Zulin Kalathiya
Jersey City,New Jersey
Summary
Experienced Application Security Engineer adept at identifying and mitigating vulnerabilities within software applications. Skilled in collaborating with cross-functional teams, integrating security controls into SDLC, and implementing robust security policies. Proven ability to conduct secure code reviews, deliver training, and drive compliance with industry standards. Proficient in automating tasks and optimizing security measures.
Overview
4
4
years of professional experience
1
1
Certification
Work History
Application Security Engineer
UMG Recordings, Inc
11.2022 - Current
- Performing threat modeling, design, and security reviews for complex and high-value applications and services, ensuring early identification and prevention of security and privacy errors during development
- Collaborating with software engineers to identify and analyze security vulnerabilities, taking ownership of issues until resolution
- As part of a team, conduct security reviews of our new products, features, and solutions by deep-diving into code, reviewing security architectures, and running advanced security testing to ensure our innovations are secure from the ground up.
- Integrate security controls into the software development life cycle (SDLC) and contribute to building secure applications from inception
- Developing and implement security policies, procedures, and standards to ensure compliance with regulatory requirements and industry best practices
- Work closely with external security auditors and penetration testers to assess and enhance application and infrastructure security
- Take a leadership role in analyzing the security risk of applications, prioritizing issues, and assigning tasks to team members to achieve quarterly security goals
- Write a Python script to automate work and streamline most of our regular tasks
- Identify, set up, and maintain application security tooling, including static and dynamic scanning solutions (SAST and DAST) and reporting.
Application Security Engineer
Amazon
05.2021 - 11.2022
- Assessed vulnerabilities in external code dependencies, and guide development towards a more secure state
- Triaged findings from coordinated disclosure and bug bounty programs
- Provided security researchers a great experience by using our relationships with our product developers to help them prioritize and fix critical issues in a timely fashion
- Developed and delivered security training and outreach to internal development teams
- Supported engineers across the SDLC Life cycle as an Application Security Subject Matter Expert, including design reviews, threat modeling, code review, and penetration testing
- Developed a security baseline for applications and integrate it into the CI/CD pipeline using tools such as Blackduck, Snyk Gosec, and Bosco to support SAST and SCA
- Triaged vulnerabilities raised through static code analysis, software composition analysis, and penetration testing, as well as provide remediation guidance for the issues
Security Analyst
Early Warning Services
09.2019 - 05.2021
- Supported internal static (SAST) and dynamic (DAST) analysis, including web applications, web services, and cloud-hosted application assessments using Fortify, Checkmarx, Veracode, black duck, and dependency-check
- Conducted timely vulnerability scanning on engineering infrastructure using a nexpose scanner and report to the respective team with the mitigation
- Conducted timely Security Assessment for the product using techniques SQL Injection, XSS, Broken Authentication, etc
- Collaborated with architecture team to ensure that all applications and implementations are in line with security policy and are in compliance with the required frameworks (ISO, PCI, OWASP, NIST 800-53, etc.)
- Led a project to maintain product line dashboards for the entire security department to improve the visibility of about ~95%
- Enhancedexisting threat modeling tool, undertaking security and threat analysis, of different products, and working closely with the teams to implement countermeasures.
Education
Master - Cyber Forensics and Security
Illinois Institute of Technology
Bachelor of Technology - Computer Science and Engineering
Veltech University
Skills
- SAST - DAST - SCA
- Python
- SSDLC
- Security standards
- Security automation
- Threat modeling
- WAF
- Bug bounty
- NIST
- OWASP Top 10
- Web app pen-testing
- Secure coding training
- Many more
Certification
eLearn Security eWPTXv2
CompTIA Security+
CEH
Timeline
Application Security Engineer
UMG Recordings, Inc
11.2022 - Current
Application Security Engineer
Amazon
05.2021 - 11.2022
Security Analyst
Early Warning Services
09.2019 - 05.2021
Master - Cyber Forensics and Security
Illinois Institute of Technology
Bachelor of Technology - Computer Science and Engineering
Veltech University
Similar Profiles
Grace W.Grace W.
Assistant Customer Service Manager at UMG UK Taylor SwiftAssistant Customer Service Manager at UMG UK Taylor Swift
KEVIN GIBBSKEVIN GIBBS
Director of Promotion and Marketing at UMGDirector of Promotion and Marketing at UMG
Lukas KraußLukas Krauß
Research Associate at Universitätsmedizion Göttingen (UMG)Research Associate at Universitätsmedizion Göttingen (UMG)
Eliza CurtisEliza Curtis
Waitress/Busser/Dishwasher at Next Door ProvisionsWaitress/Busser/Dishwasher at Next Door Provisions
Anthony MoyaAnthony Moya
Parts Inventory Clerk at RandstadParts Inventory Clerk at Randstad