Professional summary

Senior level professional with over 12 years of application security architecture design and development experience using Java J2EE .NET XML appliances middleware and repository.

Experience summary

• Worked with different LOBs to incorporate application security architecture into existing or new web middleware ESB and mobile applications during SDLC process.
• Contributed in defining security roadmap standards and specifications for enterprise applications.
• Conducted application architecture review risk analysis threat modeling code reviews and suggested controls vetted changes for web middleware ESB and mobile application.
• Authored secure gateway using WAF various authentication authorization model content based routing and transformation using DataPower as ESB.
• Authored and demoed security patterns and practices and helped team to solve common repeatable vulnerabilities found after risk analysis static and dynamic code analysis.
• Influenced CISO EDs Directors stakeholders on application security architecture approach.
• Monitored through governance process using ticketing system KRIs and KPIs.
• Strong design and development background in JAVA J2EE ASP.NET SAML SPML WS-Security PKI Kerberos WAS plug-in S/MIME MDB JMS MQ JDBC and ESB applications.
• Created various security documents and operations manuals.
• MS Information Systems with focus on information security from mathematics department.
• Preparing for CISSP.

Technical Skills

Work Experience

Security Consultant Confidential

• Working as security consultant in Risk Management group to facilitate JPMC s global initiative for modern day access control mechanism.
• Interacted with stakeholders and vendors to prepare gap analysis RFP/RPQ/RFI.
• Prepared architectural and system design and tested through POC initiative.
• Architected and designed integration architecture of PKI module as service with that of existing infrastructure.
• Influenced senior management to adapt modern day approach on file transmission security over network without using symmetric key.
• One of the active and leading contributor to enterprise wide I AM policy.
• Directly interacted with vendors for evaluating vendor products.
• Reported status to senior management through meetings and presentation.
• Interacted with various infrastructure teams to achieve day-to-day goal.
• Application Security Architect Confidential
• Worked as application security advisory consultant to internal and external application development teams for securing applications.
• Conducted business and technical risk analysis and threat modeling of critical external facing systems identified application abuse and threats presented findings to LOBs suggested or retrofitted security controls verified and signed off on correct implementation.
• Assisted internal and external development groups by translating business requirements to appropriate security requirements and providing specific security solution for JEE .NET ESB and android applications during SDLC process.
• Performed static and dynamic code analysis using AppScan Qualys and code review of Java and .NET based applications and reduced threat surface by eliminating weaknesses.
• Mentored junior team members auditors application developers on application integration security protocols and code level security.
• Authored and demoed security patterns and practices secure coding standard cryptography proper use of security protocols to help team and application development teams to fix common repeatable vulnerabilities attack vectors attack methods found in applications.
• Influenced senior management including CISO MDs and EDs on adapting security controls like Kerberos as SSO for internal applications WAF for external applications minimum PII invasion and securing transaction at rest.
• Evaluated security products and discussing product details with vendors.
• Contributed to security roadmaps to address top level risks and drive implementation across multiple teams.

Sr. SOA and Security Architect Confidential

• Worked as SOA and security architect in a matrix model to provide security framework and specific design for highly complex integration initiative along with new application development including mobile consumer application.
• Interacted with different LOBs to access and understand the application architecture existing security feature and existing hosting environment to propose a unified solution.
• Designed security gateway for all types of authentication and authorization models along with confidentiality content based message routing and transformation using DataPower as ESB to integrate disparate systems.
• Designed security controls for both services and consumer for .NET and Java and mobile applications.
• Performed static and dynamic code analysis and code review of Java and .NET and ESB based applications and reduced threat surface by eliminating weaknesses.
• Developed automated security test plans for web services security verification for QA team with using soapUI.
• Proposed innovative approach to reduce latency maintenance cycle by reducing hops.
• Evaluated vendor application security framework before connecting to enterprise network.
• Mentored junior team members in secure development and testing using AppScan.
• Contributed to MSSB infrastructure and data confidentiality related security initiatives.
• Helped in preparing SOW and SLA with vendor for purchase and support agreement.
• Created security roadmaps to incorporate different security feature along with infrastructure component integration across multiple platforms in phases.
• Managed support team based on onsite and off-site model.

Senior System Analyst Security SME Confidential

• Worked as lead security SME within IBM DataPower support group. Helping customer resolve security related design issues. Setup lab and build POC to help customer understand problem and apply correct security protocols and principles and other popular framework/architecture using DataPower.
• Worked as security SME for IBM s DataPower support group.
• Responsible for handling fortune 100 and federal government clients on DataPower related security development and configuration issues.
• Provided architectural and security design support either through POC or fixing broken applications for DataPower ESB.
• Saved time money with simple creative solutions by reusing existing infrastructure components cutting down on extra hops processing time and architectural bottlenecks.
• Mentored and trained junior and senior team members on fundamentals of security.
• Created enhancement request or bug reports and following on them till closure.
• Presented topics on data and communication security to support and professional service group.
• Authored various security integration standards and POCs as TAM WS-Security using Java and .NET SPNEGO using .NET API.

Professional Services Consultant Confidential

• Worked as professional services consultant to integrate TriCipher s flagship product Armored Credential Systems into enterprise environment. This system was used as front-end application to add extra strong authentication layer to authenticate end users that access enterprise service.
• Discussed authentication requirements and details about system architecture with stakeholders and translated requirements into specific architectural implementations.
• Defined scope for each development phase designed and implemented/customized strong authentication authorization application using SAML/X.509 profile and J2EE framework using agile process.
• Designed and implemented .NET and J2EE web services and consumer for integrating existing and new application.
• Deployed and tested the web application and web services using wireshark and soapUI.
• Actively involved in project estimation sow project scheduling.
• Update senior management about the progress and for any bottleneck.
• Gap analysis for capacity planning root cause analysis for resolving issue.
• Installed and configured appliance in data center.
• Managed onsite project onsite offsite resource and building relation with client.
• Detail time reporting for all resources engaged for billing purpose to client.
• Architect for Security Design Confidential
• Worked as security architect for Medco on a pilot project to expose Medco s legacy dispensing application on mainframe via web service.
• Active member for planning and development of the enterprise system.
• Defining scope of various phases proposing alternate solutions to achieve goal.
• Working on SiteMinder for web tier authentication and authorization.
• Framework architecture and SME for web services security.
• Implementing web service and helping client to develop consumer.
• Interacting with other groups for integrating this outbound component.
• Consultant SME Information Security Confidential
• Worked as SME for security component of CitiDirect application. Managed and maintained this S/MIME PKI based security component which interacted with more than five components of the CitiDirect application.
• Interacting with worldwide CitiDirect application user for making them understand the security feature of CitiDirect.
• Responsible for maintenance of server side and client side code.
• SME for confidentiality integrity non-repudiation secure communication.
• Implemented authentication mechanism using X.509 PKI.
• Implementing SSO provisioning using SAML WS-security and SPML.
• Working with vendor to implement/integrated DataPower into CitiDirect.
• Implementing SiteMinder SSO on UNIX using SunOne Directory server.