Summary
Overview
Work History
Education
Skills
Timeline
Generic

SRIVIKAS RAMINEEDU

Summary

Dynamic Application Security Engineer with extensive experience at Bank of America, adept at leading security testing initiatives and implementing robust security protocols. Proven track record in reducing vulnerabilities through effective threat modeling and secure coding practices. Strong analytical skills complemented by a collaborative approach, ensuring alignment with industry standards and best practices.

Overview

6
6
years of professional experience

Work History

Application Security Engineer

Bank of America
10.2024 - Current
  • Led in-depth security testing of web application features, including login functionalities, MFA implementations, and logout processes, ensuring compliance with OWASP Top 10 and mitigating critical vulnerabilities.
  • Conducted authorization testing to prevent vertical and horizontal privilege escalation vulnerabilities, ensuring robust role-based access controls (RBAC).
  • Utilized Burp Suite and Fiddler to analyze and intercept web traffic for identifying potential flaws in input validation, session management, and API security.
  • Developed and executed test plans for cross-site scripting (XSS), SQL injection, and CSRF vulnerabilities, effectively reducing risks in sensitive application components.
  • Worked collaboratively with developers to resolve security gaps uncovered during DAST and SAST, providing recommendations for secure coding and configuration.
  • Proactively identified vulnerabilities in security protocols, including improper token handling in MFA systems and predictable OTAC generation, to ensure secure authentication mechanisms.
  • Analyzed application workflows to identify logic flaws and business logic vulnerabilities, providing solutions to prevent exploitation.
  • Conducted secure code reviews using Checkmarx, identifying insecure coding patterns and recommending security enhancements to development teams.
  • Automated repetitive testing tasks, improving testing efficiency and reducing time to remediation for identified vulnerabilities.
  • Delivered technical presentations and detailed vulnerability reports to stakeholders, ensuring alignment on remediation efforts and security best practices.
  • Ensured proper handling of cryptographic protocols, securing sensitive data transmission through SSL/TLS, digital signatures, and token encryption techniques.
  • Implemented threat modeling strategies to identify potential attack vectors during the application design phase, effectively mitigating risks before implementation.
  • Evaluated mobile application security for iOS and Android platforms, identifying platform-specific vulnerabilities and offering tailored mitigation strategies.
  • Managed cloud security testing for APIs and infrastructure, addressing misconfigurations and unauthorized access risks.
  • Supported compliance initiatives by aligning security assessments with industry standards and regulations, such as PCI DSS, GDPR, and NIST.
  • Recommended best practices for secure integration of Single Sign-On (SSO) and OAuth-based authentication mechanisms to enhance user experience and security.

Application Security Engineer

AT&T
02.2024 - 10.2024
  • Provided architectural guidance on best practices regarding security in software development, shared services, user interface design frameworks, high performance messaging solutions, server-side development, integrations, tools and technologies
  • Conducted comprehensive security scans of web applications using IBM AppScan to identify vulnerabilities such as SQL injection, cross-site scripting (XSS), and insecure configurations.
  • Driven and guided the specification and realization of a security architecture, with decisions driven by balancing security risks faced by the business along with customer or market requirements
  • Developed, implemented and maintained Application security strategy
  • Performed threat modeling, secure code reviews, and secure design reviews for high-risk applications
  • Worked closely with core services team, contribute to the development and evolution of the application and infrastructure security reference architecture, shared services and frameworks
  • Ensured validation for OWASP and the implementation of industry-leading application security practices.
  • Performed application program interface (API) security assessments and remediation activities as part of the API security program.
  • Leveraged enterprise Secure Software Development Life Cycle (SSDLC) processes and toolset to maintain high security standards.
  • Performed vulnerability research, serve as technical security/risk advisor for new technology/applications developed by AT&T
  • Determine testing requirements and develop strategies to automate security testing using a variety of scripting and open-source tools
  • Assist developers in remediating vulnerability findings by providing line-by-line guidance
  • Coached development teams on security disciplines like Threat modeling, Security code reviews, provide training and education to developers on software security best practices
  • Maintain knowledge of current and emerging technologies / products / trends related to security architectural solutions
  • Develops repeatable application security patterns to ensure that systems are placed within the relevant security zones based on the data they house and their purpose
  • Advised and approved of security architectures and changes impacting application security
  • Consulted and assisted with security incident response process
  • Consults on efforts to work with internal and external teams to effectively scope and drive Application Penetration tests that help identify and mitigate gaps in security controls

Software Security Engineer

Vanguard
01.2023 - 12.2023
  • Led the implementation of a corporate vulnerability management program, ensuring continuous remediation of vulnerabilities within compliance deadlines.
  • Led the integration of Checkmarx into the development lifecycle, automating static code analysis and ensuring the continuous identification and remediation of security vulnerabilities in .NET,(C#) and JAVA applications.
  • Successfully developed and deployed numerous secure applications, enhancing overall system security.
  • Improved existing software systems by identifying and fixing security vulnerabilities and performance issues.
  • Collaborated on the design and implementation of a secure and scalable cloud infrastructure, leading to a more robust and reliable system.
  • Automated CI/CD pipelines using Jenkins, Maven, and Gradle, ensuring seamless integration of security scans (e.g., Checkmarx, SonarQube,) into the development process.
  • Experience operating and developing infrastructure and services in public cloud environments (AWS, GCP.)
  • Experience using cloud provisioning tools such as Terraform or CloudFormation.
  • Experience with security monitoring, logging, auditing tools and SIEM solutions.
  • Applied knowledge and experience in addressing application security issues identified through Static Application Security Testing (SAST) and Software Composition Analysis (SCA), employing .NET and Java stack frameworks to enhance overall security posture and mitigate potential risks.
  • Utilized Docker and Kubernetes for containerization and orchestration, ensuring secure deployment of applications in cloud environments.
  • Collaborated closely with DevOps teams to fortify container security using tools like Aqua, ensuring that Docker and Kubernetes environments met rigorous security standards.
  • Responsible for design, development, and implementation of new security features.
  • Responsible for preparation of Test Setup, Security Test Area Coverage definition, Test Plan and Test Cases for new features/implementation
  • Performed static/dynamic code testing, manual code inspection, threat modeling, design reviews and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects using tools like Burp Suite, IBM AppScan, Invicti, Blackduck, Kali Linux, SonarQube, Nexus, Checkmarx etc.
  • Utilized Black Duck to perform comprehensive scans for open-source vulnerabilities, ensuring third-party libraries used in applications are updated and secured.
  • Experience with performing vulnerability assessments, red teaming, or penetration testing
  • Proficient in capturing application-level vulnerabilities like XXE (XML External Entity), XSS, SQL Injection, CSRF, Broken Authentication, sensitive data, HTTP response, Insecure credential storage, RFI/LFI
  • Experience in scanning the third-party library vulnerabilities using Nexus IQ and JFrog.
  • Hands-on experience in API Security Testing using Postman, SOAP UI, REST API.

Application Security Engineer

BlackBuck EV
08.2019 - 07.2022
  • Skilled in developing strategies and programs to ensure capability enhancement to include measurable goals and objectives.
  • Maintained guidance documents and tracking systems for assigned campaigns/projects.
  • Interacted and coordinated in understanding the business issues, requirements, doing exhaustive analysis and offering end-to-end solutions.
  • Designed, developed, and tested technical solutions collaborating with senior engineers and was involved in code/design reviews.
  • Worked with limited supervision and overseen the installation, configuration, and maintenance of Security related information systems.
  • Utilized reverse engineering techniques to identify and resolve vulnerabilities in software systems, enhancing overall security posture.
  • Conducted various approaches to Grey & Black box security testing.
  • Conducted Dynamic and Static Application Security Testing (SAST & DAST)
  • Developed reports and presentations regarding Security activities.
  • Provided support for Security activities, including meeting agendas, memoranda, reports, or other documents using word-processing or other software systems such as Microsoft Word, Excel, Outlook E-mail, and Calendar system.
  • Assisted developers in re-mediating issues with Security Assessments concerning OWASP standards.
  • Learned how to independently resolve production issues through the troubleshooting of applications and components.
  • Identified vulnerabilities like SQL injection, XSS, CSRF relating to session management, privilege escalation and other logical issues.
  • Served as a Security engineer for multiple projects / Teams on a cross-functional team responsible for Vulnerability identity management.

Education

Master of Science -

Sacred Heart University
Connecticut

Bachelor of Science -

Alliance University
Bengaluru

Skills

  • Operating systems: Linux, Windows, and iOS
  • Programming languages: NET (C#), Java, HTML, JavaScript, C, Python, Golang, AngularJS
  • Source code analysis tools: HP Fortify, Checkmarx, IBM Source, Veracode, SonarQube, Coverity
  • Dynamic analysis tools: HP Web Inspect, IBM AppScan Standard, Acunetix, Burp Suite, OWASP ZAP
  • Penetration testing tools: Burp Suite, Kali Linux
  • Cloud security tools: Qualys, Okta, WhiteHat, Centrify, Nmap
  • API testing tools: Postman, SoapUI, Burp Suite
  • Library scans: Nexus, JFrog, Black Duck
  • Network security testing tools: Nmap, Metasploit, Nessus, Qualys Guard, SSLScan, and Wireshark
  • Proxy tools: Burp Suite, ZAP, Paros
  • Cloud infrastructure: AWS, GCP
  • Methodologies: Waterfall, Agile, RUP
  • Data processing: MS Excel, SQL, Minitab, SharePoint, and MS Access
  • Presentation and business modeling: Ms Visio, Ms PowerPoint, Visual Studio, MockFlow
  • Container security
  • Web application security and application risk assessment
  • API security & Open-source security
  • Threat modeling
  • Static code analysis
  • Web application security
  • Vulnerability assessment
  • Secure coding practices
  • API security testing
  • Cloud security management
  • Dynamic application testing
  • Security compliance standards
  • Penetration testing
  • Cloud security

Timeline

Application Security Engineer

Bank of America
10.2024 - Current

Application Security Engineer

AT&T
02.2024 - 10.2024

Software Security Engineer

Vanguard
01.2023 - 12.2023

Application Security Engineer

BlackBuck EV
08.2019 - 07.2022

Master of Science -

Sacred Heart University

Bachelor of Science -

Alliance University

Similar Profiles

CREATE PROFILE
SRIVIKAS RAMINEEDU