Anitha Dakamarri
Aubrey,TX
Summary
Overall 18 years of Total Experience in the IT Industry across various domains of information security such as threat modeling, application security assessments, network security assessments, vulnerability assessment, penetration testing, ISMS documentation, NIST CSF framework, IoT security framework, threat intelligence and security awareness workshops. Recognized industry thought leader and conference speaker known for translating complex security concepts into actionable business strategy.
Best known for building security teams from scratch Defined the vision, strategy, policies, standards, and procedures for securing all enterprise applications and products. Best known for selecting, managing, and optimizing Application Security Testing (AST) tools, including SAST (Static), DAST (Dynamic), and SCA (Software Composition Analysis) and Pentest tools. Managed the entire vulnerability lifecycle from discovery to prioritization and remediation. Hire, manage, and mentor a team of Application Security Engineers. Act as the expert consultant for development, product, and architecture teams on implementing security controls and best practices Partner closely with engineering managers, product owners, and the central Information Security Officer/CISO. Developed new projects that help vulnerability remediation and security metrics Track and report on key security metrics (KPIs/KRIs) to senior leadership, demonstrating the overall security posture and risk reduction efforts. Active volunteer at ISACA(CISM Exam development, Mentor), ISC2(Exam development and UBK panel) OWASP(Contributor) and WiCys(Mentor). Recognized industry (ISC2, OWASP etc.,) thought leader and conference speaker known for translating complex security concepts into actionable business strategy.
Overview
18
18
years of professional experience
1
1
Certification
Work History
Lead Application Security Engineer (Band: Manager)
DFIN (Donnelley Financial Solutions)
Dallas
05.2019 - Current
- Managing Appsec team for all Appsec pillars like SAST/SCA/DAST/Pentest and established strong vulnerability management program
- Developed SSDLC process and implementing each phase with required standards, processes, technologies and executions.
- Developed and published DFIN security standards (Like encryption standards, web server hardening standards, container security standards, information handling standards, log management standards etc.) are reviewed, approved and published throughout the organization.
- Developed required strategies, policies and processes to implement and enforce application security throughout the DFIN product development life cycle.
- Implementing CheckMarX as part of CI/CD process to perform automated secure code reviews for commit, code and testing phases of SSDLC.
- Reviewing security exception and security architectural changes to provide necessary security recommendations.
- Implementing DAST by using Qualys WAS tool to perform pre-production security testing for all flag ship products
- Performing monthly vulnerability management activities using Nexpose and coordinating with internal DFIN teams to patch all high and medium vulnerabilities.
- Instrumental in part of third party and In-house pentesting program, helping DFIN product teams to improve security posture.
- Initiated secure score card implementation for DFIN products, and creating processes to implement and publish to internal DFIN.
- Providing monthly security updates via metrics, KPI’s and dashboards to the security leadership
- Mentoring the new team members to understand the DFIN Appsec process and align with business requirements
- Played key role in enhancement of SAST and DAST tools infrastructure.
- Played key role in providing evidences from Appsec team for all internal and external audits (SOC2, Deloitte and client audits)
- Establishing strong relationship between product and engineering teams for business and security alignments
- Project: DFIN Application Security Strategy and Implementation
- Technologies Used: Qualys,Core Impact, Burp Suite, ZAP proxy, Nmap, OWASP Top 10, CheckMarX, BSIMM, OSTMM, SANS, Qualys, Nexpose ,NIST etc.
- Developed and implemented secure coding standards to mitigate application vulnerabilities.
- Conducted security assessments and penetration testing on web applications to identify weaknesses.
- Collaborated with development teams to integrate security practices into the software development lifecycle.
- Led incident response efforts for security breaches, formulating strategies for remediation and prevention.
- Mentored junior engineers on best practices in application security and threat modeling techniques.
- Created detailed documentation for security policies, procedures, and risk management frameworks.
- Evaluated third-party tools and technologies for enhancing application security posture across platforms.
- Facilitated training sessions on secure coding techniques for developers to enhance awareness of vulnerabilities.
- Assisted in developing risk management strategies by identifying potential weaknesses and recommending appropriate countermeasures.
- Streamlined incident response processes, reducing the time taken to mitigate potential threats effectively.
- Supported continuous improvement initiatives by documenting lessons learned from past incidents and implementing necessary changes moving forward.
- Developed secure coding practices for the team, resulting in a decrease of reported vulnerabilities.
- Contributed meaningfully towards the development of company-wide policies surrounding data privacy and information handling procedures.
- Participated in on-call rotations, providing prompt responses to critical security incidents as they arose.
- Conducted regular audits of applications and systems, ensuring compliance with industry standards and regulatory requirements.
- Developed metrics and reporting mechanisms to track application security performance over time, supporting data-driven decision-making processes within the organization.
- Stayed abreast of emerging threats and trends in cybersecurity, adapting strategies accordingly to maintain application integrity.
- Championed security best practices throughout the software development lifecycle, increasing protection measures across all projects consistently.
Network Security Engineer
USCELLULAR
Chicago, IL
12.2016 - 05.2019
- Created all required processes to have network assessment team establishment.
- Created vulnerability management process like security assessment processes, penetration testing processes etc.
- Worked on LTE, VoLTE regular monthly vulnerability and pentesting activities.
- Part of 5G project and provided Network security assessments and pentest execution to critical network elements like enodeB, communication servers etc.
- Performing internal application/network Penetration Testing using Core Impact or Kali tools and vulnerability scans using Qualys as part of USCC vulnerability management process to all internal projects.
- Performed network security assessment for enterprise high priority applications like billing or invoice systems and provided support for remediation phases.
- Creating policies, processes, standards and baselines, metrics to adopt and establish NIST cyber security framework for all critical USCC carrier network areas.
- Actively involved in collecting threat feeds and analyzing them through the cyber threat intelligence program using Anomali threat stream and Digital Shadows alerting systems.
- Conducting risk assessments through questionnaires, interviews or any available security assessment procedures to validate vendor security programs.
- Performed key role in design and development part of security automation project “risk register and exception process” to track and validate vulnerabilities to comply with compliance like NIST, PCI DSS etc.
- Created “Daily Security Event and Threat Summary” process to prepare top security news which has organization impact analysis to provide risk rank and deliver to executives and leaders.
- Worked on NIST CSF 1.1 upgrade assessment and creating a process to align all internal controls to the NIST controls.
- Project: Security Assessments and Analytics
- Technologies Used: Core Impact ,Burp Suite,ZAP proxy, Nmap,OWASP Top 10, Nessus, Open VAS, Kali tools and Metasploit Framework, Qualys, Threat intelligence tools and NIST CSF.
Penetration Tester
Vuegen Technologies Inc
Chicago, IL
05.2016 - 12.2016
- Performed Internal application Penetration Testing and reporting the findings with evidence and recommend the counter measures.
- Assisted in external application penetration testing.
- Performed manual source code reviews for iOS and Android mobile applications to identify the vulnerabilities.
- Created the Attack vectors and risks for the SDN.(Software defining networks).
- Performed security assessments for USCELLULAR internal/external applications and for virtual and real time networks to identify security threats and recommend the counter measures.
- Project: US cellular Security Assessments
- Technologies Used: Burp Suite, Paros Proxy,ZAP proxy, Nmap,OWASP Top 10,SANS 25, java,.net and all major programming languages
Security Test Lead
Syntel Inc aka Syntel Ltd
Chicago, IL
02.2011 - 05.2016
- Worked on Threat Modeling Index (SPI) to prioritize client applications to comply with PCI DSS regulations.
- Tracking and assigning APP and AMP scans to the team, based on complexity, criticality and availability.
- Performed Dynamic security testing using HP AMP tool/ HP WebInspect and manual validation of scan results to eliminate false positives.
- Performing Static Code reviews using IBM APPSCAN for all major programming languages and manual validation of scan results to eliminate false positives.
- Prepared customized vulnerability assessment report for client and development teams.
- Workshops with development teams to patch the reported vulnerabilities.
- Vulnerability management activities.
- Worked on weekly and monthly dashboards.
- Project: Allstate Application security Assessment
- Technologies Used: IBM Appscan Source, HP Web Inspect, Web Proxy, Paros proxy, HP Web Macro recorder and Quality Center, OWASP Top 10,java,.net and all major programming languages
Security Test Lead
Syntel Information security
06.2012 - 06.2013
- Identify and analyze noncompliance data in unapproved devices to align with Syntel acceptable usage policy.
- Worked on ISMS documents for ISO migration.
- Worked on Dynamic security testing using IBM Appscan standard for internal web and mobile applications.
- Worked on ERP(Oracle E Suite) DB security assessments using AppSentry and worked with concern teams for remediation patch-ups for the findings.
- Technologies Used: IBM Appscan standard,IBM Appscan Source,Nessus, Paros/ZAP proxy, OWASP Top 10, ISO 27001, AppSentry.
Security Test Engineer
FedEx Vulnerability Testing Team
02.2011 - 06.2012
- Worked on internal ISO Audits to maintain compliance with ISO 27001 standards.
- Worked on physical security audits to comply with ISO 27001 standard.
- Worked on network vulnerability assessments using Nessus and worked with concern teams for remediation patch-up activities.
- Project: FedEx Vulnerability Testing Team
- Technologies Used: HP WebInspect, Quality Center, Team forge, OWASP Top 10
Software Engineer
Laviant Data Systems Pvt Ltd
India
07.2008 - 01.2011
- Performed Static Code reviews using HP FORTIFY for all major programming languages and manual validation of scan results to eliminate false positives.
- Worked on Internal Incident Management systems to identify and investigate the incidents.
- Worked on incident closure activities.
- Worked on vulnerability assessments for all internal applications using Brup Suit.
- Worked on EMC Archer risk management tool to report and track vulnerabilities.
- Project: TMA
- Technologies Used: HP Fortify, Nmap, Burp Suit, Internal Incident Management systems
Education
M.C.A(Master Of Computer Applications) - Computers
Jawaharlal Technological University
06-2008
B.Sc(Bachelor of science and technology) - Computers
Acharya Nagarjuna University
04-2005
Skills
- Security architecture design
- Vulnerability assessment
- Compliance management
- Web application security
- Secure development lifecycle
- Penetration testing
Accomplishments
- Awarded with Syntel “STRETCH” value award during Q3 2012, for the value adds done for logistic client.
- Awarded with Syntel “SIMPLE” value award during Q4 2014, for the value adds done for Insurance client.
- Awarded with Syntel “SMART” value award during Q4 2013, for the new proposal done and got new security projects for Syntel.
- Awarded with “Dynamic star” award in USCELLULAR during Q1 2018 for the all work done(NIST CSF and VoLTE Pentest) being pillar of assessment team.
- Awarded multiple times with quarterly(2021-Q1, Q3, 2022-Q2,Q3,2023-Q1,Q2,Q4, 2024-Q2) and “Employee of the Year(2023)” , 2025-Q1 and Q2 award in the current organization, 2025 “Employee of the Year(2025)”
- https://cybersecurity-excellence-awards.com/candidates/anitha-dakamarri-2026/
Certification
- CISSP-Certified Information Systems Security Professional
- CISM- Certified Information Security Manager
- CEH-Certified Ethical Hacker.
- CHFI-Certified Hacker Forensic Investigator.
- ISMF- International Scrum Master Foundation.
- LRPA-LogRhythm Platform Administrator
- LRSA- LogRhythm Security Analyst
- FCRA-Recorded Future Certified Analyst
- CQVM-Certified Qualys Vulnerability Manager
- CCIP- Certified Core Impact Professional
Timeline
Lead Application Security Engineer (Band: Manager)
DFIN (Donnelley Financial Solutions)
05.2019 - Current
Network Security Engineer
USCELLULAR
12.2016 - 05.2019
Penetration Tester
Vuegen Technologies Inc
05.2016 - 12.2016
Security Test Lead
Syntel Information security
06.2012 - 06.2013
Security Test Lead
Syntel Inc aka Syntel Ltd
02.2011 - 05.2016
Security Test Engineer
FedEx Vulnerability Testing Team
02.2011 - 06.2012
Software Engineer
Laviant Data Systems Pvt Ltd
07.2008 - 01.2011
B.Sc(Bachelor of science and technology) - Computers
Acharya Nagarjuna University
M.C.A(Master Of Computer Applications) - Computers
Jawaharlal Technological University