Post Job Free

Resume

Sign in

Security Information

Location:
Hebron, CT
Posted:
May 22, 2021

Contact this candidate

Resume:

Devaraj Munuswamy, CEH, CISM admms2@r.postjobfree.com

Devaraj Munuswamy

Ellington, CT

Email: admms2@r.postjobfree.com phone no: 413-***-****

https://www.linkedin.com/in/devaraj-munuswamy-84773620/ INFORMATION SECURITY ARCHITECT / PROGRAM MANAGER

Highly innovative, strategic and goal-oriented technology leader with comprehensive 14+ years of experience in information security management; Plan, develop, implement and manage security across cutting - edge technology application & infrastructure includes containers, microservices and IoT. Demonstrate exceptional leadership and problem-solving abilities by delivering information security projects and programs across various industries includes banking, healthcare, insurance, retail, Life Science etc. Experience in managing security for applications hosted in cloud (AWS, Azure), DevOps by implementing DevSecOps in CI/CD and implementing new generation security solutions. Ability to work collaboratively with diverse & global key stakeholders, executives, and cross-functional teams to define and lead the development of security integration solutions across scope areas.

AREAS OF EXPERTISE

Application Security Security compliance Mobile Security Cloud security Enterprise Security

Information Security Operational Excellence Project Management Security consulting Threat Modeling Secure SDLC DevSecOps Cross-Functional Leadership Strategic Planning Security behavior response BCP/Disaster recovery Active directory security Security strategy & architecture implementation

CAREER HIGHLIGHTS

• Manage information security team in North America and India by providing various security testing service to the clients include: Application security, mobile application security, Infrastructure security, API security, Cloud security, Software component analysis (SCA).

• Responsible in developing security strategy and architecture for various programs.

• Responsible for handling security testing proposals by providing next generation security solutions and assist in providing a roadmap with the services offered to attain client’s digital transformation goals.

• Making sure that security strategy are in alignment with organization goals.

• Demonstrates excellent judgement and ability to assess security of complex systems.

• Ensuring the delivery of services for various security testing projects with appropriate level of quality, on time and within budget.

• Participating in security audit from the third party vendors and making sure to get less non- compliance in the projects.

• Evaluating security tool vendor to implement best tools and practices in the organization.

• Assessed applications for data privacy and compliance includes EU-GDPR, FISMA, NIST, PCI, HIPAA, OSTMM, WASC, CWE and CIS.

• Develop business continuity and disaster recovery plan.

• Supported multiple projects in achieving a “secure state” in their application controls through secure guidelines, hardening security testing checklists, by conducting internal penetration tests and comprehensive application security assessments.

• Prepare security checklists for web application based on OWASP recommendations based on OWASP ASVS.

Devaraj Munuswamy, CEH, CISM admms2@r.postjobfree.com

• Invoking security upliftment program to create awareness on educating importance of security in the organization as well as to the clients.

• Gathering security requirements and deliver security assessment (Carnival, Aetna, HCSC, Humana, Schneider, USAA, Delhaize, MassMutual, Pearson, etc.)

• Designing and implementation of solution strategy for applications migration to cloud (Security Configuration, ACLS and testing).

• Developed and managed security solutions frameworks for DevSecOps, IoT, API/Micro Services, App Container requirements.

• Effectively conceptualize security architecture which includes documentation of current state security capabilities and gaps, as well as future state roadmap aligned with organization strategies.

• Managing a pool of highly skilled technical security resources to implement security automation accelerators to demonstrate to clients on its benefits and value.

• Plays significant role as information security manager by oversighting and defining the security architecture approval frameworks on each phase of SDLC of the projects involved which includes application, API’s and servers.

• Authored a white paper named “Security Mysteries on Cloud” in ISACA’s journal.

• Earned recognition as Information Security Subject Matter Expert (SME) in my current organization.

• Delivered over 500 application (includes API’s) and infra security assessments and solutions.

• Conducted various security testing upliftment training session in the organization in order to educate and mentor the importance of security testing.

• Active member of OWASP and null chapters and well as on various security forums to keep my knowledge up to date.

Work Experiences

COGNIZANT TECHNOLOGY SOLUTIONS BRIDGEWATER, NJ

Security Architect/Manager projects 2014 - Present United states of America (2016 – Present)

India (2014 – 2016)

Security Test management, Security consulting, DevSecOps

• Establishing and managing the application security maturity center (ASMC) in NA region.

• Architect the security strategy for application migration to cloud.

• Worked with different tool vendors who can implement SASE (Security Access Service Edge) platform to ensure cloud security by providing CASB (cloud access security Broker), ZTNA (Zero trust network access), SWG (security web Gateway) and CSPM (Cloud security posture management) services.

• Assessed current security posture of various client security program by identifying the gaps and recommend solutions to bridge the gap to obtain better security posture.

• Worked on various methodologies which includes– waterfall, Agile (which include SAFe Agile) and DevOps and provided respective security solutions accordingly.

• Co-ordinate with DevOps team to architect security (DevSecOps) implementation across CI/CD pipeline

• Participating in client budgeting meetings to articulate the importance of security to allocate appropriate budget for security testing of applications and infrastructure.

• Identification of network/Infrastructure vulnerability by running automated scans for the inventory of servers provided by application owners using Qualys – Vulnerability Management tool. Devaraj Munuswamy, CEH, CISM admms2@r.postjobfree.com

• Involve in running compliance scans which involves PCI DSS with respect network devices based on client standards.

• Coordinating with serves and application owners to get proper sign-off after patching of vulnerability fixes on the servers.

• Maintaining various security metrics related to vulnerability management and share to client

• Created a threat model report on application security for various clients to report various threats and attack vectors to the stakeholders.

• Created a vulnerability traceability matrix from the application security scan on application which provides a broad view of identifying threats and risks associated with the issues identified for the business or development team to prioritize and fix the identified issues accordingly

• Conducted application security testing tool assessment and present gaps and recommendations.

• Suggest roadmap on security testing on applications for future.

• Build a frame work named “Risk severity Matrix” and strategies the security assessment for the organization.

• Maintaining and creating a good customer relationship in order to ensure complete understanding of the various customer processes and providing them good responses, regarding the security measures.

• Mentoring the team members in CoE against project knowledge.

• Providing security testing frame-work or solution for various projects in IME, Manlog, Insurance domains.

• Involved in mentoring the team conducting SAST using various tools like White hat, HP fortify and on IBM AppScan tool for DAST.

• Responsible for business development, effort estimation and deliverables.

• Involved in false positive analysis of few critical issues like SQLi, XSS, etc.

• Review requests for proposals, prepare estimates; source best practices

• Provide thought leadership to security testing Projects.

• Co-ordinate meetings; review plan & implementation status

• Acts as mentor and provides feedback and do performance appraisals for associates reporting to him

• Identifying testing opportunities by collaborating with business development team. POLARIS FINANCIAL TECHNOLOGY LIMITED CHENNAI, INDIA Senior project leader 2008 – 2014

• Managing team size of 10 resources which includes 5 from Security Testing and 5 functional Testing.

• Involved in RFP preparing for security testing projects and presented security testing capability decks to the customers.

• Providing estimate and schedule plan for the security testing projects.

• Ensuring end-to-end ownership of project and making sure to meet deadlines and turnaround time without compromising on quality norms and adhering to SLA which includes accommodation of last-minute changes as well without any slippage.

• Involved in preparation of Business Contingency & Disaster recovery plan.

• Involved in conducting DDOS assessment for various projects Devaraj Munuswamy, CEH, CISM admms2@r.postjobfree.com

• Conducted PCI DSS compliance testing based on the goals.

• Sending project status to higher management on daily basis.

• Involved in vendor management for clients who required third party security testing.

• Good knowledge is risk assessment of projects and highlighting the same to higher management by producing RAG status.

• Provide guidance and mentor regional security teams and team members for moving up to next level of work.

• Coordinating with the developers and administrators to remediate identified vulnerabilities.

• Ensure resource commitment during test life cycle, track progress during execution, report and track defects till closure. Each execution cycle is properly analyzed, defects raised, root cause identified and lessons learnt was implemented

TECHMAHINDRA LIMITED CHENNAI, INDIA

Technical Associate 2003 – 2008

• Preparation of Test plans & Test Strategy for security testing.

• Managed team size of 5 to 6 people.

• Review the test summary report of DAST and SAST

• Review the test design documents and provide input in conducting threat modeling.

• Retesting of faults such as TTR’s (Trouble Report) and CTR’s (Customer Trouble report)

• Conducted various internal sessions on PCIDSS and SOX compliance testing.

• Written various whitepapers on security internal to the organization.

• Creating XML files using XML Schema and evaluating them using XML spy

• Preparation of Test payloads

• Updating the test execution log in the project Repository

• Updating weekly status of testing activities to the management STC TECHNOLOGY LIMITED CHENNAI, INDIA

Test Engineer 2002 – 2003

• Gathering of NFR’s for security testing.

• Run vulnerability scans and manual testing on applications and infrastructure.

• Remove false positives during analysis

• Preparation of test summary report and retesting. ADDITIONAL EXPERIENCE

United Kingdom – Security Test Lead

Singapore – Security Test Lead

Devaraj Munuswamy, CEH, CISM admms2@r.postjobfree.com

EDUCATION

M.C.A. – Master of Computer Applications – Madras University, Chennai, India B.B.A – Bachelors of Business Administration – Madras University, Chennai, India CERTIFICATIONS

CEH – Certified Ethical Hacker – EC-Council

DevSecOps – Udemy

HIPAA Privacy and security Certificate – Cognizant internal Secure Application Development – Cognizant internal CISM – Certified Information Security Manger – ISACA TECHNICAL SKILLS

Vulnerability assessment, Black Duck - SCA, Twist lock, Sysdig, Aqua Container Security Burp suite Pro, Nessus, Metasploit, AppScan, Checkmarx, Fortify, PCI-DSS, EU-GDPR, HIPAA - Compliance assessment on applications DevSecOps implementation and design

Threat Modelling, Cloud deployment model and security responsibility matrix OWASP ZAP, Rapid 7, Microsoft Threat modeller

Nmap, SQLmap, OAuth2, SAML, Active Directory Server, Certificate Authority Server PUBLICATIONS

• Authored a White paper published on ISACA Journal – Volume 3 – 21st May 2015:

“Security Mysteries in the Cloud” – Prestigious journal - https://www.isaca.org/resources/isaca-journal/issues/2015/volume-3/security-mysteries-in- the-cloud

• Designed java web wrapper over SSLDigger tool – to generate HTML report to publish cipher supported.



Contact this candidate