This page was automatically translated and may contain errors. View in English.
SK

Sai Kumar

Application security Engineer

Hyderabad, Telangana, India

@sai591

0 followers

Looking for jobs

About

Application Security Engineer with 7+ years of experience in Application Security, Secure SDLC, DevSecOps, Cloud Security and Vulnerability Management. Skilled in Threat Modeling, Secure Code Reviews, SAST, DAST, SCA and security automation, with hands-on experience integrating security into CI/CD pipelines using GHAS, and Wiz CI. Strong collaborator with engineering teams, experienced in leading Security Champion programs, conducting secure design reviews and embedding security throughout the software development lifecycle to enable secure software delivery.

Experience

  • Application Security Engineer
    DAZN software pvt ltd · Hyerabad
    — – Present

    • Conducted secure code reviews and STRIDE-based threat modeling across 50+ applications. • Identified critical vulnerabilities including XSS, SQL Injection, and insecure configurations. • Performed secure code reviews for Java, .NET, and JavaScript applications using SAST and cloud security tools. • Leveraged Wiz threat intelligence to continuously monitor and remediate emerging vulnerabilities across organizational cloud environments. • Performed application security assessments using BurpSuite, Wiz,GHAS and Nullify (AI-based security testing tool). • Integrated SAST and cloud security scanning into CI/CD pipelines, enabling early detection and remediation of vulnerabilities. • Applied risk-based vulnerability management aligned with OWASP Top 10 and business impact prioritization. • Leveraged JFrog Artifactory for centralized repository management and JFrog Xray for software composition analysis (SCA) and vulnerability scanning of dependencies. • Enhanced cloud security posture using Wiz by identifying misconfigurations, vulnerabilities, and attack paths. • Supported internal & external audits by providing security documentation, ensuring ISO27001 compliance. • Administered Checkmarx Dev Assist platform, managed user onboarding, and promoted adoption through Security Champion meetups. • Used Coralogix for log verification and application monitoring to support troubleshooting and validation. Environment: Wiz Cloud Security Platform,GitHub Advanced Security (GHAS), AWS (WAF, IAM), Azure (Active Directory), GitHub Actions, ASP.NET, C#, Java, Python, JavaScript, Burp Suite, Checkmarx, , JFrog Artifactory, JFrog Xray, Coralogix, Nullify, JIRA, VS Code, GitHub, Checkmarx Dev Assist

  • Security Engineer
    Pole to Win International Pvt Ltd · Hyderabad
    Feb 2022 – May 2023

    • Performed application security operations including triage, detection, incident analysis, remediation, reporting. • Managed vulnerability remediation for 30+ applications aligned with OWASP Top 10 risks. • Contributed to Security Champion programs, improving secure coding awareness and developer engagement across teams. Supported penetration testing activities and validated security fixes. • Conducted continuous monitoring of logs, security events and vulnerability data across 40+ applications. • Performed secure code reviews and static analysis for .NET and Java applications using Checkmarx and Fortify. • Automated security tasks using Python scripting, improving operational efficiency. • Produced security reports and risk assessments for management and client stakeholders. • Participated in Agile/Scrum ceremonies and coordinated security triage activities. • Collaborated with App teams to walk through, gather control design requirements, bring to closure control issues Environment: Checkmarx, Fortify, Java, Python, .NET, Oracle, GitHub, JIRA, Bug Bar, VS Code

  • Tech Operations Sr Analyst
    Wells Fargo International solutions Pvt. Ltd · Hyderabad
    Apr 2020 – Feb 2022

    • Performed SAST on applications built in .NET, Java, and Python to identify code-level vulnerabilities. • Analyzed, tracked vulnerability findings, prioritized risks, and coordinated remediation with development teams. • Utilized Audit Workbench to triage, verify, and report security issues to stakeholders. • Collaborated with teams to ensure timely remediation and alignment with secure coding standards. • Vulnerability Management Platform: Thread fix for tracking of vulnerabilities by risk, mitigation plan, remediation Environment: SAST Tools (Checkmarx/Fortify), Audit Workbench, SQL, .NET, Java, Python

  • Jr. Engineer Development
    VSoft Technologies Pvt. Ltd · Hyderabad
    Mar 2018 – Apr 2020

    • Collaborated with business analysts, developers, and stakeholders to deliver application features. • Implemented business layer components in C#.NET by Coordinating with 3+ teams via Story-based development • Designed and implemented 100+ C# classes and 20+ frontend modules in ASP.net. • Created 50+ business modules and test cases for application functionality. • Built client-side validation using JavaScript for 30+ web pages. • Designed modules of the application in ASP.NET and engaged in writing more than 100+ C# classes • Developed ADO.NET components for database integration with SQL Server and Oracle. • Integrated third-party libraries such as Syncfusion and Crystal Reports for 20+ modules Environment: ASP.NET, C#, .NET Framework 4.7/4.5, ADO.NET, JavaScript, Visual Studio, SQL Server, Oracle, Agile

Education

  • B.Tech
    Khammam institute of technology and sciences · JTUH
    ECE · Aug 2013 – May 2017

Skills

Projects

  • Security initiative - Enterprise npm Supply Chain Security (JFrog Artifactory)

    Enterprise npm Supply Chain Security (JFrog Artifactory) – Led a security initiative to centralize all npm package downloads through JFrog Artifactory, eliminating direct access to the public npm registry and improving software supply chain security, dependency governance, and vulnerability management.

🗣️ Languages

  • English · Fluent

🎯 Hobbies & interests

  • Playing chess

Explore the Broxer community

பதில் வேண்டுமென்றால் இதை அப்படியே விட்டுவிடுங்கள் — நாங்கள் இதை வேறு எதற்கும் பயன்படுத்த மாட்டோம்.

உலாவ கிளிக் செய்யவும்இழுத்து விடுதல், அல்லது பசை ஒரு ஸ்கிரீன்ஷாட்

PNG, JPG, GIF, MP4, WebM, MOV · ஒவ்வொன்றும் அதிகபட்சம் 20MB · 5 கோப்புகள் வரை

🤖
ஆன்லைன் · உடனடி AI உதவி