Built and led a highly technical Security Engineering team of 6 focused on providing Amazon's Worldwide Consumer business (60k+ engineers) automated application security assessment tooling (SAST & DAST) at scale. Focused on delivering high degrees of customer trust in the tooling and reduce the cost of performing ongoing security reviews with rigorous detection quality standards (>90% accuracy), comprehensive coverage (CWE & OWASP mapping), and efficient processes to iterate quickly.• Worked to achieve 95% of all critical/high severity security vulnerabilities identified with automation which drove continuous improvement in security detections, developer empowerment, and the eradication of vulnerability classes.• Expanded build/release time, ad-hoc, and continuous automated security scanning by driving the deployment of new custom, open source, and commercial Static & Dynamic Application Security Testing (SAST & DAST) scanning technologies and detections.• Established scanning coverage standards for code and web based assets across a massive and diverse environment while also providing depth of coverage on higher risk issues such as reflected cross site scripting (XSS) (targeted 99.9% prevention).• Integrated automated security scanning tools into engineers' workflows that resulted in Application Security reducing the time to perform a security review and reducing bug bounty pay out costs by catching common security issues.• Improved security detection rate by 20% by introducing a federated detection authorship process and integrating it into automated processes.

• Developed automated pipeline to scan entire Amazon endpoints for CSRF, XSS and Open-Redirect vulnerabilities and surface identified risks to developers without changing their risk remediation experience• Performed security testing for critical applications and identified code and design vulnerabilities• Automated and incorporated risks identified through pentests and bug bounty programs to ensure those vulnerabilities are identified across the org• Wrote automated static detections to looks for security vulnerabilities, like Reverse Tabnabbing, and integrated it within the pipeline to ensure we are proactively looking for security vulnerabilities.

• Built mini-OST team performing/organizing penetration testing, red team engagements and bug bounty programs.• Developed dynamic scanners to identify OWASP top 10 vulnerabilities in an automated manner• Identified/remediated high impact security gaps that impact customer's privacy• Implemented open-source web application scanner to scan entire Marketplace platform on a weekly basis• Reported key security metrics to senior leadership and ensured that organization is improving security posture over time• Due to shortcomings of Source Code Analysis Tool (SCAT) used within organization, evaluated and implemented better SCAT tool to help developers identify code-related vulnerabilities early in the development process• Published security guidance for configuring AWS technologies, like RDS, DynamoDB, Lambda, EC2, etc., when storing critical/restricted data

• Identified shortcomings of web application scanner, used with Marketplace organization, and recommended an open-source solution to reduce cost and get better results.• Performed threat modelling for critical applications to help developers identify security vulnerabilities early in the development process• Provided consultation on an on-going basis to help developers build secure applications• Hosted external penetration tests, for entire Amazon Marketplace organization, to identify security vulnerabilities from an attacker’s perspective• Performed certifications, which included Manual Code Review and Security Testing, of critical web applications

• Evaluated risks (technology, financial, reputational, and regulatory)• Tested controls designed to mitigate risk, communicated issues and findings to management, devised solutions for business improvements, and followed-up on corrective actions.• Planned and executed multiple concurrent IT audits, including reviews of cyber security, existing production applications, systems currently being developed, technology infrastructure and specialized or emerging technologies.• Identified and assessed complex risks (both business and technological) and provided advice to management regarding mitigation of these risks.

• Worked on audits related to various business units like Enterprise Infrastructure (EI), Cybersecurity, Business and Operations, etc.• Worked with teams on performing code reviews and auditing different aspects of IT audit like change management, disaster recovery, information security and data processing.

Master's assistant for Software Security course. The responsibilities include:- Configured lab environment for students- Graded assignments, tasks and labs- Answered student queries related to course and labs

Responsibilities included:1. Identifying the weaknesses in IT systems and creating an action plan to prevent security breeches in the technology. 2. Planning and execution of internal audit procedures and the creation of internal audit reports.3. Worked with teams to create a solid information technology infrastructure, and collaborate with clients to devise and put in place policies and procedures regarding IT security issues.

• Re- Designed organization's website and made it secure against various attacks like SQL injection, XSS attacks

• Worked on the applications of Programmable Logic Controllers (PLC) using Computer Numeric Control (CNC) machines.• Researched the composition and build PLC hardware, programmed PLCs and interfaced them with CNC machines and operated a stand-alone as well as a network of PLCs and CNC machines in the factory area.

• Researched and implemented an algorithm for speeding the pointer analysis phase of a compiler for millions of lines of C-code.• Results - Achieved 50% more speed than existing algorithms while maintaining the efficiency and accuracy of results