Anil Kumar Mukkamala
Littleton,CO
Summary
A dynamic Application Security Engineer leveraging deep technical expertise in SAST, DAST, and penetration testing with strong strategic acumen to drive organizational resilience and risk reduction across enterprise applications. Recognized for consistently exceeding security expectations by leading DevSecOps initiatives, integrating security into the CI/CD pipeline, and successfully resolving critical OWASP Top 10 vulnerabilities. Expert in cross-functional collaboration, providing essential InfoSec guidance and documentation to development and infrastructure teams to ensure secure, scalable, and compliant solutions.
Overview
12
12
years of professional experience
Work History
Sr. DevSecOps Enginner
Dish Network
08.2021 - Current
- Responsible for identifying and escalating vulnerability assessment for application scanning results.
- Implemented SAST assessment, scanned source code, reviewed the results, and verified false positives.
- Experience in using GitLab and GitHub, used commands to pull and push the code to the repository.
- Provided security training for all the developers and testers on what are the know vulnerabilities and how to avoid them.
- Involved in DAST assessment and analysis, performed Dynamic scans of websites and API’s and validated false positives.
- Integrated CI/CD using python and Jenkins to allow one click validation.
- Experience in python scripting and bash scripting.
- Involved in meetings with management to provide proof of concept for new technologies to use for security assessment.
- Performed assessment with burpsuite across all environments i.e. prod, dev pre-prod.
- Identify all the old vulnerabilities and train web developers on how to avoid them by upgrading their code.
- Responsible for citing and maintaining all the security guidelines across the organization.
- Experienced in OWASP dependency check and all the top ten vulnerabilities specified by them.
- Responsible to maintain application security program across the enterprise.
- I am the point of contact for all the security issues and asks.
- Involved in the meetings with security architect to discuss about issues and threat modelling as well.
- Identifying the critical, High, Medium, Low vulnerabilities in the application based on OWASP Top 10, CWE and prioritizing them based on the criticality.
- Reviewed security vulnerability reports for applications and databases, analyzed and worked extensively with the development teams.
- Preparation of risk registry for the various projects and coordination with the development team.
- Worked on HP fortify to run static code for both API and UI to eliminate false positive results and analyze the results.
- Mainly addressing application-level vulnerabilities like XSS, SQL Injection, authentication bypass, weak cryptography, authentication flaws, Insecure direct object reference, Security Miss configuration, Sensitive data exposure, Functional level access control, and Invalidated redirects.
- Embed Security: Partner with development and infrastructure teams to integrate InfoSec requirements, best practices, and security initiatives.
- Secure Tools: Ensure teams have access to security tools for early detection and fixing of security concerns.
- Vulnerability Management: Drive the resolution of vulnerabilities identified in software and environments via security scans and coordinate patching efforts.
- Deployment Assurance: Implement security scanning and controls to ensure secure, risk-managed deployments and post-deployment security.
- Security Documentation: Assist teams in creating and maintaining essential security architecture diagrams and project documentation.
- Data Protection: Help ensure software components apply appropriate security measures for handling sensitive or regulated data (PII/PCI).
- Guidance & Awareness: Convey InfoSec guidance and proactively provide security advice to technical teams.
- Pipeline Awareness: Track and report software deployment schedules to the InfoSec team.
- Incident Support: Assist with InfoSec-led security event response, root cause analysis, and implementing mitigating controls (especially code-related).
- Process Improvement: Analyze existing processes for efficiency and security gains; propose and draft improvement project plans.
- General Initiatives: Support InfoSec-led security initiatives, especially those involving AWS infrastructure (e.g., updates, agent deployments, audits).
- Reporting & Analysis: Track and report on DevSecOps and vulnerability management work, impact, and results.
- Knowledge Transfer: Organize and deliver small-scale training sessions for technical teams.
- Continuous Learning: Maintain relevant professional knowledge, monitor industry trends in cybersecurity and cloud, and pursue continued education/certifications.
- Stakeholder Management: Develop and maintain strong working relationships with internal teams, external vendors, and stakeholders.
- Implemented innovative engineering solutions to improve operational efficiency and reduce costs.
- Led cross-functional teams to enhance product design and development processes.
Java Application Security Specialist
Comcast
05.2016 - 06.2021
- Responsible for identifying and escalating vulnerability assessment for application scanning results
- Identifying the critical, High, Medium, Low vulnerabilities in the application based on OWASP Top 10, CWE and prioritizing them based on the criticality.
- Reviewed security vulnerability reports for applications and databases, analyzed and worked extensively with the development teams
- Preparation of risk registry for the various projects and coordination with the development team
- Worked on HP fortify to run static code for both API and UI to eliminate false positive results and analyze the results.
- Involved in system design, enterprise application development using object-oriented analysis in Java/JEE6
- Mainly addressing application-level vulnerabilities like XSS, SQL Injection, authentication bypass, weak cryptography, authentication flaws, Insecure direct object reference, Security Miss configuration, Sensitive data exposure, Functional level access control, and Invalidated redirects
- Performed dynamic scans on the code using Netsparker and analyzed the results.
- Performed Dynamic vulnerability assessments using HP WebInspect.
- Performing security training or presentation programs for developers on latest security issues(OWASP 10 or CWE 25) and explaining the remediation’s
- Attending monthly security scan results meetings and discussing latest security scan results dashboard with managers on all projects.
- Performed Automated security testing and worked with dev, qa and project manger to ensure the appropriate follow-through on issues and security vulnerabilities.
- Assisting developers on implementing Information Security Policies and Guidelines as per OWASP (Open Web Application Security Projects), SANS Secure Coding guidelines.
- Managed vulnerability management & reviewed security logs to ensure compliance with policies, procedures and identified potential anomalies.
- Coordinating with developers regarding reported vulnerabilities by explaining the ease of exploitation and the impact of the issue
- Participating static code review to find improper buffer checking, unintended operations, unexpected failure conditions, input validation, and improper cryptography
- Having Good knowledge in gathering requirements from stakeholders and strong technical understanding of vulnerabilities
- Involve in performing security risk assessments on applications and architecture reviews.
- Environment: Windows IIS, VMware, MS SQL Server 2008/R2, MS Access 2000, BurpSuite, HP web Inspect, Java
Security Engineer/ Penetration Tester
ICrea Infotech
05.2013 - 12.2014
- Manual Code review to find logic flaw, which are not identify by Automated Tool.
- Conducting Risk Assessment and Threat Modeling to find flaws in Application
- Interacting with Developers Team for better understanding of Secure Application Development.
- Analyze test findings, of security vulnerabilities found, and collaborate with engineering and development teams to provide mitigation steps to reduce the vulnerabilities.
- Perform web Services testing by using manual test and automated tools
- Performing wed application authentication Manipulation Using SQL Injection tools like Haviji.
- Experience in using Fortify or other Static Analysis Tools (like check Marx) for Static Analysis and False Positive Elimination.
- Performing social engineering attacks using Back track and Kali Linux
- Performing Black Box testing with anonymous identity
- Performing XSS, CSRF, SQL and Cross side Forgery attacks on a wed application and suggesting solutions for vulnerabilities
- Performing sophisticated penetration examinations for the purpose of ascertaining the technical weaknesses existing the computer systems
- Finding out effective ways of manipulating the vulnerable domains of the systems
- Maintaining high level of security of the information that is crucial for the business growth of the organization
- Identifying efficient measures of sustaining network security at a constant rate
- Becoming familiar with the business functions and infrastructure of the organization
- Carefully assessing the software environments and examining the level of risk that they can pose to the network systems of the organization
- Demonstrating applicable information pertinent to the security before the regional directors and management group of the organization
- Environment: Linux, Back track, Windows IIS, VMware, IBM app Scan, Kalilinux, MS SQL, Oracle10g, MS Access 2000, Nessus, Burp Suite, Metasploit, Haviji
Education
Masters - Information Technology And Computing
Valparaiso University
Valparaiso, IN05.2016
Skills
- DirBuster
- BurpSuite
- NMap
- Nessus
- Kali Linux
- SQL MAP
- IBM App Scan
- Netsparker
- Zap
- HP Fortify
- Security/Compliance
- OWASP Top 10
- CWE
- SAST
- DAST
- Threat Modeling
- InfoSec
- PCI/SOX Compliance
- Java
- C
- C
- C#
- SQL
- Python
- PowerShell
- PHP
- HTML5
- CSS3
- XML
- JavaScript
- MS SQL Server
- 2008R2
Timeline
Sr. DevSecOps Enginner
Dish Network
08.2021 - Current
Java Application Security Specialist
Comcast
05.2016 - 06.2021
Security Engineer/ Penetration Tester
ICrea Infotech
05.2013 - 12.2014
Masters - Information Technology And Computing
Valparaiso University
Similar Profiles
Stephen SederstromStephen Sederstrom
Sr Field Resource Coordinator at DISH NETWORKSr Field Resource Coordinator at DISH NETWORK
Scott C. SorensenScott C. Sorensen
General Manager- Outsource Operations at Dish NetworkGeneral Manager- Outsource Operations at Dish Network
Renee SisneyRenee Sisney
Senior Sales Associate at Dish NetworkSenior Sales Associate at Dish Network
Analicia SalazarAnalicia Salazar
Business Development Center Agent at Schomp AutomotiveBusiness Development Center Agent at Schomp Automotive
Daniel RabhanDaniel Rabhan
Team Lead Inbound Sales - SaaS HR/FinTech at Deel Inc.Team Lead Inbound Sales - SaaS HR/FinTech at Deel Inc.