Devika A

• Conducted security assessments of cloud service offerings from Azure, identifying threats, risks, and controls.
• Identify and resolve security issues across the cloud infrastructure
• Led security assessments of application, network, and computing architecture prior to production deployment.
• Collaborated with developers, system/network administrators, and other stakeholders to ensure secure design and implementation of applications/networks.
• Performed VAPT of Web Applications, creating test plans, security checklists, and reviewing testing documents.
• Conducted manual and automated static code analysis to identify vulnerabilities and flaws.
• Utilized various automated and manual tools for web application pen testing and cloud security policies.
• Collaborate with security leadership, engineering, and compliance to execute security strategies
• Provided training and supervision to the development team to ensure adherence to OWASP secure coding practices.
• Review our architecture and design through a security lens to provide actionable, timely requirements and recommendations.
• Configured web application firewalls, performed security analysis, and addressed false positives based on dynamic scan reports.
• Participated in remediation review meetings, project meetings, and engaged with stakeholders.

• Conduct technical, operational, and security evaluations to identify gaps in existing information security controls, infrastructure, architecture, and processes.
• Provide security expertise and guidance to technical and non-technical individuals across engineering and business teams.
• Identify gaps, assess risks, and develop and manage remediation action plans throughout the Integration process, prioritizing based on highest risk.
• Collaborate with the product security team to review and process external reports, offering guidance on effective vulnerability countermeasures.
• Contribute to the development, implementation, and maintenance of the global information security strategy program, recommending strategic directions for the firm.
• Perform third-party vendor due diligence for both new and existing vendors, hosting vendor-related meetings with business owners, stakeholders, and vendors.
• Collaborate with teams to improve security compliance, manage risk, and enhance the effectiveness of the system's control environment.
• Collect and review security documentation, including penetration test reports, API integration documentation, SOC2, ISO 27001 reports, etc.
• Promote product security and educate engineering teams on secure development best practices, maintaining references, patterns, and security decisions to assist developers and product teams.

• Conducted in-depth manual penetration tests on various applications, including web, mobile, and thick clients, across both on-premises and cloud infrastructures.
• Identified vulnerabilities and security weaknesses through rigorous manual testing methodologies.
• Developed customized tools and automation scripts to enhance the scalability and efficiency of vulnerability identification processes.
• Reported findings and vulnerabilities to non-technical managers, providing clear explanations and recommendations for remediation.
• Performed, reviewed, and analyzed security vulnerability data to determine applicability and address false positives effectively.
• Proactively incorporated new and updated threat detection rules to maintain customers' security hygiene and enhance threat detection capabilities.
• Identified potential weaknesses and implemented measures such as developing new detection rules and recommending security enhancements.
• Established regular communication channels with product teams to provide feedback on threat activities and collaborate on security enhancements.

Vulnerability Assessment: Conducting thorough assessments of web applications to identify vulnerabilities and weaknesses in their design, implementation, and configuration.

Penetration Testing: Performing manual penetration testing to exploit identified vulnerabilities and assess the potential impact on the application's security.

Security Testing Tools: Utilizing various security testing tools such as Burp Suite, OWASP ZAP, and others to automate and streamline the testing process.

Risk Assessment: Analyzing the identified vulnerabilities to determine their severity and potential risk to the organization's assets and data.

Security Recommendations: Providing actionable recommendations and guidance to developers and stakeholders on how to remediate identified vulnerabilities and improve the overall security posture of the web applications.

Security Standards Compliance: Ensuring that web applications adhere to relevant security standards and best practices, such as OWASP Top 10, PCI DSS, and others.

Security Awareness Training: Conducting security awareness training sessions for developers and other relevant stakeholders to educate them about common security threats and best practices for secure coding.

Documentation: Documenting findings, recommendations, and remediation efforts in detailed reports and documentation for internal use and compliance purposes.

Continuous Improvement: Staying updated on the latest web application security trends, vulnerabilities, and attack techniques to continuously improve security testing methodologies and approaches.

Collaboration: Collaborating with cross-functional teams, including developers, system administrators, and security engineers, to ensure a coordinated and comprehensive approach to web application security.