SATYA PRAVEEN RAYAPATI
714-***-**** **************@*****.*** Santa Clara, California
PROFESSIONAL SUMMARY
Application Security Engineer with 5+ years of experience securing software development lifecycles, hardening enterprise applications against OWASP vulnerabilities, and modernizing AppSec tooling with AI-assisted automation. Deep expertise in threat modeling, secure code review, and SAST/DAST integration across agile teams. Currently exploring generative AI and LLM-based security automation to accelerate vulnerability detection and remediation at scale.
WORK EXPERIENCE
Software Engineer Inovalon – USA Oct 2025 – May 2026
Application Security & Secure SDLC Integration
•Architected secure software development lifecycle practices for healthcare cloud platforms — integrated threat modeling, secure code reviews, and automated SAST/DAST gates into CI/CD pipelines serving 500K+ daily users.
•Conducted manual and automated penetration testing on web and cloud applications using Burp Suite, Semgrep, and SonarQube; identified 15+ critical vulnerabilities including OWASP Top 10 flaws (SQLi, IDOR, insecure deserialization) before production release.
•Performed threat modeling and risk analysis for 5 microservices; documented attack vectors, security architecture improvements, and validated mitigations against OWASP and NIST frameworks.
AI-Assisted Code Review & Vulnerability Automation
•Piloted AI-assisted secure code review using Semgrep and GitHub Copilot Autofix; reduced mean time to remediation (MTTR) 40% by delivering contextual, actionable remediation guidance directly to developers at commit time.
•Evaluated and documented security guardrails for AI coding assistants (GitHub Copilot, Cursor) — assessed training data exposure risks, prompt injection vulnerabilities, and AI-generated code quality in the context of OWASP Top 10 for LLM Applications.
•Integrated LLM-based code scanning into the development workflow; automated detection of insecure coding patterns across Python and Java repositories, reducing false positives 35% through fine-tuned rule tuning.
Software Engineer II Concentrix – India Jun 2020 – Jul 2023
Vulnerability Management & Security Testing Tools
•Deployed and operated Checkmarx SAST, OWASP ZAP DAST, and SonarQube across 30+ repositories; triaged 200+ security findings, reduced critical CVEs reaching production 60%, and maintained 85%+ code coverage across security gates.
•Integrated Software Composition Analysis (SCA) with Snyk and Semgrep into GitHub Actions CI/CD; blocked 100% of critical-severity third-party vulnerabilities from merging, reducing supply chain risk exposure across the engineering organization.
•Authored and standardized secure code review checklists aligned with OWASP Top 10 and SANS 25; trained 25+ developers on secure coding principles, reducing post-release security defects 30%.
DevSecOps Enablement & Security Automation
•Built automated security testing framework integrating SAST, DAST, and IAST tools into the deployment pipeline; reduced security review cycle time 50% and enabled self-service vulnerability detection for development teams.
•Designed DevSecOps workflow with infrastructure-as-code security scanning and runtime application self-protection (RASP) integration; achieved zero unpatched critical vulnerabilities across 15+ cloud applications on AWS and Azure.
•Standardized incident response procedures for application security incidents; reduced mean time to detect (MTTD) 40% through automated alerting and triage playbooks adopted across the security operations center.
Security Awareness, Threat Modeling & Cross-Functional Collaboration
•Led security awareness training on OWASP Top 10, SANS 25, and emerging AI/LLM security risks (prompt injection, model poisoning, insecure output handling); enabled 50+ engineers to apply threat modeling in design reviews.
•Partnered with product and infrastructure teams to integrate threat modeling into the architecture phase; identified and mitigated 12 high-severity design flaws before implementation, reducing post-release incidents 45%.
•Collaborated with cloud security and compliance teams to establish AWS and Azure security baselines; enforced NIST-aligned controls reducing open cloud misconfigurations 50%.
PROJECTS
AI-Assisted Secure Code Review Platform (Inovalon)
•Piloted Semgrep + GitHub Copilot Autofix for automated secure code review; deployed to 20+ healthcare repositories processing PHI-regulated code, reducing MTTR 40% and developer security review burden 35%.
•Developed threat model and security guidelines for AI coding assistant integration; documented prompt injection risks and guardrails for Copilot/Cursor use within the engineering organization.
SAST/DAST/SCA Integration & CI/CD Security Gates
•Integrated Checkmarx SAST, OWASP ZAP DAST, and Snyk SCA into GitHub Actions; triaged 200+ findings and cut critical CVEs reaching production 60% within one release cycle.
•Built Python-based security reporting layer correlating SAST/DAST/SCA results with vulnerability severity and business risk; reduced false positives 40% and accelerated triage by 50%.
Threat Modeling & Secure SDLC Standardization
•Embedded STRIDE threat modeling as a mandatory design gate for 5 product teams; caught 12 high-severity design flaws before implementation, reducing post-release security incidents 45%.
•Standardized secure code review checklists and OWASP-aligned threat modeling templates; adopted org-wide and reduced design-to-mitigation cycle time 40%.
DevSecOps Pipeline & LLM-Based Code Scanning
•Deployed end-to-end DevSecOps pipeline with automated SAST/DAST/IAST gates, infrastructure-as-code scanning, and LLM-based vulnerability detection at commit; reduced security review latency 50%.
•Evaluated and documented AI/LLM security risks (prompt injection, training data leakage, insecure output handling) in the context of OWASP Top 10 for LLM Applications and NIST AI RMF.
TECHNICAL SKILLS
Languages & Frameworks: Python, Java, JavaScript/TypeScript, Bash, SQL
Security Testing Tools: Checkmarx SAST, Burp Suite Pro, OWASP ZAP DAST, SonarQube IAST, Snyk SCA, Semgrep, Veracode, Fortify
Cloud & DevSecOps: AWS (IAM, Security Hub, WAF), Azure (Defender, Policy), GitHub Actions, CI/CD security gates, infrastructure-as-code scanning, Kubernetes RBAC
AI/LLM Security: Generative AI threat modeling, prompt injection, model poisoning, insecure output handling, OWASP Top 10 for LLM Applications, GitHub Copilot/Cursor security guardrails
Threat Modeling & SDLC: STRIDE threat modeling, secure code review, OWASP Top 10, SANS 25, NIST SP 800-53, ISO 27001, secure design patterns
Incident & Compliance: Vulnerability triage, incident response, root cause analysis, security awareness training, compliance automation (SOC 2, HIPAA)
Tools & Collaboration: Git, JIRA, Confluence, Postman, agile/scrum, technical documentation, cross-functional stakeholder management
EDUCATION
M.S., Computer Science Aug 2023 – Aug 2025
California State University – Dominguez Hills, Carson, California GPA: 3.9
B.Tech., Electronics & Communication Engineering Aug 2016 – Apr 2020
SRM University, Chennai, India GPA: 3.5