I am an experienced Application Security Engineer with 6.9 years of industry experience in telecom and healthcare. Professional expertise includes DevSecOps, vulnerability analysis, secure code writing, and application development.

SecDevOps Engineer

TELSTRA INDIA PRIVATE LIMITED

10/2022 - Current

Achievements/Tasks

• Successfully integrated various security tools into the Bamboo pipelines, improving the overall security posture.
• Provided valuable support to developers regarding Coverity SAST Software, facilitating secure code development practices.

DevSecOps Engineer

MEDLY SOFTWARE SYSTEMS

10/2021 - 10/2022

Achievements/Tasks

• Spearheaded the establishment of the AppSec team at Medly, leading to improved security practices across the organization.
• Evaluated and integrated security tools and automated checks into the CI/CD pipeline, enhancing the security of software releases.
• Introduced Threat Modeling (STRIDE) at the organizational level, resulting in proactive identification and mitigation of potential threats.
• Initiated Medly's Security Champions Program, promoting security awareness and knowledge-sharing among development teams.
• Conducted vulnerability analysis and secure code reviews for microservices, web applications, and the iOS application, ensuring robust security measures.
• Developed and enforced security and license processes/policies for the entire engineering department, ensuring compliance with industry standards.
• Performed HIPAA compliance checks for different products, ensuring data privacy and regulatory compliance.

Security Compliance Engineer

TORRY HARRIS INTEGRATION SOLUTIONS

8/2016 - 10/2021

Achievements/Tasks

• Evaluated and integrated security tools like Acunetix Web Application Security Scanner and WhiteSource, significantly improving the security posture of Torry Harris products throughout the SDLC.
• Conducted Vulnerability Assessment and Penetration Testing (VAPT) and GDPR checks on multiple products, identifying and addressing potential vulnerabilities.
• Discovered and mitigated a Billion Laughs DOS attack on various THBS products, ensuring system stability and availability.
• Identified and resolved a critical privilege escalation vulnerability in the API management application, preventing potential security breaches.
• Trained team members on OWASP Top 10 vulnerabilities and mitigation techniques, enhancing the overall security knowledge of the team.
• Acted as the team representative for GDPR compliance activities, ensuring adherence to data protection regulations.
• Contributed to UI development, designing and maintaining 75% of the user interface.
• Implemented Content Security Policy (CSP) for the product, including the phased upgrade of jQuery and Semantic UI libraries.
• Redesigned and implemented a responsive portal, improving user experience and accessibility.

snyk-job-summary-action

• This action creates a finding summary and an HTML report for Snyk GitHub Actions
• Repository: github.com/medly/snyk-job-summary-action

JSON-XML Things

• JSON-XML Things is a validator, reformatted, and converter for JSON & XML, this javascript-based application processes all the data locally. Copy and paste or directly type and let JSON-XML Things tidy and validate your messy JSON/XML code.
• Repository: github.com/souro1212/JSON-XML-things

github-action-import-snyk-projects

• This GitHub Actions workflow automatically imports GitHub repositories to Snyk, a security platform that helps developers find and fix vulnerabilities in their code.
• Repository: github.com/souro1212/github-action-import-snyk-projects

Check-JIRA-in-PR

• This GitHub action checks if a valid JIRA ticket ID exists in the commit message of a pull request. It uses Atlassian JIRA APIs to authenticate and search for the JIRA ticket ID in the pull request title.
• Repository: github.com/souro1212/Check-JIRA-in-PR