Summary
Overview
Work History
Education
Skills
Timeline
Generic

Pranav Gummaraj Srinivas

Seattle,United States

Summary

Experienced Application Security Engineer with a strong background in product security. Expertise in security reviews, and security automation.

Overview

5
5
years of professional experience

Work History

Security Engineer II

Amazon
10.2022 - Current
  • Product Security Ownership: Serve as the dedicated Product Security Engineer for a high-impact business line. Conduct architecture reviews and develop threat models for new product launches, ensuring alignment with Amazon's security standards and regulatory requirements.
  • Automated Vulnerability Detection: Led the improvement of automated vulnerability detection by analyzing bug bounty findings, identifying gaps, and developing custom static and cloud conformance rules—resulting in measurable reduction in recurring security issues.
  • Security Review Prioritization: Developed and implemented scalable guidelines to prioritize Amazon Payments launches for security reviews based on data classification, risk impact, and threat exposure.
  • Risk Reduction Initiative: Initiated and lead an organization-wide risk identification and mitigation program to address the top security risks through cross-team collaboration, improving long-term resilience and reducing incident response overhead.
  • Security Posture Reporting: Present actionable metrics to senior leadership on a monthly cadence, summarizing detection coverage, vulnerabilities addressed, and strategic security posture improvements.
  • Security Tooling and Rule Development: Built and maintained static code analysis rules and detection logic to catch business-specific vulnerabilities across codebases, contributing to proactive issue identification and shift-left security.
  • Cloud Security Misconfiguration Detection: Enhanced internal tools to detect AWS misconfigurations, integrating them with developer workflows and Amazon’s internal bug tracking systems for faster remediation.

Security Engineer I

Amazon
03.2021 - 10.2022
  • Static Code Analysis: Developed static code analysis rules to detect security vulnerabilities using in-house, open-source, and commercial tools, including Fortify, AWS CodeGuru, and Brakeman.
  • Automation & Integration: Automated the detection and reporting of security vulnerabilities and integrated security tools with internal bug tracking systems, streamlining workflows.
  • Cloud Security: Created tools and rules to detect cloud security misconfigurations in AWS resources, improving cloud security posture across the organization.
  • Architecture Review & Threat Modeling: Conducted architecture reviews and developed threat models using the STRIDE methodology.
  • Security Assessments: Performed security assessments, including manual penetration testing, code reviews, and dynamic application security testing (DAST) to identify and address vulnerabilities.

Security Engineer

Securonix
06.2020 - 02.2021
  • Analyze data from various log sources in AWS infrastructure and other security devices in organizations to develop threat models to detect anomalies and top threats in the cloud.
  • Research latest ATP and TTPs to identify behavior patterns and signatures to detect the latest and critical attacks.

Education

Master of Science - Telecommunication

University of Colorado Boulder
05.2020

Skills

  • Python
  • HTTP Security Headers
  • Application Security
  • Authentication Protocols
  • API Security
  • Threat Modeling
  • Security Architecture Reviews
  • Secure Code Review
  • Cryptography
  • Security Automation

Timeline

Security Engineer II

Amazon
10.2022 - Current

Security Engineer I

Amazon
03.2021 - 10.2022

Security Engineer

Securonix
06.2020 - 02.2021

Master of Science - Telecommunication

University of Colorado Boulder

Similar Profiles

CREATE PROFILE