Application Security Software Development
Resume:
Ravindra Monavarty
*********@*****.***
Visa status: US Citizen
Summary:
Over 12 years of experience in web application security testing using tools such as Burp Suite, Microfocus Web Inspect, Fortify, SQL Map, OWASP ZAP Proxy, Nessus, Rapid7, RiskIQ, Archer, ServiceNow, Splunk, Power BI, and Nmap.
Skilled in integrating vulnerability scans into the Software Development Life Cycle (SDLC) to ensure security compliance before production deployment.
Proficient in Qualys security monitoring, including Asset View, Cloud Agent, Vulnerability Management, and Web Application Scanning (WAS).
Strong knowledge of secure development practices, OWASP Top 10, and relevant standards
Expertise in Vulnerability Assessment and Penetration Testing (VAPT) for web-based applications.
In-depth knowledge of network security technologies, including proxies, firewalls, SSL/IPSec, VPNs, SSO, DLP, and gateways.
Experienced in both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
Adept at mentoring development teams on security processes and best practices.
Strong ability to manage multiple tasks, work independently, and collaborate effectively in team environments.
Involved in Secure Software Development Life Cycle (SDLC) to ensure security controls are in place.
Broad knowledge of hardware, software, and networking technologies
Strong knowledge of cybersecurity frameworks, standards, and best practices (e.g., NIST, ISO 27001, CIS Controls).
Technical Skills:
Security Testing & Analysis: Vulnerability Assessment, Penetration Testing, SAST, DAST, OWASP Standards
Tools & Platforms: Burp Suite, HP Web Inspect, Qualys Guard, Veracode, Rapid7, Metasploit, Nessus, Nmap, Imperva, Checkmark, SailPoint, Splunk
Development & Automation: Shell Scripting, Java, Selenium, Jenkins CI/CD, SoapUI, RESTful APIs
Other Expertise: Secure SDLC, Agile Methodologies, Scrum, TFS, RiskIQ, Web Application Scanning (WAS)
Certification:
Certified Information Security Manager (CISM), ISACA
AI in Financial Services certification
Nexpose (Rapid7) Certified Administrator
Metasploit Pro Certified Specialist
SASE Level 1 Certification, Kato Networks
Certified Ethical Hacker (CEH8), GM
Education:
Masters in Power Systems Engineering, Osmania University
Bachelor in Electrical and Electronics Engineering, Andhra University
Professional Experience:
Principal, Cyber Security May 2019 – May 2025
E*TRADE/Morgan Stanley, Alpharetta, GA
Evaluated infrastructure, database, and application security vulnerabilities to ensure SLA compliance
Perform application security services, including risk assessments, architecture reviews, and code reviews for internal and third-party applications
Coordinate with developers, project teams, and third-party vendors to assess and guide secure software development and integration
Provide consultative guidance during the design, development, and deployment phases of new solutions
Review threat models, validate security controls, and ensure alignment with security policies
Review and interpret security testing reports and vulnerability findings, and assist with risk remediation strategies
Working experience in Splunk data integrations or automation with other applications/tools via programming
Knowledge of containerization technologies (Docker, Kubernetes) and microservices architecture.
Contribute improvements in existing AppSec process, workflows, and documentation
Participate in defining and expanding secure software development lifecycle practices across the organization
Support the development and refinement of policy and governance documents related to software security
Track and report on security metrics, status of findings, and overall risk trends
Support management of tools, resources, and schedules for security testing
Led tracking and monitoring for emerging threats and high-risk vulnerabilities.
Conducted application security testing, including code review, vulnerability analysis, and penetration testing.
Developed Splunk dashboards for vulnerability tracking.
Performed manual testing and identified vulnerabilities such as CSRF, XSS, SQL Injection, authentication weaknesses, and insecure cryptographic protocols.
UiPath Studio is used extensively to automate business processes in Morgan Stanley integration projects.
Technical and/or Audit experience with AWS and/or other Cloud Databases such as Azure, GCP, etc.
Identify solutions to feature requests and map out these solutions for team implementation.
Mentor junior developers on coding practices and secure design patterns.
Collaborate with threat detection and vulnerability management teams to continuously improve capabilities and integration points to support continuous control, monitoring, and reporting.
Partners with architecture, infrastructure, and technology teams to review existing architecture, identify gaps, and recommend security enhancements.
Conduct and/or review artifact analyses for environmental applicability and remediation.
Participate in security events and incident response to identify gaps in the current design and propose solutions to prevent threats from recurring.
Research and evaluate emerging security trends, threats, and technologies, and recommend appropriate solutions and enhancements.
Conducted periodic security testing on pre-production and production websites.
Provided divisional metrics and trends on application security vulnerabilities to leadership.
Coordinated remediation efforts with application owners and business stakeholders.
Designed dashboards to report third-party penetration test findings and vulnerabilities.
Integrated CMDB data with the TVM portal to manage Linux asset information.
Experience with Static Application Security Testing (SAST) tools like Fortify, Checkmarks, SonarQube, and Veracode
Worked extensively with software development teams to review the source code, triage the security vulnerabilities generated by HP Fortify, HP Web Inspect, OWASP ZAP, and Burp Suite, and eliminate false positives.
Conducted AWS cloud asset scanning and collaborated with development teams to remediate vulnerabilities.
Led weekly database scan schedules using Imperva, identifying and reporting vulnerabilities.
Assessed applications for security risks in AWS and Azure environments and provided remediation strategies.
Performed automated security tests within Jenkins CI/CD pipelines.
Experienced in Setting up HP Fortify Plugins in Jenkins to Automate the Source Code Analysis (SCA) Scans.
In-depth knowledge on the OWASP top 10 API vulnerabilities and mitigations, conducting manual API testing using Burp Suite.
Validate remediation of SAST and Software Composition Analysis (SCA) assessment findings
Configure, integrate, and support SAST and Software Composition Analysis (SCA) application security tools in DevOps CI/CD pipelines.
Executed dynamic vulnerability assessments using HP WebInspect and Qualys.
Conducted penetration testing using Qualys Guard, Nessus, and manual OWASP Top 10 vulnerability testing.
Conducted SSL and port scans using Nexpose/Rapid7 and Insight VM.
Communicated identified vulnerabilities and provided remediation guidance to clients.
Evaluated data security practices for use, transit, and rest data.
Utilized SAST tools (SonarQube, Fortify, Checkmarx) to scan codebases for Java, Python, and JavaScript vulnerabilities.
Knowledge of risks associated with virtualization and cloud-based computing and the impact of those technologies.
Coordinated remediation efforts for AppSec and open-source vulnerabilities.
Led Morgan Stanley/E*TRADE integration projects, including Share Works and Eaton Vance.
Design, implement, and manage endpoint security solutions using Sentinel One and Microsoft Defender for Endpoint
Monitor and maintain the health of the endpoints by using CrowdStrike
Manage Defender for Identity – ensure health of sensors, and work with IT to maintain them.
Develop and document processes for engineering activities concerning endpoint security and Defender for Identity.
Work closely with the IT teams to implement and maintain endpoint security controls
Collaborate with other cybersecurity team members to ensure comprehensive protection across all endpoints.
Equifax, Alpharetta, GA Aug 2018 – May 2019
Sr. Application Security Consultant
Conducted application security testing, including SAST, DAST, and code reviews based on OWASP standards.
Automated test cases using Java Selenium, Agile frameworks, and Microservices.
Developed regression test suites and conducted integration and UAT testing.
Validated SOAP and REST web services using SoapUI.
Participated in daily Scrum meetings, sprint planning, and defect triage sessions.
General Motors, Roswell, GA Jan 2014 – July 2018
Application Software Security Lead
Performed SAST and DAST on web applications using IBM AppScan and HP Fortify.
Integrated vulnerability scans into the SDLC for secure deployments.
Integrated SCA, SAST, and DAST tools in CI/CD pipelines for shift-left security.
Managed vulnerability assessments and prioritized remediation based on Qualys scan results.
Developed Selenium scripts for login workflows and dynamic scans.
Implemented Security tools into CI/CD pipeline for OSA by using Checkmarx, SAST, IBM AppScan Enterprise, into CI pipeline by creating Jenkins jobs, installing Qualys agents in cloud servers for Vulnerability Management, Insight VM, and Burp Suite Enterprise, which are DAST tools integrating into CI/CD pipeline.
SCA testing has been performed to identify XML External Entity (XXE), Cross-Site Scripting, and SQL Injection attacks within the Developed Source code using HP Fortify SCA 18.20, Nessus, and Checkmark
Supported projects, including GEPICS, HCC, and Supply Chain Design.
Collaborated with development teams across the U.S. and Europe.
Sr Security Engineer Mar 2010 – Dec 2013
Lockheed Martin, Atlanta, GA / Charleston, SC
Conducted SAST and DAST using HP Fortify, IBM AppScan, and Web Inspect.
Ensured secure deployments for key projects, including Supply Chain Design R1.
Mentored development teams on security best practices.
Conducted infrastructure and mobile application penetration testing.
Contact this candidate