LIJO THOMAS
Wylie
Summary
Product Security Leader with over 14+ years of experience with a shift left approach of driving secure product development, risk management, and incident response across financial services and global retail supply chains. Expert in embedding security into the software development lifecycle (SDLC) through threat modeling, architecture reviews, and integration of SAST/DAST tools within CI/CD pipelines. Adept at applying security frameworks and standards (NIST, OWASP, PCI) to ensure compliance and resilience. Proven track record of leading cross-functional teams, influencing engineering culture, and implementing scalable security strategies that balance innovation with risk reduction. Recognized for building global security awareness programs and aligning product security initiatives with business objectives to accelerate safe, customer-centric growth.
Overview
20
20
years of professional experience
Work History
Vice President (Tech Risk Advisory)
Goldman Sachs
11.2021 - Current
- Leads the Product Security team in developing and implementing a Shift-Left security approach, enhancing security effectiveness early in the SDLC
- Engaged in comprehensive design evaluations involving multiple teams for both on-premise and cloud applications and services
- Partnered with Application teams and presented security topics and training sessions across various business units and divisions
- Investigated security incidents, achieving significant risk reduction through root cause and analysis
- Conducted internal penetration tests, improving application security and providing recommendations to fix security flaws
- Collaborated with cloud architecture teams to strengthen the security posture of cloud applications, implementing best practices and tools to improve protection against threats actors
- Mentored teams in a global model, enhancing skills and operational efficiency
Staff System Engineer
The Home Depot
08.2017 - 11.2021
- Assessed security posture of intranet and internet facing web/mobile applications and SOAP/REST services using dynamic, static and manual assessments
- Performed internal and external application penetration testing including static code reviews, dynamic testing, manual penetration testing, API assessment and vulnerability assessment
- Partnered with Architect and development teams for performing threat modeling and developing non-functional security requirements
- Led various development teams in efforts to integrate security into SDLC process through threat modeling
- Supported the implementation of security solutions like SAST, DAST, and CLM across the CI/CD pipeline, providing a comprehensive automated application security solution that improved early vulnerability detection and risk mitigation.
- Participated in PCI audit activities including PCI scoping, assessment and reporting
- Provided security awareness training for various project teams across verticals comprising executives, architects and developers
Application Security Engineer
Compunnel Software Group
10.2016 - 07.2017
- Conducted vulnerability assessment of internal/external facing web applications using automated tools such as IBM Appscan, Burp Suite, and OWASP ZAP
- Performed security assessment of web services including REST and SOAP using SOAPUI, Postman and Swagger
- Assessed and identified known vulnerabilities for open source libraries and various frameworks and created proof of concept for exploits
- Performed source code assessment of multiple languages using source code analyzers such as Fortify and Checkmarx
- Contributed towards implementation of secure SDLC process
- Detected vulnerabilities that result in business logic flaws and elevation of privileges
Senior Associate
Cognizant Technology Solutions
01.2016 - 10.2016
- Led security assessment team of 5 members for Security Testing activities based on project requirements
- Conducted security assessments on various external and internal applications, web services and mobile applications using manual approach and automated tools
- Performed network and infrastructure vulnerability assessment using automated tools such as QualysGuard and Nmap
- Implemented security activities such as Dynamic and Static assessment, Manual Testing, Secure Coding Practices, Awareness training, threat modeling in SDLC process
- Integrated Jenkins with Fortify to automate source code scans after every build
Information Security Analyst
SecureApp Technologies Inc.
09.2012 - 01.2013
- Presented Web Application Firewall brown bag sessions to various high-level management and application account managers
- Deployed numerous critical applications in Imperva Web Application Firewall
- Fine-tuned policies and rules in web application firewall to reduce false positives
- Defined high-level process with compliance team, development team and various stakeholders to incorporate security into SDLC process
Information Security Analyst
DataGuardZInc.
10.2011 - 09.2012
- Performed black-box assessment on web/mobile applications, thick client applications, native applications and web services
- Performed security risk assessment of information systems, identifying vulnerabilities and mitigating controls
- Conducted PCI compliance based assessment for applications to identify gaps requiring remediation
- Provided remediation support to development team to fix security vulnerabilities identified during assessments
Software Engineer
Lockstep Solutions, LLC
08.2011 - 10.2011
- Validated and tested Centricity medical product using HP Quality Center
- Assisted in reviewing application source code to identify bugs or flaws
- Prioritized testing based on business risk using HP Quality Center
Application Developer
IBM India Private Ltd
02.2008 - 07.2009
- Developed project plans for client service requests and conducted feasibility studies of client specifications
- Translated client specifications into technical software requirements
- Analyzed customer requirements for healthcare project, National Accounting Service Company (NASCO)
- Designed and implemented source code for functionality modules based on customer requirements
- Performed code review, unit and integration testing to identify major bugs
Software Engineer
Maintec Technologies Private Ltd
04.2007 - 12.2007
- Solved hardware related queries for desktops, laptops and notebooks
- Troubleshot hardware and network related queries for hard drives, motherboards, Local Area Networks and Wide Area Networks
- Supported customer queries via email with recommended solutions and fixes
- Trained and mentored newly joined employees on various processes built within teams
Technical Support Engineer
Hewlett Packard GlobalSoft Limited
12.2005 - 04.2007
- Solve hardware related queries of desktops, laptops and notebooks.
- Troubleshoot hardware and network related queries of hard drive, motherboard, Local Area Networks and Wide Area Networks.
- Support customer related queries via email with recommended solutions and fixes.
- Trained and mentored newly joined employees on various processes built within teams.
Education
Master of Science - Information Assurance and Computer Security, Banking and Financial Security
Dakota State University
04.2011
Bachelor of Technology - Information Technology
VLB Janakiammal College of Eng.& Tech.
04.2005
Skills
- Penetration testing
- Application Security
- OWASP, PCI DSS, NIST
- Vulnerability Assessment
- SAST
- DAST
- Secure SDLC
- Threat modeling
- Cloud Security
- Secure Code Review
- Cloud Security
- Secure Code Review (Java, Kotlin, Golang, React)
- Security Architecture
- Security Awareness Training
Publications
- Mutation Analysis of Magento for Evaluating Threat Model-Based Security Testing, Proceedings of the 3rd IEEE International Workshop on Software Test Automation (STA’11), in conjunction with COMPSAC 2011, Munich, Germany, 07/01/11
- Automated Security Test Generation with Formal Threat Models, IEEE Transactions on Dependable and Secure Computing
- Phishing Detection Using Stochastic Learning-Based Weak Estimators, IEEE Symposium Series on Computational Intelligence, Paris, France, 04/01/11
- Using Gaming Strategies for Attacker and Defender in Recommender Systems, IEEE Symposium Series on Computational Intelligence, Paris, France, 04/01/11
Timeline
Vice President (Tech Risk Advisory)
Goldman Sachs
11.2021 - Current
Staff System Engineer
The Home Depot
08.2017 - 11.2021
Application Security Engineer
Compunnel Software Group
10.2016 - 07.2017
Senior Associate
Cognizant Technology Solutions
01.2016 - 10.2016
Information Security Analyst
SecureApp Technologies Inc.
09.2012 - 01.2013
Information Security Analyst
DataGuardZInc.
10.2011 - 09.2012
Software Engineer
Lockstep Solutions, LLC
08.2011 - 10.2011
Application Developer
IBM India Private Ltd
02.2008 - 07.2009
Software Engineer
Maintec Technologies Private Ltd
04.2007 - 12.2007
Technical Support Engineer
Hewlett Packard GlobalSoft Limited
12.2005 - 04.2007
Bachelor of Technology - Information Technology
VLB Janakiammal College of Eng.& Tech.
Master of Science - Information Assurance and Computer Security, Banking and Financial Security
Dakota State University
Similar Profiles
Meghana MusunooriMeghana Musunoori
Associate at Goldman Sachs & Co. LLCAssociate at Goldman Sachs & Co. LLC
Keerthi Suman VKeerthi Suman V
Senior Support Engineer at Goldman SachsSenior Support Engineer at Goldman Sachs
Piyush GulatiPiyush Gulati
Virtual intern at Goldman Sachs (Forage)Virtual intern at Goldman Sachs (Forage)
Daisy MoralesDaisy Morales
Phone Representative at Goldman SachsPhone Representative at Goldman Sachs
John PerryJohn Perry
Barista Shift Supervisor at Dutch BrosBarista Shift Supervisor at Dutch Bros