Mehul Gadhia
Dallas
Summary
Accomplished cybersecurity leader with 15+ years of experience in offensive, defensive, and proactive security. Proven track record of building high-performing red and blue teams. Expertise in designing large-scale security programs and embedding security into the SDLC through automation, Generative AI, and secure coding practices. Skilled in strategic planning, budgeting, talent acquisition, and securing executive buy-in to drive innovation and operational excellence. Currently oversees multiple Application Security teams at Amazon, managing 40+ professionals, including five managers. Focused on securing the development and deployment of 100,000+ applications and reducing costs by millions in external bug bounty payouts and late discovery of security defects.
Overview
21
21
years of professional experience
1
1
Certification
Work History
Head of Product Security Review Framework
Amazon
01.2022 - Current
- Developed comprehensive three-year strategic plans, long-term vision roadmaps, and scalable frameworks, which I operationalized by assembling cross-functional teams and establishing measurable quarterly objectives to monitor advancements and evaluate outcomes.
- Lead a Product Security R&D and Innovation team focused on automating security processes and leveraging Generative AI to embed security into development and deployment workflows.
- Transformed innovative ideas into reusable mechanisms, reducing manual product security review efforts by 15% and improving the quality of security assessments by 10%.
- Pioneered an automated feedback loop mechanism to identify patterns and signals for repeated misses during pre-release security assessments, preventing them from recurring.
- Instituted an automated mechanism to identify, scope, and prioritize 9,000+ critical applications, determining the appropriate level and cadence of subject matter expertise involvement and focus.
- Steered the Security Certifiers program, a force-multiplier initiative with 3,000+ active certifiers conducting Product Security reviews for Amazon's critical applications.
- Enabled certifiers to annually assess 1,000+ prioritized critical applications, discovering 4,000+ vulnerabilities early in the SDLC and preventing risks before launch.
- Streamlined instructor-led training to equip Certifiers on Threat Modeling, Code Scanning, Security Testing, Secure Coding, Secure Software Development, and related policies, processes, and tooling.
- Lead a Mobile Security team dedicated to implementing robust mobile security strategies and building custom scanner detections for 300+ mobile applications, achieving a 92% true positive rate and discovering security flaws in code and configuration packages.
- Optimized the Security Training & Education organization to deliver micro-trainings, courses, and curricula to 40,000+ Software Development Engineers (SDEs) globally reducing common vulnerabilities by 10% YoY.
Senior Manager, Application Security
Ellucian
10.2008 - 01.2022
- Spearheaded initiatives to enhance the security posture of Ellucian's products, empowering development teams to build world-class SaaS applications on the AWS platform. Built the bug bounty program from the ground up and led both blue and red teams. Engaged in dotted-line reporting to the CISO and contributed to GRC and product security incident response efforts.
- Launched and scaled Bug Bounty, Responsible Vulnerability Disclosure (RVD), and external penetration testing programs, discovering 500+ vulnerabilities pre-release reported by external researchers.
- Implemented a DevSecOps strategy by integrating SAST, DAST, and SCA tools into CI/CD pipelines, automating security scans, and reducing manual review efforts by 89%.
- Built vendor partnerships, conducted proof of concepts (PoCs), and created adoption guides, achieving tool adoption across development teams.
- Championed DevSecOps through presentations, webinars, and workshops, fostering a security-first culture and enabling early vulnerability detection.
- Optimized the program through cost-benefit analysis and a robust vulnerability management system, reducing mean time to remediation (MTTR) by 27%.
- Managed risk-rating and false positive analysis for zero-day threats and product security incidents, reducing incident response time from 3 business days to 1 business day.
- Led efforts to threat model and perform offensive penetration testing on new and existing products, identify and mitigate 200+ security risks proactively.
Project Lead
Universal Instruments
10.2003 - 09.2008
- Captured and analyzed business requirements from clients and stakeholders, ensuring alignment with project goals.
- Designed and architected scalable software solutions using industry best practices.
- Led end-to-end project execution, ensuring on-time delivery of high-quality software.
- Developed and tested applications, conducting rigorous testing for reliability and performance.
Education
Bachelor Degree - Commerce
Gujarat University
05.2000
Skills
- Product / Application Security
- Cloud Security
- Web Security
- API Security
- Mobile Security
- Infrastructure Security
- Enterprise Security
- DevSecOps
- Security Assessments
- Penetration Testing
- Security Testing
- Security Operations
- IAM
- Offensive Security
- Security Scanning
- SAST
- DAST
- SCA
- Vulnerability Assessment and Management
- Threat Modeling
- Project Management
Standards, Frameworks & Compliance
- NIST
- MITRE
- OWASP Top 10
- CVSS
- ASVS
- STRIDE
- ISO 27001
- SOC 2
- Zero Trust security
- PCI DSS
- GDPR
- Other compliance frameworks
Tools And Programming
- BurpSuite
- OWASP ZAP
- NMAP
- Fortify
- Checkmarx
- Semgrep
- Veracode
- Black Duck
- Snyk
- Java
- Python
- SQL
Awards
- Honors Awards
- Sapphire Award For Excellence
- Kudos Award For Outstanding Work
Certification
AWS Solutions Architect
GIAC Web App Pen Tester
Timeline
Head of Product Security Review Framework
Amazon
01.2022 - Current
Senior Manager, Application Security
Ellucian
10.2008 - 01.2022
Project Lead
Universal Instruments
10.2003 - 09.2008
Bachelor Degree - Commerce
Gujarat University
Similar Profiles
Ruben Frausto JrRuben Frausto Jr
Maintenance Technician III at AmazonMaintenance Technician III at Amazon
Sreeram TRSreeram TR
Catalog Manager at AmazonCatalog Manager at Amazon
Yashvvi JangidYashvvi Jangid
Senior Risk Analyst at AmazonSenior Risk Analyst at Amazon
Vivian MaxwellVivian Maxwell
Associate at AmazonAssociate at Amazon
Casey AdesuluCasey Adesulu
Medical Assistant at OUI MEDICAL INCMedical Assistant at OUI MEDICAL INC