Application Security Customer Service
Resume:
Akhil Dudhipala
****************@*****.*** 469-***-**** https://www.linkedin.com/in/akhildudhipala/
Summary
•Results-driven with over six years of dedicated experience in cybersecurity roles at Caterpillar, Kansas State University, and Infosys, specializing in SOC Analysis/SIEM, application security, and Identity Access Management (IAM) systems.
•Skilled in application security practices, effectively employing OWASP Top 10 guidelines and SAST tools to identify and remediate vulnerabilities, thus significantly enhancing the security integrity of software applications across multiple platforms.
•Skilled in applying cybersecurity frameworks and standards such as NIST and GDPR, consistently ensuring compliance and enhancing the security posture of diverse organizational environments.
•Conducted security assessments and code reviews targeting OWASP Top 10 vulnerabilities to mitigate threats at Caterpillar proactively.
•Collaborated closely with development teams to identify and rectify application security vulnerabilities, ensuring the secure deployment of applications.
•Authored and refined key SAST service documentation, emphasizing administrative and customer service improvements and strategic planning.
•Led initiatives to standardize CI/CD pipeline processes for security scanning, enhancing security response times and operational compliance.
•Employed Python to automate security processes and develop internal tools, significantly boosting Caterpillar's security posture and operational efficiency.
•As a Security Analyst at Kansas State University, monitored network traffic, analyzed security incidents, and provided crucial recommendations to the CSIRT teams.
•Managed the sensitivity of the CrowdStrike endpoint solution, reducing false positives and enhancing threat detection and response.
•I oversaw IAM operations for Infosys, managing access for over 10,000 employees across 300+ servers worldwide and implementing automated scripts that reduced workload by over 27%.
•Developed comprehensive plans for compliance with GDPR and NIST 800-171 initiatives, overseeing third-party auditing and ensuring continuous compliance.
•Demonstrated Python and shell scripting expertise to automate test environments and streamline data management processes at Innovgear Technologies.
•Mentored junior team members on IT audits and IAM management tools at Infosys, fostering a knowledgeable and competent workforce adept at handling complex security systems.
•Spearheaded a comprehensive review of license management to maintain and patch 11,000 CAT-owned domains at Caterpillar, significantly improving operational efficiency and compliance with regulatory standards. Demonstrated expertise in leveraging OWASP Top 10 guidelines and SAST tools for application security, significantly reducing vulnerabilities and enhancing software integrity across multiple platforms.
•Proven ability to design and implement robust cybersecurity measures, successfully managing endpoint security and vulnerability assessments using advanced tools such as Splunk, CrowdStrike, and IBM QRadar SIEM.
•Skilled in developing and deploying strategic security protocols that align with organizational goals, effectively reducing risks and safeguarding critical data.
•Strong leadership in mentoring teams, fostering a security-aware culture, enhancing team competencies, and ensuring compliance with global security standards and regulations.
Skills
Programming Languages
Python, C#, Web Design (HTML, CSS, JavaScript).
Databases
MYSQL, SQL/PLSQL, Postgres SQL, MongoDB.
IAM management tools
JD Edwards
Operating Systems
Linux (Kali Linux, Ubuntu), macOS, Windows.
Endpoint Solutions
CrowdStrike Endpoint Security, McAfee Endpoint Security
SIEM
Splunk, IBM QRadar SIEM.
Security Analysis and Vulnerability Management
Microfocus Fortify, GitHub CodeQL, Nessus.
Frameworks
NIST SP 800-171, ISO 27001/31000, HIPPA, PCI DSS.
Monitoring, Networking, and Other Tools
Cisco Firepower Threat Detection, Fidelis Network, Cisco Stealth Watch, Wireshark, Skybox Security Firewall Assurance, PhishMe, IBM Resilient, Havij, OSINT Tools.
Software Tools
ServiceNow, JIRA, Azure DevOps, Amazon Web Services, Citrix Virtual Apps, Microsoft Office 365, Visual Studio, Eclipse IDE.
Project Management
JIRA, Agile/Waterfall Methodologies, Sprint Planning.
IDE
Eclipse, PyCharm, Spyder, Sublime Text. And VS Code.
Certifications
AWS Certified Cloud Practitioner.
CompTIA: Security+ (Planned for June 2024).
Qualys Vulnerability Management certification.
Professional Experience
Cyber Security Analyst — Web Applications: Caterpillar November 2022 – December 2023
•Conducted security assessments and code reviews based on OWASP Top 10 vulnerabilities to address and mitigate potential threats proactively.
•Collaborated with development teams to identify and mitigate application security vulnerabilities, ensuring secure deployment of applications.
•Authored and reviewed key documentation for SAST services, including administration, customer service, and strategic planning.
•Played a pivotal role in developing and refining administrative procedures for SAST back-end services, focusing on updates, upgrades, and maintenance with minimal user impact.
•Utilized ServiceNow for efficient issue tracking and project management, improving team collaboration.
•Led a license management review for maintaining and patching 11,000 CAT-owned domains, enhancing efficiency and compliance.
•Standardized the CI/CD pipeline development process for security scanning in production cycles, improving security response times.
•Supported development teams reviewing vulnerability scans and devising mitigation strategies, effectively reducing security-related findings.
•Employed Python to automate security processes and develop internal tools, significantly enhancing the security posture and operational efficiency.
•Utilized ServiceNow for efficient issue tracking and project management, fostering enhanced collaboration and streamlined workflows.
•Played a pivotal role in developing and refining administrative procedures for SAST back-end services, focusing on updates, upgrades, and maintenance with minimal user impact.
•Facilitated cross-functional workshops and training sessions to educate developers on secure coding practices, which reduced the number of security vulnerabilities identified during pre-production testing stages by 30%.
•Coordinated with IT and business stakeholders to ensure security protocols aligned with organizational goals and standards, resulting in a comprehensive security architecture that supports Caterpillar's strategic objectives.
•Enhanced license management protocols by implementing a centralized tracking system that monitored software usage and compliance, reducing overhead costs and mitigating legal risks associated with unlicensed software use.
Environment: Fortify, WebInspect, Power BI, Python, Service Now, SQL, AZURE, CI/CD.
Security Analyst — GSOC: Kansas State University August 2021 – December 2022
•Monitored and analyzed network traffic, investigated and documented any security events and incidents, and
provided advice and recommendations to the CSIRT teams.
•Monitored security incidents and blacklisted malicious IP addresses and domain names and prevented threats.
•Managed, monitored, and tuned the sensitivity of the CrowdStrike endpoint solution to reduce false positives.
•Author and review documentation for administration, customer, and overall strategy for SAST services.
•Involved in yearly assessment and evaluation of different product vendors for the GSOC team.
•Assist development teams in reviewing and triaging vulnerability scan results and mitigation strategies for
reducing and eliminating security-related findings.
•Assisted with handling vulnerability tracking, incident tickets, and remediation activities.
•Assisted in the annual assessment and evaluation of different product vendors for the GSOC team, contributing to strategic decisions on security tools and services.
•Provided expert advice and remediation strategies to development teams during the review of vulnerability scans, effectively reducing security-related findings.
•Developed custom security dashboards in Splunk to provide real-time visibility into network anomalies, leading to a quicker resolution of potential threats.
•Spearheaded a cybersecurity awareness campaign that significantly raised staff and student knowledge and compliance with security best practices.
•Negotiated with security software vendors to enhance tool capabilities within the budget, improving the overall effectiveness of the GSOC.
•Led a team in the annual cybersecurity drill, testing response protocols and improving incident response time by 25%.
Environment: Splunk, CrowdStrike, Nessus, JIRA, Service Now, Wireshark.
System Engineer — IAM: Infosys Limited, Hyderabad, India. April 2018 — July 2021
•Created user accounts and applied group and security policies to ensure the least privilege principle.
•Administered access for over 10,000 employees to 300+ servers spread across 77 countries in various time zones.
•Administer identity and security access globally for human and functional accounts across multiple systems and applications.
•Responsible for on-boarding/off-boarding, incident/problem management associated with access entitlements
and terminations, as well as Emergency & Privileged Access management.
•Experience with implementing high-priority change management processes.
•Responsible for updating and managing licensing needs for 40+ servers.
•Compiled and provided data sets for third-party auditing services to ensure compliance.
•Mentored junior team members of the IT audits, JD Edwards IAM management tool.
•Responsible for on-boarding and off-boarding incidents and problem management associated with access entitlements and terminations, enhancing security and operational continuity.
•Compiled and provided data sets for third-party auditing services, ensuring adherence to international compliance standards and enhancing data integrity.
•Initiated and led a project to revamp the company's access control frameworks, which improved security measures and reduced unauthorized access incidents by over 35%.
•Integrated multi-factor authentication across all critical systems, dramatically reducing potential security breaches related to compromised credentials.
•Developed a proprietary tool for automated tracking and reporting of access rights, enhancing transparency and compliance with audit requirements.
•Organized and conducted training sessions for new hires and existing staff on security policies and IAM tools, fostering a security-aware culture.
•Implemented a new automated system for monitoring and reporting on user activity and compliance, which reduced the time required for audit preparations by 50%.
•Designed and enforced security policies for remote access to the corporate network, safeguarding sensitive data during increased remote work scenarios and maintaining high security and compliance levels.
•Coordinated comprehensive internal and external audits for IAM processes, ensuring strict adherence to regulatory compliance and identifying opportunities for procedural enhancements.
•Implemented an automated system for deactivating user accounts immediately upon employee termination, streamlining the off-boarding process and safeguarding against unauthorized access.
•Developed and implemented automated scripts to reduce the workload by over 27%.
Environment: ServiceNow Change Management, JIRA, BMC Remedy, Duo Security, RSA SecurID, Microsoft Excel, Google Sheets, Power BI, IAM, PAM (JD Edwards), Microsoft Windows Server, Okta.
Software Developer: Innovgear Technologies. October 2017 – April 2018
•Responsible for developing a full-fledged website, maintaining the database, and creating user and employee registration pages.
•Designed test cases to ensure the full functionality of the website.
•Developing scripts to automate the data input processes to SQL databases.
•Successfully implemented an automated backup solution for the website's database, reducing potential data loss during system failures.
•Enhanced website security by integrating advanced SSL protocols and continuous patch updates, creating a secure user environment.
•Led a small team to improve the website's SEO performance, which resulted in a 50% increase in user engagement and traffic.
•Streamlined data handling processes by developing Python scripts for efficient data manipulation and storage, reducing processing time by over 20%.
Environment: Python (scripting, Pandas, NumPy), SQL, Excel, OpenSSL, HTML/CSS, MySQL, PostgreSQL.
Contact this candidate