies.Enhanced mobile and cloud security through detailed secure code reviews and rigorous AWS configuration checks, strengthening the security posture of applications and cloud infrastructure.Addressed security challenges across various platforms by implementing best practices in secure coding, configuration management, and proactive vulnerability assessment.

Performed penetration testing for web and thick client applications using both gray box and black box approaches, identifying vulnerabilities and providing actionable recommendations for mitigation.Designed and developed comprehensive test cases and plans for both application and network security, ensuring thorough evaluation and protection of critical assets.Conducted web service penetration testing and offered ongoing security support for existing applications, enhancing their resilience against potential threats.Developed applications for external component CVE (Common Vulnerabilities and Exposures) notifications, facilitating proactive management and response to security vulnerabilities.