Application Security Software Development
Resume:
Ravindra Monavarty
****.*********@*****.***
Summary:
Over 12 years of experience in web application security testing using tools such as Burp Suite, Microfocus Web Inspect, Fortify, SQL Map, OWASP ZAP Proxy, Nessus, Rapid7, RiskIQ, Archer, ServiceNow, Splunk, and Nmap.
Skilled in integrating vulnerability scans into the Software Development Life Cycle (SDLC) to ensure security compliance before production deployment.
Proficient in Qualys security monitoring, including Asset View, Cloud Agent, Vulnerability Management, and Web Application Scanning (WAS).
Expertise in Vulnerability Assessment and Penetration Testing (VAPT) for web-based applications.
In-depth knowledge of network security technologies, including proxies, firewalls, SSL/IPSec, VPNs, SSO, DLP, and gateways.
Experienced in both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
Adept at mentoring development teams on security processes and best practices.
Strong ability to manage multiple tasks, work independently, and collaborate effectively in team environments.
Involved in Secure Software Development Life Cycle (SDLC) to ensure security controls are in place.
Broad knowledge of hardware, software, and networking technologies
Strong knowledge of cybersecurity frameworks, standards, and best practices (e.g., NIST, ISO 27001, CIS Controls).
Technical Skills:
Security Testing & Analysis: Vulnerability Assessment, Penetration Testing, SAST, DAST, OWASP Standards
Tools & Platforms: Burp Suite, HP Web Inspect, Qualys Guard, Veracode, Rapid7, Metasploit, Nessus, Nmap, Imperva, Checkmark, SailPoint, Splunk
Development & Automation: Shell Scripting, Java, Selenium, Jenkins CI/CD, SoapUI, RESTful APIs
Other Expertise: Secure SDLC, Agile Methodologies, Scrum, TFS, RiskIQ, Web Application Scanning (WAS)
Certification:
Certified Information Security Manager (CISM), ISACA
Nexpose (Rapid7) Certified Administrator
Metasploit Pro Certified Specialist
SASE Level 1 Certification, Kato Networks
Certified Ethical Hacker (CEH8), GM
Education:
Masters in Power Systems Engineering, Osmania University in 1991.
Bachelor in Electrical and Electronics Engineering, Andhra University, 1985.
Professional Experience:
Principal, Cyber Security May 2019 – Present
E*TRADE/Morgan Stanley, Alpharetta, GA
Evaluated infrastructure, database, and application security vulnerabilities to ensure SLA compliance.
Led tracking and monitoring for emerging threats and high-risk vulnerabilities.
Conducted application security testing, including code review, vulnerability analysis, and penetration testing.
Developed Splunk dashboards for vulnerability tracking.
Performed manual testing and identified vulnerabilities such as CSRF, XSS, SQL Injection, authentication weaknesses, and insecure cryptographic protocols.
UiPath Studio is used extensively for Automating Business Processes in Morgan Stanley integration projects.
Conducted periodic security testing on pre-production and production websites.
Provided divisional metrics and trends on application security vulnerabilities to leadership.
Coordinated remediation efforts with application owners and business stakeholders.
Designed dashboards to report third-party penetration test findings and vulnerabilities.
Integrated CMDB data with the TVM portal to manage Linux asset information.
Experience with Static Application Security Testing (SAST) tools like Fortify, Checkmarks, SonarQube, and Veracode
Worked extensively with software development teams to review the source code, triage the security vulnerabilities generated by HP Fortify, HP Web Inspect, OWASP ZAP, and Burp Suite, and eliminate false positives.
Conducted AWS cloud asset scanning and collaborated with development teams to remediate vulnerabilities.
Led weekly database scan schedules using Imperva, identifying and reporting vulnerabilities.
Assessed applications for security risks in AWS and Azure environments and provided remediation strategies.
Performed automated security tests within Jenkins CI/CD pipelines.
Experienced in Setting up HP Fortify Plugins in Jenkins to Automate the Source Code Analysis (SCA) Scans.
In-depth knowledge on the OWASP top 10 API vulnerabilities and mitigations conducting manual API using Burp Suite.
Validate remediation of SAST and Software Composition Analysis (SCA) assessment findings
Configure, integrate, and support SAST and Software Composition Analysis (SCA) application security tools in DevOps CI/CD pipelines.
Executed dynamic vulnerability assessments using HP Web Inspect and Qualys.
Conducted penetration testing using Qualys Guard, Nessus, and manual OWASP Top 10 vulnerability testing.
Assessed mobile application security for Android and iOS platforms.
Conducted SSL and port scans using Nexpose/Rapid7 and Insight VM.
Communicated identified vulnerabilities and provided remediation guidance to clients.
Evaluated data security practices for data in use, transit, and rest.
Utilized SAST tools (SonarQube, Fortify, Checkmarx) to scan codebases for vulnerabilities in Java, Python, and JavaScript.
I have been working as a subject matter expert for programming languages and web application environments.
Knowledge of risks associated with virtualization and cloud-based computing and the impact of those technologies.
Coordinated remediation efforts for AppSec and open-source vulnerabilities.
Led Morgan Stanley/E*TRADE integration projects, including Share Works and Eaton Vance.
Design, implement, and manage endpoint security solutions using Sentinel One and Microsoft Defender for Endpoint
Monitor and maintain the health of the endpoints by using CrowdStrike
Manage Defender for Identity – ensure health of sensors, and work with IT to maintain them.
Develop and document processes for engineering activities concerning endpoint security and Defender for Identity.
Work closely with the IT teams to implement and maintain endpoint security controls
Collaborate with other cybersecurity team members to ensure comprehensive protection across all endpoints.
Equifax, Alpharetta, GA Aug 2018 – May 2019
Sr. Application Security Consultant
Conducted application security testing, including SAST, DAST, and code reviews based on OWASP standards.
Automated test cases using Java Selenium, Agile frameworks, and Microservices.
Developed regression test suites and conducted integration and UAT testing.
Validated SOAP and REST web services using SoapUI.
Participated in daily Scrum meetings, sprint planning, and defect triage sessions.
General Motors, Roswell, GA Jan 2014 – July 2018
Application Software Security Lead
Performed SAST and DAST on web applications using IBM AppScan and HP Fortify.
Integrated vulnerability scans into the SDLC for secure deployments.
Integrated SCA, SAST, and DAST tools in CI/CD pipelines for shift-left security.
Managed vulnerability assessments and prioritized remediation based on Qualys scan results.
Developed Selenium scripts for login workflows and dynamic scans.
Implemented Security tools into CI/CD pipeline for OSA by using Checkmarx, SAST, IBM AppScan Enterprise, into CI pipeline by creating Jenkins jobs, installing Qualys agents in cloud servers for Vulnerability Management, Insight VM and Burp Suite Enterprise which are DAST tools integrating to CI/CD pipeline.
Perform SCA testing has been performed to identify XML External Entity (XXE), Cross-Site Scripting and SQL Injection attacks within the Developed Source code using HP Fortify SCA 18.20, Nessus, Checkmarx
Supported projects, including GEPICS, HCC, and Supply Chain Design.
Collaborated with development teams across the U.S. and Europe.
Sr Security Engineer March 2010 – Dec 2013
Lockheed Martin, Atlanta, GA / Charleston, SC
Conducted SAST and DAST using HP Fortify, IBM AppScan, and Web Inspect.
Ensured secure deployments for key projects, including Supply Chain Design R1.
Mentored development teams on security best practices.
Conducted infrastructure and mobile application penetration testing.
Sr ERP Analyst Jan 2008 – Apr 2010
Fullscope INC.
Developed and evaluated multiple projects for Microsoft AX6.0 Pre-Release.
Delivered Electronic Signature and Data Collection projects.
Updated scripts and test plans using Sure Step Methodology.
Sr ERP Analyst Jan 2007 – Dec2007
Boeing (Jeppesen Sanderson Inc.), Denver, CO
Automated Oracle Application testing using QTP and H.P. Quality Center.
Designed regression scripts for Oracle modules including Order Management and Service Contracts.
Sr SAP Analyst March 2006- Dec 2007
Great West Company
Designed and executed test plans for SAP interface implementation.
Verified multi-currency conversion for global rollouts.
Sr Software Test Engineer June 2002 – Feb 2006
Oracle Corporation
Evaluated Oracle E-Business Suite applications manually and automatically.
Conducted performance monitoring and SQL data validation.
Contact this candidate