Security Engineer / Architect
About Candidate
Introduction:
The candidate has extensive experience in information security, with expertise spanning 14 years. They have led various security initiatives in both cloud and on-prem environments, excelling in application security, penetration testing, vulnerability assessments, and cloud security across AWS, Azure, and GCP. The candidate has a strong background in secure software development, integrating security practices within SDLC and DevOps pipelines. They are proficient in security monitoring, incident management, and compliance with frameworks such as ISO27001, PCI-DSS, HIPAA, and SOC2. The candidate has experience leading teams, collaborating with stakeholders, and providing leadership in security engineering. They have a deep understanding of offensive security techniques, malware analysis, reverse engineering, and threat modeling. The candidate is highly skilled in security review, security architecture implementation, and training developers in secure coding practices.
Responsibilities:
- Coordinated product security initiatives through collaboration with project teams and stakeholders.
- Integrated security into SDLC and DevOps pipelines using SAST, DAST, and IAC Security.
- Led malware analysis and threat analysis for web and mobile applications.
- Conducted vulnerability assessments and penetration testing on hosts, APIs, mobile/web apps, containers, and IaC.
- Set up and managed SIEM/SOAR systems such as Archsight, Splunk, and Qradar.
- Ensured compliance with security standards including ISO27001, PCI-DSS, HIPAA, and SOC2.
- Provided leadership and guidance on security engineering and best practices.
- Performed risk assessments, created risk treatment plans, and evaluated control effectiveness.
- Led the implementation of security measures in cloud infrastructures and on-prem systems.
- Developed and enforced information security policies, procedures, and standards.
- Coordinated third-party vulnerability assessments and penetration testing.
- Trained developers in secure coding practices and collaborated on vulnerability remediation.