Post Job Free
Sign in

Application Security Engineer & Secure SDLC

Location:
Santa Clara, CA, 95051
Posted:
June 30, 2026

Contact this candidate

Resume:

SATYA PRAVEEN RAYAPATI

714-***-**** **************@*****.*** Santa Clara, California

PROFESSIONAL SUMMARY

Application Security Engineer with 5+ years of experience securing software development lifecycles, hardening enterprise applications against OWASP vulnerabilities, and modernizing AppSec tooling with AI-assisted automation. Deep expertise in threat modeling, secure code review, and SAST/DAST integration across agile teams. Currently exploring generative AI and LLM-based security automation to accelerate vulnerability detection and remediation at scale.

WORK EXPERIENCE

Software Engineer Inovalon – USA Oct 2025 – May 2026

Application Security & Secure SDLC Integration

•Architected secure software development lifecycle practices for healthcare cloud platforms — integrated threat modeling, secure code reviews, and automated SAST/DAST gates into CI/CD pipelines serving 500K+ daily users.

•Conducted manual and automated penetration testing on web and cloud applications using Burp Suite, Semgrep, and SonarQube; identified 15+ critical vulnerabilities including OWASP Top 10 flaws (SQLi, IDOR, insecure deserialization) before production release.

•Performed threat modeling and risk analysis for 5 microservices; documented attack vectors, security architecture improvements, and validated mitigations against OWASP and NIST frameworks.

AI-Assisted Code Review & Vulnerability Automation

•Piloted AI-assisted secure code review using Semgrep and GitHub Copilot Autofix; reduced mean time to remediation (MTTR) 40% by delivering contextual, actionable remediation guidance directly to developers at commit time.

•Evaluated and documented security guardrails for AI coding assistants (GitHub Copilot, Cursor) — assessed training data exposure risks, prompt injection vulnerabilities, and AI-generated code quality in the context of OWASP Top 10 for LLM Applications.

•Integrated LLM-based code scanning into the development workflow; automated detection of insecure coding patterns across Python and Java repositories, reducing false positives 35% through fine-tuned rule tuning.

Software Engineer II Concentrix – India Jun 2020 – Jul 2023

Vulnerability Management & Security Testing Tools

•Deployed and operated Checkmarx SAST, OWASP ZAP DAST, and SonarQube across 30+ repositories; triaged 200+ security findings, reduced critical CVEs reaching production 60%, and maintained 85%+ code coverage across security gates.

•Integrated Software Composition Analysis (SCA) with Snyk and Semgrep into GitHub Actions CI/CD; blocked 100% of critical-severity third-party vulnerabilities from merging, reducing supply chain risk exposure across the engineering organization.

•Authored and standardized secure code review checklists aligned with OWASP Top 10 and SANS 25; trained 25+ developers on secure coding principles, reducing post-release security defects 30%.

DevSecOps Enablement & Security Automation

•Built automated security testing framework integrating SAST, DAST, and IAST tools into the deployment pipeline; reduced security review cycle time 50% and enabled self-service vulnerability detection for development teams.

•Designed DevSecOps workflow with infrastructure-as-code security scanning and runtime application self-protection (RASP) integration; achieved zero unpatched critical vulnerabilities across 15+ cloud applications on AWS and Azure.

•Standardized incident response procedures for application security incidents; reduced mean time to detect (MTTD) 40% through automated alerting and triage playbooks adopted across the security operations center.

Security Awareness, Threat Modeling & Cross-Functional Collaboration

•Led security awareness training on OWASP Top 10, SANS 25, and emerging AI/LLM security risks (prompt injection, model poisoning, insecure output handling); enabled 50+ engineers to apply threat modeling in design reviews.

•Partnered with product and infrastructure teams to integrate threat modeling into the architecture phase; identified and mitigated 12 high-severity design flaws before implementation, reducing post-release incidents 45%.

•Collaborated with cloud security and compliance teams to establish AWS and Azure security baselines; enforced NIST-aligned controls reducing open cloud misconfigurations 50%.

PROJECTS

AI-Assisted Secure Code Review Platform (Inovalon)

•Piloted Semgrep + GitHub Copilot Autofix for automated secure code review; deployed to 20+ healthcare repositories processing PHI-regulated code, reducing MTTR 40% and developer security review burden 35%.

•Developed threat model and security guidelines for AI coding assistant integration; documented prompt injection risks and guardrails for Copilot/Cursor use within the engineering organization.

SAST/DAST/SCA Integration & CI/CD Security Gates

•Integrated Checkmarx SAST, OWASP ZAP DAST, and Snyk SCA into GitHub Actions; triaged 200+ findings and cut critical CVEs reaching production 60% within one release cycle.

•Built Python-based security reporting layer correlating SAST/DAST/SCA results with vulnerability severity and business risk; reduced false positives 40% and accelerated triage by 50%.

Threat Modeling & Secure SDLC Standardization

•Embedded STRIDE threat modeling as a mandatory design gate for 5 product teams; caught 12 high-severity design flaws before implementation, reducing post-release security incidents 45%.

•Standardized secure code review checklists and OWASP-aligned threat modeling templates; adopted org-wide and reduced design-to-mitigation cycle time 40%.

DevSecOps Pipeline & LLM-Based Code Scanning

•Deployed end-to-end DevSecOps pipeline with automated SAST/DAST/IAST gates, infrastructure-as-code scanning, and LLM-based vulnerability detection at commit; reduced security review latency 50%.

•Evaluated and documented AI/LLM security risks (prompt injection, training data leakage, insecure output handling) in the context of OWASP Top 10 for LLM Applications and NIST AI RMF.

TECHNICAL SKILLS

Languages & Frameworks: Python, Java, JavaScript/TypeScript, Bash, SQL

Security Testing Tools: Checkmarx SAST, Burp Suite Pro, OWASP ZAP DAST, SonarQube IAST, Snyk SCA, Semgrep, Veracode, Fortify

Cloud & DevSecOps: AWS (IAM, Security Hub, WAF), Azure (Defender, Policy), GitHub Actions, CI/CD security gates, infrastructure-as-code scanning, Kubernetes RBAC

AI/LLM Security: Generative AI threat modeling, prompt injection, model poisoning, insecure output handling, OWASP Top 10 for LLM Applications, GitHub Copilot/Cursor security guardrails

Threat Modeling & SDLC: STRIDE threat modeling, secure code review, OWASP Top 10, SANS 25, NIST SP 800-53, ISO 27001, secure design patterns

Incident & Compliance: Vulnerability triage, incident response, root cause analysis, security awareness training, compliance automation (SOC 2, HIPAA)

Tools & Collaboration: Git, JIRA, Confluence, Postman, agile/scrum, technical documentation, cross-functional stakeholder management

EDUCATION

M.S., Computer Science Aug 2023 – Aug 2025

California State University – Dominguez Hills, Carson, California GPA: 3.9

B.Tech., Electronics & Communication Engineering Aug 2016 – Apr 2020

SRM University, Chennai, India GPA: 3.5



Contact this candidate