Hi, I’m
MANOJ KUMAR
Lynnwood,WA
Summary
Experienced application security engineer with a strong track record in safeguarding applications, microservices, and SDLC processes from malicious activities. Skilled in educating developers on best practices to empower their contribution to overall security efforts. Implements a combination of preventive and reactionary measures to effectively protect valuable assets and minimize the risk of breaches.
Overview
15
years of professional experience
1
Certification
Work History
AMEXGBT
Senior Software Security Engineer
11.2021 - Current
Job overview
- Designed and implemented security architecture for open source AI models such as from Hugging Face.
- Conducted Threat Modeling for applications, services and LLM projects.
- Implemented security champions program that led to better collaboration among teams and increased adoption of security best practices.
- Reduced SAST vulnerabilities by 60% and SCA by 30% through shift left practices by implementing IDE plugin scans, CLI scans and Pull request security scanning.
- Increased security awareness by conducting tool walkthrough and training for developers.
- Wrote various automations such as tool onboarding/offboarding that reduced overhead and allows stakeholders to focus on remediation.
- Implemented Open source vulnerability firewall to enforce secure defaults.
Expedia
Application Security Engineer
08.2017 - 11.2021
Job overview
- Developed an in-house vulnerability aggregation tool (in Python and React) to expedite remediation.
- The effort resulted in 60% reduction in open source vulnerabilities.
- Developed a Vulnerability Management Program to ensure timely remediation for vulnerabilities from SAST, SCA, DAST, Server Scans, Container Scans, Penetration Tests
- Perform Design Reviews for applications and services with development teams and provide recommendations for identified Design Flaws
- Implemented Fortify and Dependency Check in CI/CD pipeline to ensure regular scanning of 200+ applications and services
- Performed SAST tool comparisons and provided recommendations to management
- Review and authorize Web Application Firewall (WAF) changes
- Provide mitigations plans for vulnerabilities identified during external audits such as PCI and TUV
- Perform Regular Cloud reviews for critical controls such as S3 buckets, AWS Security Groups
- Architecture consulting for new services as a member of Egencia’s Engineering Review Board
Accenture Services Pvt. Ltd.
Senior Security Analyst
10.2014 - 08.2016
Job overview
- Company Overview: Client- British Telecom
- Coordinated with British Telecom teams based out of UK, India, and Sri Lanka to provide security consultation on Openreach application
- Performed manual code review for Java applications
- Conducted Penetrations tests and IBM Appscan Standard scans
- Audited DMZs and Server configurations to uncover access control and authorization weaknesses
- Trained developers and QA engineers on OWASP Top 10, which resulted in reduced number of security issues
- Client- British Telecom
Fiserv India Pvt. Ltd.
Information Security Engineer
03.2013 - 10.2014
Job overview
- Reduced cost of operation by implementing an in-house vulnerability management and reporting tool on C# .NET
- Conducted vulnerability assessments of Web and Mobile applications in Banking and Finance sectors
- Shared consolidated vulnerability reports with clients and helped them develop mitigation plans
- Played key role in tool acquisition by negotiating requirements with vendors and performing tool comparisons
Xcino Technologies Pvt. Ltd.
Software Engineer
06.2010 - 03.2013
Job overview
- Implemented Business Logic Layer in energy sector and hotel industry projects in C# .NET framework
- Improved decision-making time by 30% by creating iPhone application in Objective C for reporting on carbon footprint of clients
- Performed code reviews to identify vulnerabilities and wrote code to mitigate the same
Education
University at Buffalo, The State University of New York
Management Information Systems
06.2017
UTTAR PRADESH TECHNICAL UNIVERSITY
Bachelor of Technology from Computer Science and Engineering
06.2010
Skills
- Cybersecurity Vulnerability Assessment
- Proficient in DevSecOps Practices
- Secure Application Development
- Python Software Development
Certification
- GIAC Cloud Security Automation (GCSA)- GIAC.
Languages
English
Native or Bilingual
Hindi
Native or Bilingual
Timeline
Senior Software Security Engineer
AMEXGBT
11.2021 - Current
Application Security Engineer
Expedia
08.2017 - 11.2021
Senior Security Analyst
Accenture Services Pvt. Ltd.
10.2014 - 08.2016
Information Security Engineer
Fiserv India Pvt. Ltd.
03.2013 - 10.2014
Software Engineer
Xcino Technologies Pvt. Ltd.
06.2010 - 03.2013
UTTAR PRADESH TECHNICAL UNIVERSITY
Bachelor of Technology from Computer Science and Engineering
University at Buffalo, The State University of New York
Management Information Systems
Similar Profiles
Bobby SpiveyBobby Spivey
Senior Corporate Travel Counselor at AmexGBTSenior Corporate Travel Counselor at AmexGBT
Harish Chander PunethaHarish Chander Punetha
Senior Developer at AMEXGBTSenior Developer at AMEXGBT
Daniel ZamoidaDaniel Zamoida
Entertainment and Publicity Travel Consultant at AMEXGBT/Disney AccountEntertainment and Publicity Travel Consultant at AMEXGBT/Disney Account
Daniel WangDaniel Wang
Software Engineer at SmartsheetSoftware Engineer at Smartsheet
Erik PonceErik Ponce
Sales Associate at TJX CompaniesSales Associate at TJX Companies