Summary
Overview
Work History
Education
Skills
Websites
Timeline
Generic

Hari Priya

Summary

Security professional with approximately 5 years of experience supporting enterprise-wide security initiatives. Skilled in various IT security areas, including Security Architecture, Social Engineering, Risk Assessment, Vulnerability Assessment, and Penetration Testing for Web, Mobile, Web Services, and Cloud environments. Experienced in Black Box, Grey Box, and White Box testing, along with Threat Modelling, Security Architecture evaluation, vulnerability detection, remediation, reporting, and overall Network and Application Security management. Proficient in leveraging both Dynamic and Static analysis methods to evaluate internal and third-party applications for security vulnerabilities, including manual exploitation and mitigation of issues, with expertise in addressing OWASP Top 10 and SANS 25 vulnerabilities. Capable of designing secure application architectures, communicating vulnerability findings with clients, and implementing appropriate remediation measures. Adept at conducting assessments and classifying risks for identified vulnerabilities based on their security impact, likelihood, and associated business risks. Strong communication and presentation abilities, with a proven track record of explaining security threats and driving long-term remediation strategies.

Overview

5
5
years of professional experience

Work History

Sr Application Security Engineer

AT&T
09.2024 - Current
  • Software development, general services, user interface design platforms, very effective messaging solutions, server development, integration, tools, and high security methods on high security methods in the field of technology
  • Using IBM App scan to perform complete analysis of the web application, determined vulnerabilities such as SQL injection, horizontal site script (XSS), dangerous configuration, etc
  • Training and management of security architecture specifications, and implementation of security architecture
  • This is associated with the balance of security risks facing the company and the decision caused by the customer or market requirements
  • Develop, implement, and support application safety strategies
  • Safe design for the modelling of threats, safe code, high risk applications
  • Close contact with the basic service team to contribute to the development and evolution of reference architectures for applications, and the safety of infrastructure, general services, and frameworks
  • Owasp audits and the implementation of the safety method of applications in the industry
  • Performed Application Programming Interface (API) security assessments and remediation activities as part of the API Security Program
  • Maintained high security standards using Enterprise Secure Software Development Cycle (SSDLC) processes and tools
  • Performed vulnerability research, serve as technical security/risk advisor for new technology/applications developed by AT&T
  • Determine testing requirements and develop strategies to automate security testing using a variety of scripting and open-source tools
  • Assist developers in remediating vulnerability findings by providing line-by-line guidance
  • Coached development teams on security disciplines like Threat modelling, Security code reviews, provide training and education to developers on software security best practices
  • Maintain knowledge of current and emerging technologies / products / trends related to security architectural solutions
  • Develops repeatable application security patterns to ensure that systems are placed within the relevant security zones based on the data they house and their purpose
  • Advised and approved of security architectures and changes impacting application security
  • Consulted and assisted with security incident response process
  • Consults on efforts to work with internal and external teams to effectively scope and drive application Penetration tests that help identify and mitigate gaps in security controls

Software Security Engineer

Vanguard
01.2023 - 12.2023
  • Led the implementation of a corporate vulnerability management program, ensuring continuous remediation of vulnerabilities within compliance deadlines
  • Led the integration of Checkmarks into the development lifecycle, automating static code analysis and ensuring the continuous identification and remediation of security vulnerabilities in .NET, (C#) and JAVA applications
  • Successfully developed and implemented numerous secure applications, improving the overall system security
  • Improve existing software systems by identifying and resolving security vulnerabilities and performance issues
  • Helped design and implement secure, scalable cloud infrastructure resulting in more reliable and resilient systems
  • Automated CI/CD pipeline using Jenkins, Maven, Gradle to seamlessly integrate security scanning (Checkmarks, SonarQube, etc.) into the development process
  • Experience in operating and developing infrastructure and services in public cloud environments (AWS, GCP)
  • Experience using cloud provisioning tools such as Terraform and CloudFormation
  • Experience with security monitoring tools, logging, auditing and SIEM solutions
  • Applied knowledge and experience in resolving application security issues identified through Static Application Security Testing (SAST) and Software Composition Analysis (SCA) using .NET and Java stack frameworks to improve overall security and mitigate potential risks
  • Used Docker and Kubernetes for containerization and orchestration to enable secure deployment of applications in cloud environments
  • Work closely with DevOps teams to strengthen container security using tools like Aqua, ensuring Docker and Kubernetes environments meet rigorous security standards
  • Responsible for designing, developing and implementing new security features
  • Responsible for preparing test setup, defining security testing area coverage, test plans and test cases for new features/implementations
  • Performed static/dynamic code testing, manual code inspection, threat modelling, design reviews and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security flaws using tools like Burp Suite, IBM App Scan, Invicti, Black duck, Kali Linux, SonarQube, Nexus, Checkmarks
  • Performed comprehensive scanning of open-source vulnerabilities using Black Duck and ensured that third party libraries used in the application were updated and secured
  • Experience in performing vulnerability assessments, red team or penetration testing
  • Experience in identifying application-level vulnerabilities like XXE (XML External Entities), XSS, SQL Injection, CSRF, broken authentication, sensitive data, HTTP responses, insecure credential stores, RFI/LFI etc
  • Experience in vulnerability scanning of third-party libraries using Nexus IQ and J Frog
  • Hands on experience in API security testing using Postman, SOAP UI, REST APIs

Application Security Engineer

Sunace Technologies
06.2019 - 05.2022
  • Skilled in developing strategies and programs to improve capacity including measurable objectives and goals
  • Maintain up-to-date policy documentation and tracking systems for assigned campaigns/projects
  • Collaborated and coordinated to understand business problems and requirements, performed comprehensive analysis and proposed comprehensive solutions
  • Designed, developed and tested technical solutions with senior engineers and participated in code/design reviews
  • Worked with limited supervision and overseen the installation, configuration, and maintenance of Security related information systems
  • Utilized reverse engineering techniques to identify and resolve vulnerabilities in software systems, enhancing overall security posture
  • Implemented various approaches to Grey Box and Black Box security testing
  • Performed Dynamic and Static Application (SAST and DAST) security testing
  • Prepared reports and presentations on security activities
  • Provide support for security activities including meeting agendas, notes, reports, or other documentation using word processors and other software systems such as Microsoft Word, Excel, Outlook email, and calendar systems
  • Assist developers in resolving security evaluation issues related to OWASP standards
  • Learned how to independently solve operational issues through troubleshooting applications and components
  • Identified vulnerabilities such as SQL Injection, XSS, CSRF related to session management, privilege escalation and other logical issues
  • Several project /team security engineers in the intermittent team in charge of the identity of vulnerabilities

Education

Master of Science -

Pace University
New York

Bachelor of Science -

Shri Vishnu Engineering College for Women’s
Bhimavaram

Skills

Operating Systems:- Linux, Windows, iOS

Programming Languages:- C# (Net), Java, HTML, JavaScript, C, Python, Golang, AngularJS

Source Code Analysis Tools:- HP Fortify, Checkmarks, IBM Source, Veracode, SonarQube, Coverity

Dynamic Analysis Tools:- HP Web Inspect, IBM App Scan Standard, Acunetix, Burp Suite, OWASP ZAP

Penetration Testing Tools: - Burp Suite, Kali Linux

Cloud Security Tools: -Qualys, Okta, Whitehat, Centrify, Nmap

API Testing Tools:- Postman, SOAPUI, Burp Suite

Library Scanning Tools:- Nexus, I Frog, Black Duck

Network Security Testing Tools: - Nmap, Metasploit, Nessus, Qualys Guard, SSL Scan, Wireshark

Proxy Tools: -Burp Suite, OWASP ZAP, Paros

Cloud Infrastructure:- AWS, Google Cloud Platform (GCP)

Methodologies:- Waterfall, Agile, Rational Unified Process (RUP)

Data Processing:- MS Excel, SQL, Minitab, SharePoint, MS Access

Presentation & Business Modelling Tools: - MS Visio, MS PowerPoint, Visual Studio, Mock Flow

Additional Areas of Expertise:

Container Security

Web Application Security & Risk Assessment

API Security & Open-source Security

Threat Modelling

Static Code Analysis

Timeline

Sr Application Security Engineer

AT&T
09.2024 - Current

Software Security Engineer

Vanguard
01.2023 - 12.2023

Application Security Engineer

Sunace Technologies
06.2019 - 05.2022

Master of Science -

Pace University

Bachelor of Science -

Shri Vishnu Engineering College for Women’s

Similar Profiles

CREATE PROFILE
Hari Priya