| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
DevSecOps/DevOps ENGINEER (Sr. Technology Specialist)EMAIL AVAILABLE LINKEDIN LINK AVAILABLEPHONE NUMBER AVAILABLECAREER SNAPSHOTCloud Security & DevSecOps Engineer with expertise in DevSecOps, Cloud Security, Security in Shift Left, IT Security, SAST/DAST models, Threat Modelling and Control Assessments. Working as a Certified Scrum Master/WebLogic Admin/DevOps Engineer, Including Python Selenium Browser Automation, Middleware Admin with Masters degree in computer science.oOver 18+ years of IT experience include web and client server application development using Java and J2EE, Service Operations, Build & Release engineer, and Scrum Master Activities.oAccomplishing 6+ years of experience in providing solutions and consulting in Cloud and IT Security and Healthcare domains.oExperienced Scrum Master leading multiple AI projects, driving agile transformation and delivering successful products.oWorking experience with Oracle Cloud (OCI), Azure and exposure to AWS and GCP.oWorking experience on various CI/CD environments and tools like Checkmarx, Git, GitHub, GitLab Jenkins, SonarQube, JFrog.oKnowledge in Security Governance, Risk and Compliance, Application Security, Infrastructure Security, Data Security or Identity & Access Management, BCP/HA-DR.oAssisted in developing Kubernetes manifests and Helm charts, contributing to 20% reduction in deployment complexities.oParticipated in a key project for setting up observability stacks using Prometheus and Grafana, which improved SLA adherence by 99%.oEnabling Azure Defender on subscriptions to protect our Azure and hybrid resources to protect management ports of VMs with Just-in-time and adaptive applications controlsoCollaborated with a team to streamline the CI/CD process, reducing build times by 25% while ensuring zero-downtime deployments.oExpertise with SSL certs management and configuring applications leveraging the industry standard SSL certs and trusted CA.oExperience working on security assessments, metrics, reporting of applications and infrastructure to IT teams.oWell versed in handling and maintaining cloud SAAS environments in Unix and Windows servers.oGood knowledge in implementing Pipeline as Code using Groovy Script.oResponding to alerts from monitoring systems like Grafana, EM and Nagios.oPossess strong communication, leadership, team management, analytical and relationship management skills.Security Technologies : Firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), SIEM, Antivirus, DLPSecurity Frameworks : ISO PHONE NUMBER AVAILABLE, NIST, COBIT, PCI DSS, GDPR, HIPAASecurity Tools : Wireshark, Nessus, Qualys, Burp Suite, Metasploit, Snort, Microsoft DefenderProgramming & Scripting : Python (Intermediate), Bash (Proficient), PowerShell (Intermediate), SQL (Intermediate), Java.CORE COMPETENCIESSAST : SonarQube, Checkmarx, Jenkins, Snyk, Jenkins, AppCircleDAST : Invicti, Tenable.io, PrismaCloud, JFrog, Acunetix,Containers : Dockers, Kubernetes, TerraformGood Knowledge : Jira, Maven, Ansible, Grafana, HashiCorp Vault, Istio, Venafi, Cyberark, UnixWORK EXPERIENCEas a DevSecOps Lead / Security Engineer March 2023 PresentLocation: Currently in US from 22nd June 24Duties:Conducted thorough penetration testing, revealing 15 system vulnerabilities that were patched, improving system security by 70%Spearheaded the implementation of cloud security solutions to protect sensitive data.Led a department of 12 in maintaining robust security systems, minimizing downtime to under 1%Implemented SAST - Configured SonarQube and Checkmarx scan using a Jenkins/AppCircle job over GIT repo.Implemented AI-driven ticket reduction by 80% and enhanced DevSecOps practices through SAST, DAST, and vulnerability management tools.Led a cross-functional team of 10 engineers to address security vulnerabilities, resulting in a 60% decrease in critical security flaws within 6 months.Co-ordinating with the respective Dev teams to remediate the issues/bugs/vulnerabilities found in Sonar report.Implemented DAST Configured Invicti tool to scan the web application.Also as part of DAST implementation have used JFrog for container scan, Prisma Cloud for Cloud resource scan.Used Tenable.io to check for the vulnerabilities.as a DevSecOps Engineer July 2020 Mar 2023Location: Hyderabad, India (offshore)Duties:Design and Architect Engineer in Shift-Left.Executed a security automation strategy using AWS Lambda and CloudFormation, saving the team 15 hours per week in manual monitoring tasks.Led vulnerability assessments and penetration testing efforts, reducing the number of high-risk security vulnerabilities in corporate infrastructure by 40%.Collaborated with developers to secure application software, leveraging code analysis tools to reduce software vulnerabilities by 22% across all projects.Have used GitLab primarily as a code management tool.Working for a Banking domain where security is the topmost concern.Configured Kubernetes for container orchestration.HPSA tool for executing the scripts parallel on multiple VM's.Certificate Management using Venafi tool.Implementing various security policies on servers part of Quality Remediation.as a Scrum Master/DevSecOps Engineer/Oracle Web Logic Admin in Cloud SAAS April 2013 February 2020Location: Hyderabad, India (offshore)Duties:Proficiently organized and facilitated daily scrum, sprint reviews, retrospectives, sprint and release planning.Involved in writing Python scripts for automating few of the daily tasks.Supported the security team in monitoring network traffic for anomalies, contributing to the detection of 10 potential security breachesMonitoring and supporting 1000+ Fusion and Hyperion customer environments with the aid of EM tool.Patching activities in Hyperion environments and primary goal of restoration of EPM/PBCS services.Deal with Incident management activities over the outages.Restoring the services of WebLogic and Database within the stipulated time.Monitoring the servers health with the aid of Enterprise Manager tool.Ensuring that the goals of the Incident Management process achieved; restoring normal service as soon as possible based on customer perspective and within defined SLA.Detecting, logging, categorizing and prioritizing incidents and providing initial incident support.Closing incidents after verification from users; defining and planning separate procedures for major incidents.as a Delivery Manager June 2011 April 2013Location: Hyderabad, India (offshore)Solving tickets/issues raised by developers and testers.Deploying the applications on multiple App server instances and maintained Load balancing, High availability and Fail over.J2EE application deployment and administration including WAR and EAR files.as an IT Consultant September 2010 April 2011Location: Hyderabad, India (offshore)Worked as a Weblogic administrator for an e-commerce application.as a Sr. Software Engineer November 2005 August 2010Location: Hyderabad, India and Malaysia(2009-2010).Worked as Java/J2EE engineer and as a Team Lead for the security product IAM.Also have implemented the project at the client location KL, Malaysia.PROJECTSMWS RemediationPDIT Cloud SAASAlere Health careNEOB2W IAM (Identity Access Management)Digi EvidenceBHEUU E-Insolvensi Security InfrastructureCERTIFICATIONSCertified Data Protection Officer (CDPO)AWS Security EngineerMicrosoft Azure Fundamentals (AZ-900)Oracle WebLogic 12c Admin.Oracle WebLogic 10g Admin.Certified Oracle Cloud Infrastructure AdminCertified Scrum MasterCertified ISO 27701 Lead AuditorCertified Chief Risk OfficerITIL V3 CertificationAwardsPDIT award (Oracle SAAS), Star Performer Award (Virtusa)EDUCATIONMaster of Computer Applications, 2005 Osmania University, IndiaBachelor of Computer Science, 2002 Osmania University, India |
