Summary
Overview
Work History
Education
Skills
Timeline
Generic

Jithendra Sri

Hamilton

Summary

  • 9+ years of dedicated expertise in information and Web Application Security, encompassing secure code reviews, web application penetration testing, threat modeling, and the implementation of cloud security best practices.
  • Conducted end-to-end vulnerability assessments of APIs and web applications, leveraging DAST, SAST, and IAST tools such as Burp Suite, OWASP ZAP, Fortify, WebInspect, Checkmarx, and Snyk, to identify and remediate OWASP Top 10 risks and MITRE CWE Top 25 weaknesses.
  • Implemented real-time security policies and traffic anomaly detection models, leveraging NoName’s machine learning insights, and integrating with Grafana, Kibana, and NoName’s analytics API for real-time monitoring.
  • Integrated security controls throughout the software development lifecycle by implementing secure coding standards, threat modeling exercises, and automated testing, aligned with NIST SP 800-115 guidance for comprehensive technical security assessments.
  • Hands-on expertise in server-side scripting using JavaScript, Python, and SQL to architect and implement robust backend services and data-driven applications.
  • Utilized HCL AppScan for in-depth security analysis, executing static (SAST), dynamic (DAST), and interactive (IAST) scans to validate compliance with industry standards, and reinforce secure application design.
  • Conducted mobile application security testing for iOS and Android using the Mobile Security Framework (MobSF) for static and dynamic analysis, and OWASP ZAP for runtime vulnerability assessment, to secure mobile data flows and application integrity.
  • Experienced in detecting, analyzing, and providing strategic remediation guidance for security vulnerabilities in server-side scripting languages—JavaScript, Python, and SQL—by employing OWASP Testing Guide methodologies, OWASO, NIST SP 800-115 assessment frameworks, NIST, and MITRE CWE Top 25 remediation guidance.
  • Leveraged machine learning models to identify design-level weaknesses and drive the adoption of secure design patterns, proactively addressing OWASP’s “Insecure Design” category (A04), and other architectural vulnerabilities.
  • Developed and automated security reporting workflows, complete with risk prioritization, issue tracking, and remediation roadmaps, empowering senior leadership with data-driven insights for strategic security decision-making.
  • Simulated real-world attack scenarios demonstrate how vulnerabilities could be exploited during dynamic analysis (DAST) to enhance the application security posture.
  • Conducted wide security awareness training, conducting boot camps, and presenting at industry conferences to cultivate a pervasive culture of security across cross-functional teams.
  • Strengths include designing secure networks, implementing cybersecurity measures and educating teams on best practices to mitigate risk.

Overview

9
9
years of professional experience

Work History

Senior Cyber Security Specialist

Humana
Cincinnati
03.2023 - Current
  • Implemented and managed WAFs and bot protection systems to detect and prevent bot interventions, malicious network, and web traffic attacks.
  • Developed and maintained policies and procedures for web application security, including WAF, bot protection, and vulnerability management systems.
  • Participated in the design and development of the NoName API Security Platform across hybrid-cloud environments (Azure, Noname SaaS), implementing Zero Trust security models with JWT, OAuth 2.0, and mTLS authentication.
  • Automated API security testing by integrating Noname Active Testing with CI/CD workflows (Jenkins, GitHub Actions, Azure DevOps) to proactively detect OWASP API Top 10 vulnerabilities.
  • Optimized API security monitoring, integrating security insights with SIEM (Splunk, QRadar), and SOAR (ServiceNow) for automated threat detection and response.
  • Enforced API governance policies, identifying and mitigating shadow APIs, rogue endpoints, misconfigurations, and excessive data exposure, using NoName’s risk assessment engine.
  • Developed and fine-tuned custom API security policies and anomaly detection models, integrating machine learning insights with Grafana, Kibana, and NoName’s analytics API for real-time security visualization.
  • Led security bug tracking, triaging, and assigning critical vulnerabilities across the organization, ensuring resolution within SLA and half-life limits, and escalating overdue security risks.
  • Assisted teams in security compliance management, guiding GRC exception handling for vulnerabilities projected to exceed SLA timelines.
  • Conducted security audits of APIs and application assessments, ensuring adherence to industry security standards and regulatory compliance.
  • Facilitated cross-business unit security initiatives, enhancing productivity by standardizing security processes, and driving the adoption of improved security practices.
  • Strengthened the organizational security posture by designing and implementing new security processes, and optimizing existing security workflows.
  • Identified and reported security vulnerabilities in Commerce Cloud, filing and tracking security bugs, while collaborating with teams to streamline remediation processes.
  • Managed security assessment lifecycle, proactively addressing stalled security assessments (SAs), ensuring timely resolution, and mitigating assessment bottlenecks.
  • Filed and assigned critical third-party (3PP) security vulnerabilities, detected through Snyk and Sonatype, to the appropriate teams for immediate remediation.

Application Security Engineer

CITI Bank
Remote
04.2020 - 03.2023
  • Gathered security assessment requirements from application owners, and conducted web, mobile (iOS/Android), and API (REST/SOAP) security assessments to identify vulnerabilities.
  • Performed manual security assessments (DAST) on web applications and API endpoints using Burp Suite, Fortify WebInspect, and MobSF, ensuring adherence to industry security standards.
  • Executed SAST scans via Fortify, integrating security analysis into CI/CD pipelines, and assisting teams in configuring and running Checkmarx plugins in Eclipse for automated vulnerability detection.
  • Conducted security testing for compliance with PCI DSS, evaluating applications every quarter to ensure security posture alignment with regulatory frameworks.
  • Identified, categorized, and reported vulnerabilities based on OWASP Top 10 and SANS 25, prioritizing remediation efforts based on risk severity and exploitation likelihood.
  • Tracked and followed up on vulnerability remediation efforts, collaborating with application owners, and development teams to ensure timely mitigation of security risks.
  • Analyzed security reports and remediation actions from third-party vendors using Veracode, ensuring that effective risk mitigation strategies were implemented.
  • Performed penetration testing across public and private networks, simulating attack scenarios to uncover potential security flaws, and assessing exploitability.
  • Evaluated, deployed, and managed security tools for dynamic (DAST) and static (SAST) application security testing, ensuring comprehensive security coverage.
  • Executed vulnerability scans using Burp Suite, maintaining detailed documentation, and providing actionable insights for remediation.
  • Communicated technical vulnerabilities and mitigation strategies to developers and management, translating security findings into actionable business impact assessments.
  • Enhanced security processes and methodologies, continuously improving security testing strategies, reporting mechanisms, and assessment workflows.
  • Collaborated with developers to validate, assess, and remediate vulnerabilities, providing guidance on secure coding best practices, and root cause analysis.
  • Developed and executed enterprise-wide penetration testing schedules, ensuring timely security assessments across all applications and infrastructure components.
  • Researched and analyzed emerging threats, attack methodologies, and known exploits, proactively identifying risks to network and information assets.
  • Created and managed virtualized security environments using VirtualBox and VMs, facilitating secure testing and research environments.
  • Led security process improvements, refining vulnerability tracking, risk assessment methodologies, and compliance workflows.
  • Established an internal security knowledge base (Wiki), documenting security best practices, remediation guidelines, and assessment methodologies for organization-wide adoption.
  • Implemented JIRA-based tracking for security efforts, streamlining vulnerability management, and security assessment workflows for enhanced traceability.

System Security Engineer

CVS Health
Chicago
08.2017 - 04.2020
  • Collaborated with networking and security teams to conduct comprehensive penetration testing across enterprise systems and applications, ensuring coordinated security measures.
  • Developed and executed an organization-wide penetration testing schedule, completing all security assessments within defined timeframes, while ensuring compliance with security standards.
  • Performed penetration testing on critical business applications, identifying and exploiting vulnerabilities to assess security resilience.
  • Authorized detailed assessment reports, documenting findings, risk severity (CVSS scoring), exploit demonstrations, impact analysis, and actionable remediation recommendations.
  • Conducted advanced penetration testing using automated and manual techniques, leveraging Core Impact, Metasploit, Burp Suite, Kali Linux, Checkmarx, NetStumbler, and other open-source security tools.
  • Executed vulnerability scanning using Nessus Security Center, maintaining detailed documentation of identified vulnerabilities and remediation efforts.
  • Performed vulnerability analysis on wired and wireless networks, identifying security misconfigurations, and exposure risks.
  • Categorized and prioritized vulnerabilities based on the OWASP Top 10 and CVSS scoring, ensuring effective risk mitigation and remediation strategies.
  • Continuously researching emerging threats, exploits, and hacking techniques, proactively identifying security loopholes within existing systems.
  • Designed and implemented a cost-effective anti-phishing strategy, successfully reducing phishing attack volumes by 60% through security awareness, and technical controls.
  • Analyzed and reported attack trends, leveraging IDS reports to detect and investigate potential security breaches.
  • Conducted security assessments for PKI-enabled applications, evaluating cryptographic implementations, and certificate-based authentication mechanisms.
  • Performed enterprise-wide penetration testing, ensuring adherence to ISO security standards, and regulatory compliance.
  • Conducted pre-IAM security assessments, generating detailed security reports with exploit demonstrations, impact evaluations, and prioritized mitigation strategies.
  • Performed live network traffic analysis using Wireshark, identifying security flaws, and unauthorized data transmissions across network devices.
  • Delivered security presentations to clients, explaining identified vulnerabilities, attack scenarios, and tailored security solutions.
  • Utilized CVSS scores to assess vulnerability severity, generating structured reports to help prioritize remediation based on risk impact.
  • Compiled comprehensive closure reports, detailing security findings, recommended security improvements, and patch management strategies.

Penetration Test Engineer

Mercedes Benz
Atlanta
06.2016 - 08.2017
  • Conducted security research, attack detection, and mitigation strategy development for network and application-layer threats, collaborating with a dedicated security research team.
  • Performed application penetration testing across various business applications, identifying and exploiting security weaknesses to assess risk exposure.
  • Assessed security controls, identifying segregation of duties (SoD) violations and enforcing least privilege access principles for applications.
  • Executed functional security testing of enterprise security solutions, including RSA two-factor authentication, Single Sign-on (SSO), and Data Loss Prevention (DLP) systems.
  • Conducted password security assessments, performing password cracking tests on administrator and user accounts using John the Ripper, Rainbow Crack, Hydra, and Ophcrack to evaluate credential strength.
  • Ensured application compliance with PCI DSS standards, conducting security assessments to verify adherence to regulatory security frameworks.
  • Captured and analyzed network traffic across all OSI model layers, identifying anomalies, potential threats, and unauthorized data flows.
  • Designed a Management Evaluation Environment (MEE) to assess business risks and implement effective threat mitigation strategies.
  • Monitored and analyzed security logs from NIDS and application firewalls, leveraging Splunk for incident detection and forensic analysis.
  • Investigated security incidents, conducted Root Cause Analysis (RCA), and documented remediation strategies to prevent recurrence.
  • Performed vulnerability assessments using Burp Suite, Paros Proxy, HP Fortify WebInspect, and Confidential AppScan, ensuring comprehensive security coverage.
  • Developed security awareness training content, creating educational videos to enhance organizational understanding of cybersecurity best practices.
  • Evaluated security requirements using scanning tools in both on-premise and remote environments, ensuring security policy enforcement.
  • Reviewed business solution architectures from a security perspective, identifying and mitigating security risks at early project stages.
  • Effectively communicated security issues and mitigation strategies to both security engineers and non-technical stakeholders, ensuring security integration across domains.
  • Validated vulnerability remediation efforts, conducting post-mitigation assessments to ensure the complete closure of security gaps.
  • Conducted offensive security testing in a Kali Linux environment, analyzing and neutralizing DoS, DDoS, XSS, and SQL injection attacks.
  • Reviewed and analyzed vulnerability scan reports from Confidential AppScan and HP Fortify WebInspect, identifying security risks and prioritizing remediation efforts.
  • Active member of Cisco CSTG White Hats, contributing to ethical hacking initiatives and security research.
  • Performed application threat modeling, identified weaknesses in architecture and recommended security enhancements to strengthen system resilience.

Education

Masters - computer science

Southern Arkansas University Tech
Magnolia, AR
04-2016

Bachelors - computer science

Jawaharlal Nehru Technological University
Hyderabad
04.2014

Skills

  • API and application security – WAF, API security testing, OWASP Top 10, Noname Security, OAuth 20, JWT, mTLS
  • Penetration testing and vulnerability assessment – web, API, mobile, and network security testing using Burp Suite, Fortify, Nessus, Checkmarx, HCL AppScan, and Kali Linux
  • Security testing and automation – SAST, DAST, CI/CD security integration (Jenkins, GitHub Actions, Azure DevOps), PowerShell, and Python scripting
  • Threat detection and risk analysis – SIEM (Splunk, QRadar), SOAR (ServiceNow, Demisto), IDS/IPS, malware analysis
  • DevSecOps and secure coding: secure development lifecycle, automated security scans, Python/Bash scripting for security automation
  • Infrastructure as Code (IaC) & Cloud Security – Terraform, AWS, Azure, GCP, Kubernetes security, container hardening
  • Security compliance and governance: PCI DSS, ISO 27001, GDPR, NIST, vulnerability and patch management
  • Development: Java, SQL, JavaScript, Python, C#

Timeline

Senior Cyber Security Specialist

Humana
03.2023 - Current

Application Security Engineer

CITI Bank
04.2020 - 03.2023

System Security Engineer

CVS Health
08.2017 - 04.2020

Penetration Test Engineer

Mercedes Benz
06.2016 - 08.2017

Masters - computer science

Southern Arkansas University Tech

Bachelors - computer science

Jawaharlal Nehru Technological University

Similar Profiles

CREATE PROFILE
Jithendra Sri