tushar

Compliance Leadership: Spearheaded initiatives to achieve PCI DSS, SOC 2, ISO 27001 and RBI SAR certifications Team Management: Lead a lean team focused on Application Security, Cloud Security, Compliance, and Security Operations Center (SOC). Automation Projects: Developed automated systems for subdomain takeover alerts and segmentation penetration testing, significantly reducing manual efforts and enhancing efficiency. Data Protection: Implemented Digital Personal Data Protection Act, automating data discovery, categorization, deletion, and access management. AWS & Kubernetes Security: Collaborated with DevOps to enhance AWS and Kubernetes security, resolving critical security issues. CI/CD Pipeline Security: Integrated SAST and SCA tools into CI/CD pipelines to prevent insecure application code and cloud resources from reaching production. SIEM Management: Managed Coralogix SIEM Tool, integrating logs from various sources and setting up alerts for insecure behavior & patterns. Security Culture: Fostered a security-first culture by implementing prevention and alert mechanisms, conducting training sessions and regular security discussions. Lead Connect Initiative: Initiated regular meetings with leads to discuss open security issues and upcoming projects, ensuring secure development without hindering startup agility. Product Security: Performed Business Requirement & Tech Design Review, Threat Modelling, Source Code Review, VAPT, Data Security and WAF for multiple applications.

Application Security Leadership: Managed the application security, leading a team and overseeing critical security projects. Vulnerability Assessments: Conducted comprehensive VAPT of more than 50 Web and Android Applications. Automation for Security Management: Developed systems to track open security issues, assign responsibilities, and automate reminders. Collaboration: Scheduled biweekly meetings with team leads to address security issues and collaborated with external and global teams for VAPT. API Security with Akamai: Implemented rate limiting and preventive rules on APIs using Akamai WAF. Data Security Automation: Automated discovery of PII information in public S3 buckets. Fraud Investigation: Investigated and resolved fraud incidents, implementing preventive measures. Infrastructure Security: Enhanced AWS cloud security and integrated Atlantis for IaC using Terraform to streamline DevOps processes.