Promoting and implementing security by design, security by development, security by deployment and privacy by design principles.
Incorporating security into the application from requirement to disposal phases of SDLC
Creating RTM using easyRQ, performing TM using MS TMT, performing attack surface evaluation using MS ASA
Performing Architecture and Design reviews
Performing SCA using BDBA/ BDH, SAST using Fortify/ Checkmarx and Performing DAST.
Creating the mis case use analysis for checking the software/ application resiliency.
Performing the vulnerability analysis and analysing the PT reports.
Working closely with Software Architect and developers to implement core and design security principles
Working closely with V&V team to fine tune the test cases related to reliability, resiliency and recoverability.
Conducting the risk analysis, assessment using quantitative and qualitative method.
Defining strategies for mitigating the risk.
Identified risk prioritisation using the DREAD approach.
Experience in securing cloud and native applications
Experience in securing cloud, on-prem, OT, HMI and IOT for environment.
Experience in different authentication and authorisation protocols like Kerberos, SAML, OpenID, Oauth, RBAC.
Experience in designing FW like WAF, Fortigate and CISCO.
Experience in MS AD, MS Azure AD and PKI infrastructure.
Experience in different compliance policy like ISO, PCI-DSS, IEC62243, GDPR.
Experience in finding and Exception management.
Working closely with Developers to mitigate the code level security bugs detected in SAST.
Experience in securing application build using .Net, Java and C++ programming languages.
Experience in implementing various cryptography security controls.