Sai Teja Vucha

Projects: JLR [Twin EDU Inverter], Stellantis [Transmission], Holon [Single EDU Inverter]

Cyber Security Controls: Secure Boot, Authenticated Boot, Secure on Board communication [SecOC], Freshness Value Management, Vehicle Key Management System, Code Signing Certificate, Security Access, Secure Diagnostic Routines, Authenticated Diagnostics Access, ECU Secure Life Cycle, ECU Segmentation and secure operation, Authenticated firmware and secure separation

• Analyzed and reviewed cybersecurity software requirements and developed low-level cybersecurity test specifications with all possible positive and negative scenarios.
• Developed automation for cybersecurity validation, reducing manual testing time by 90%.
• Validated the functional testing and fuzz testing on cybersecurity controls and prepared detailed documentation of test results.
• Reviewed vulnerabilities found in cybersecurity controls with developers and supported fixing vulnerabilities.
• Prepared documentation on strategy and testing methodologies for validating cybersecurity controls.

• To perform Web Application Security Assessment using both manual and automation approaches to find the vulnerabilities.
• Understands, reviews, and interprets vulnerability assessment and scanning results, reduce false positive findings, and act as security advisor to developers and management teams.
• Creates detailed risk assessment reports which explain identified technical and logical security findings, describes potential business risks, and presents prioritized recommendations.
• Conduct manual application security testing and source code auditing for a variety of technologies.
• Security training and outreach for internal development teams and define security best practices and standards.

• To conduct security assessments on web, API and network.
• Report the findings to the application developers and business units.
• Proactively monitor the environment to detect and implement steps to mitigate cyber-attacks before they occur.
• Review, investigate, and respond to real-time alerts within the environment.
• Tracks end user security awareness through phishing and social engineering campaigns and report on findings.
• Assesses new security technologies to determine potential value for the enterprise.