Sign in

Security Engineer

The Danforth, ON, M4C, Canada
January 02, 2020

Contact this candidate



Ph: 226-***-**** Email: LinkedIn: City: Toronto


DevSecOps OWASP Hashicorp Vault App Security Penetration Testing Vulnerability Assessment


Nearly 1 year as a DevSecOps Engineer involving work on securing Cloud infrastructure and securing CICD Pipelines

Skilled IT Professional with Post-Graduation Diploma in Information Security Management in addition to hands-on experience working with various Networking devices, Security Applications and Tools used towards securing Information Technology Infrastructure

Worked on preparing Disaster Recovery and Business Continuity Plans for Projects and Portfolio

Practical experience on doing penetration testing to the deployed infrastructure and conducting a vulnerability assessment of the application and the infrastructure using security tools

Integrated security tools into the CICD pipeline viz Veracode for Code Vulnerability, Sonatype for Executable security, Nexpos for VM security, Carbon Black for VM vulnerability, Endpoint security for overall VM security

Very good in the ability to maintain Network Security by configuring Firewalls

Working knowledge in Active Directory, LDAP, WSUS, IPTables, NGFW and ACL’s

Hands-on knowledge in Linux including performance tuning NUMA, cgroups, network stack, IPtables etc

Expert knowledge in setting up a secured private cloud (virtualization) using vSphere, Hyper-V, KVM, Xen, ESXi

Expert proficiency in Python, Shell; moderate proficiency in Java, Perl and C/C++

Implemented enterprise capabilities for DevOps, DevSecOps, and CI/CD in the public cloud AWS

Hands-on experience with writing rules into Intrusion Detection Systems and Intrusion Prevention Systems

Experience working on Web Application Security and in exploiting OWASP TOP 10 vulnerabilities

Agile Team player with excellent interpersonal skills, self-motivated, dedicated and understanding the demands of 24/7 security maintenance


Atlassian Tools and Others

Jira, Confluence

Version Control Tools

Bitbucket, GitHub

CICD Deployment Tools

Jenkins, Ansible

Configuration Management Tools


Security Tools

Sonatype, Veracode, Nexpos, Symantec Endpoint Security, AWS Shield, Azure Web Application Gateway


Amazon AWS, Microsoft Azure

Infrastructure as Code tools


Security as Code Tools

Hashicorp Vault, AWS Parameter Store, Azure KeyVault

Programming Languages

C, C++, Java

Scripting Languages

Bash Shell, Python, PowerShell, Perl

Operating Systems

Windows, Kali Linux


PG Diploma in Information Security Management Fanshawe College, London, ON 1 Year

PG Diploma in Software & Information Systems Testing Fanshawe College, London, ON 1 Year

Bachelor of Computer Applications, Bangalore University, Bangalore, India 3 years


DevSecOps Engineer University of Toronto, Toronto Apr’19 - Till Date

Part of the R&D Security team responsible for the design and implementation of Website security features and security maintenance.

Responsible for the website security audit using various third-party tools: penetration testing frameworks (Kali Linux), security vulnerability scanners (Nessus, IBM AppScan, Burp)

Responsible for the special security investigations and utility development: brute-force attacks, DDoS simulations, research of sophisticated vulnerability exploitation scenarios

Involved in defining website security requirements and security checklist

Defined and setup application quality/health monitoring tools and documenting best practices

Drove the security mindset across the entire organization teams

Initiated and managed projects for relevant security compliances.

Participated in the planning and design of security systems by evaluating and applying application security frameworks and technologies.

Assisted in determining security requirements by evaluating business strategies and requirements. Researched information security standards; conducted system security and vulnerability analysis and risk assessments; studied application architecture/platform.

Developed and coordinated security training programs.

Security Analyst NCPL Inc, Hyderabad May’17- Dec’17

Performed app security reviews, outlining requirements, verifying remediation, threat modeling, Data migration, etc

Assessed application-level vulnerabilities (i.e., code, libraries, databases, frameworks, etc.)

Performed risk assessments

Assisted the full-stack development and DevOps teams in building secure software and infrastructure.

Performed the threat analysis and security audits on the software and infrastructure

Monitored emerging IT security threats and trends

Defined hardening configurations


Available on request

Contact this candidate