• Create and review Threat Models for Fiddler product, infrastructure, dataflows and every services. • Guide development teams in their secure SDLC process by reviewing, identifying security risks, threats, gaps. • Continuously scan code base, containers repos, applications using node js, bandit, py-safety, owasp zap, aws ecr, aws inspector, trivy scanners. • Review, assess and remediate vulnerabilities found in open source, sast, dast, host, networks scans. • CIS benchmark hardening using custom bash script. • Building security program and run security operations such as vulnerability process management, ec2 node rotation, external pentests, etc... • Corporate security and education. • Engineer and validate the implementation of DevSecOps security controls and processes for ec2, ecr images, aws rds, WAF, etc... • Review, assess, and provide input to scoping of penetration tests. • Monitor the overall security and integrity of the aws cloud environment and Kubernetes clusters leveraging IDS/IPS solutions. • Helping my company to maintain SOC2 compliance.

• Saved 2000 working hours in an year by developing psirt automation for the whole ZaaS cloud 528 people organization leveraging service now apis, slack, github and python. • Improved 20 ibm products security by assisting different offerings/components in their SDLC process reviewing, identifying security risks, gaps. • Identified 101 threats by creating and reviewing Threat Models while working with 20 different product engineering teams. • Decreased secret leakages on github by integrating the detect secret tool across organization 407 repos. • Proposed innovative ideas that can improve our tools and automation across entire 528 people cloud organization. • Reviewed, assessed, and provided input to scoping of penetration tests for components and products. • Managed psirt process. Psirt is the platform where we track open threats, vulnerabilities, pentest findings. I Identified, assessed, opened, coordinated responses to the open source vulnerabilities found in IBM ZaaS products, making sure psirts closed or deferred according to the timeline

• Decreased approximately 50 teams manual work by implemented teleport installation automation using ansible and shell. • Reduced the number of products which didn’t have proper code scanning in general and in CI/CD pipeline. • Supported around 100 engineers on their key management journey using Vault general key storage and other vault capabilities. • Developed Bastion solution across IBM cloud by integrating 6 different technologies such as teleport, logdna, vault, ibm cos, iks, ansible. • Helped to onboard into bastion platform around 200 customers.

• Launched and integrated Hashicorp Vault + Consul secret/key management product in IBM cloud for 350k ibmers, 50k servers. • Engineered IAM and PIM solution with Thycotic secret server for 12k ibmers, 10k servers. • Integrated check in/out feature for high privileged/shared os ids using ibm in-house tool across 12 different cloud customer accounts around 10k servers. • Implemented automated functional id credentials creation by using hashicorp vault api calls and python. • Provided ongoing secure support and vulnerability remediation on Thycotic, Vault, Consul servers. • Participated in cloud compliance and security reviews. • Developed honeypot system using Tpot open source and canary-honey tokens used in production for 700 health system customers.

• Analyzed tenable security center monitoring the data from various company scanners and radars across 10k servers. • Developed email and sms alert notification on a Honeypot system which is now used in production for 700 customers.