Summary
Overview
Work History
Education
Skills
Websites
Certification
References
Timeline
Generic

Karthik Goturi

Lewisville,TX

Summary

An experienced Application Security Engineer and Technical Lead with 5 years of hands-on expertise in both software engineering and security engineering. Currently leading security initiatives at American Airlines, I am passionate about building secure, scalable applications and automating security processes to drive efficiency. With a strong background in CI/CD automation, cloud security, and vulnerability management, I thrive on leveraging cutting-edge technologies to mitigate risks and optimize performance. A firm believer in the power of automation, I’m always exploring innovative ways to streamline operations and enhance security posture across development lifecycles.

Overview

5
5
years of professional experience
1
1
Certification

Work History

Lead Application Security Engineer

American Airlines
Dallas, TX
06.2022 - Current
  • Enhanced Security Posture: Implemented cutting-edge security tools that reduced vulnerabilities by 30%, significantly improving the organization’s overall security posture.
  • Penetration Testing and Compliance: Conducted in-depth penetration testing, ensuring flawless compliance with industry security standards and uncovering critical vulnerabilities before they could be exploited.
  • CI/CD Pipeline Integration: Seamlessly integrated Azure cloud services into CI/CD pipelines, accelerating deployment processes while improving system scalability.
  • Security Incident Reduction: Strengthened organizational resilience through rigorous security checks, leading to a 40% reduction in security incidents.
  • Automation and Efficiency Gains: Streamlined operations by automating manual tasks with Python scripting, boosting team efficiency by 25%.
  • Embedded Security Scans: Collaborated closely with DevOps teams to build secure CI/CD pipelines, integrating early-stage security scans to identify vulnerabilities proactively.
  • ZERO Alert Strategy: Implemented a "ZERO net new alerts into production" strategy, ensuring no unresolved security alerts were introduced into production environments. This initiative earned recognition from the organization’s executives.
  • User Access Management: Developed scripts to automate user lifecycle management in collaboration with IAM teams, ensuring seamless access control and compliance with security policies.
  • False Positive Resolution: Designed a ticketing system to manage false positives, improving alert response times and reducing fatigue among security teams.
  • GitHub Automation with Probot: Orchestrated Probot automation for GitHub, automating critical tasks such as pull requests, issue creation, Kanban board updates, and troubleshooting scan failures.
  • Cost Optimization in Cloud Infrastructure: Developed ephemeral runners using Terraform and Azure Functions, implementing a pay-per-use model that significantly reduced infrastructure costs by moving away from static on-premise runners.
  • Tool Migration and Integration: Led the migration from Synopsys security tools (Coverity, Blackduck) to GitHub Advanced Security, completing the transition in phases with no impact on CI/CD pipelines.
  • Executive Collaboration: Worked closely with executives, including CISOs and VPs, to ensure that security strategies aligned with broader business objectives.
  • Unified Security Data Management: Integrated security data from multiple scanning tools into a unified reporting system (Nucleus tool) using JSON, streamlining data management and enhancing reporting accuracy.
  • Proficient in GitHub Ecosystem: Skilled in GitHub APIs, Webhooks, Actions, Automation, and Applications, maximizing the platform's capabilities for secure development workflows.
  • Secure Coding Practices: Developed and implemented secure coding standards, ensuring the security of applications across the development lifecycle.
  • Automated Deployment: Designed and maintained automated deployment processes and scripts, ensuring smooth transitions from development to production environments.
  • Backup and Disaster Recovery: Ensured proper backup strategies were implemented across all environments to mitigate risks and data loss.
  • Ongoing Security Vigilance: Maintained up-to-date knowledge of emerging security threats and technologies, implementing new measures to protect against evolving risks.
  • Data Protection and Access Control: Developed and enforced procedures for secure data storage, transmission, and access control, including configuring firewalls, intrusion detection systems, antivirus software, and authentication systems.
  • Regular Audits: Performed regular audits of user accounts and privileges to ensure compliance with company security policies.

Software Engineer

LTIMindtree
Hyderabad, Telangana
06.2019 - 07.2021
  • Software Development: Analyzed user requirements to design and develop robust software solutions, translating functional needs into technical specifications.
  • Full-Stack Development: Developed, tested, and maintained software using Java, JavaScript, HTML, and CSS, ensuring high-quality and efficient code.
  • Unit & Integration Testing: Conducted rigorous unit and integration tests on code modules to ensure functionality, accuracy, and stability of applications.
  • CI/CD Automation: Implemented automated build, testing, and deployment processes using CI/CD pipelines, streamlining development workflows and reducing time-to-release.
  • Production Support & Troubleshooting: Monitored system performance in production environments, troubleshooting and resolving issues to maintain uptime and stability.
  • Cross-Functional Collaboration: Worked closely with product, design, and QA teams to ensure high-quality software delivery and continuous improvement throughout the development lifecycle.
  • Documentation & Knowledge Sharing: Created comprehensive technical documentation, including design documents, test plans, user manuals, and release notes to ensure clear communication and smooth onboarding.
  • Performance Optimization: Optimized applications for speed, scalability, and cross-browser compatibility, enhancing user experience and system performance.
  • API Integration: Integrated third-party APIs and services into existing systems to extend functionality and improve application features.
  • Version Control Management: Managed source code using Git and SVN, ensuring version control and efficient collaboration across multiple teams.
  • Cloud Deployment: Deployed applications on cloud platforms, including Azure, leveraging cloud services for scalability, availability, and security.
  • Security & Maintenance: Deployed updates, patches, and fixes to address security vulnerabilities and ensure the continued functionality of applications.
  • Legacy Code Refactoring: Refactored and optimized legacy code to improve maintainability and performance while preserving existing functionality.
  • Agile Development: Utilized Agile methodologies (Scrum, Kanban) to manage project timelines, deliverables, and ensure flexibility in fast-paced development cycles.
  • Algorithm Design: Developed and implemented custom algorithms to solve complex problems and improve application performance and efficiency.
  • Automation Scripting: Created and maintained automation scripts to streamline testing and deployment processes, reducing manual effort and increasing consistency.
  • Test Case Development: Analyzed requirements documents to design and implement thorough test cases, ensuring comprehensive test coverage and high-quality software releases.

Education

Master of Science - Computer Science and Cybersecurity

University of Alabama at Birmingham
AL, USA

Skills

  • Languages:
    Java, JavaScript, HTML, CSS, Python
  • Frameworks & Libraries:
    Python FastAPI, Spring Boot, Nodejs, React
  • Tools & Platforms:
    Git, Jenkins, Docker, Kubernetes, Terraform, Azure DevOps, GitHub Advanced Security, Coverity, Blackduck, Seeker, Salt API Security, Log Monitoring (Mezmo), Nucleus, Veracode, Burp suite, Hashicorp Vault
  • Cloud & Deployment:
    Microsoft Azure (Azure Function Apps, Azure Logic Apps, Azure Storage Accounts, Azure Web Apps), AWS, Terraform, CI/CD Pipeline Automation (Jenkins, GitLab CI)
  • Security Tools:
    GitHub Advanced Security, Coverity, Blackduck, Seeker, Salt API Security, Mezmo (Log Monitoring), Security Information and Event Management (SIEM) Tools, Web Application Firewalls (WAF), Intrusion Detection Systems (IDS), Vulnerability Scanners
  • Version Control & Collaboration:
    Git, GitHub, GitLab
  • Testing & QA:
    Unit Testing, Integration Testing, JUnit, TestNG, Postman
  • Development Methodologies:
    Agile (Scrum, Kanban), DevOps, Continuous Integration (CI), Continuous Delivery (CD)
  • API Development & Integration:
    REST APIs, GraphQL, SOAP, OAuth, JWT, Webhooks, Swagger, OpenAPI Specifications
  • Monitoring & Logging:
    Mezmo (Log Monitoring), ELK Stack (Elasticsearch, Logstash, Kibana), Datadog, Splunk
  • Containerization & Orchestration:
    Docker, Kubernetes
  • Database Management:
    MySQL, MongoDB, SQL Server, Cosmos DB
  • Infrastructure as Code:
    Terraform, Ansible, Azure Resource Manager (ARM) Templates, CyberArk
  • CI/CD & Automation:
    Jenkins, GitLab CI, CircleCI, Azure DevOps, Ansible, Chef, Puppet, Helm
  • Web Development:
    HTML5, CSS3, JavaScript (ES6), React, Nodejs, Expressjs, Angular, Vuejs
  • Security & Vulnerability Management:
    OWASP Top 10, Secure Coding Practices, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Penetration Testing, Security Audits

Websites

Certification

  • CompTIA Security+

References

References available upon request.

Timeline

Lead Application Security Engineer

American Airlines
06.2022 - Current

Software Engineer

LTIMindtree
06.2019 - 07.2021

Master of Science - Computer Science and Cybersecurity

University of Alabama at Birmingham

Similar Profiles

CREATE PROFILE
Karthik Goturi