Anoma Barua
Bangalore
Summary
An application security specialist who has earned the CEH and ECSA certifications and has 7 years of expertise in web application penetration testing, threat modelling, security architecture assessment, security hardening, cloud security (AWS), and compliance with DPP, PCI-DSS, HIPAA, and NIST standards. worked on several projects including security audits, assessments, corrections, and improvements for different cloud and online platforms. having knowledge of javascript and the .net framework.
Learning new technology, developing new skills, and keeping up with the most recent security developments and dangers are all things that I am interested about. Investigating security flaws and coming up with creative ways to protect the data and apps is something I like doing. Delivering superior security services and goods that satisfy the demands and expectations of our clients and business partners is my main priority.
Overview
7
7
years of professional experience
1
1
Certification
Work History
Senior Security Engineer
Informatica Business Solution Pvt Ltd
09.2022 - Current
- Implemented necessary controls and procedures to protect information system assets from intentional or inadvertent modification, disclosure or destruction by introducing Threat Modeling and Security Architecture review process across the organization.
- Worked with teams to develop company-wide information assurance, security standards and procedures.
- Played key role to perform Threat modeling and security architecture for core products by creating DFD , identify threats following ACT model and arranging regular Threat modeling - architecture workshops with leadership teams on cross-platform engagements.
- Preferred security standards : CWE, CAPEC and MITRE to Conduct risk assessments to identify potential vulnerabilities and develop mitigation strategies.
- Worked closely with product team to understand the epic stories and gaps among them to bring out the hidden threats
- The role require knowledge of multiple Cybersecurity domains not limited to application security also Cloud security, Identity & Access Management, Security Monitoring, Network security, Security hardening.
- Knowledge of Kubernetes and Container security measures was also needed for this role
- To ensure the security of the products, further extended responsibilities include application penetration testing and TM finding confirmation aligned with OWASP security standards.
- Validate vulnerabilities related to OSS components and SAST scans reported using CI/CD pipeline structure.
- Authored security and vulnerability reports, detailing logged incursions and suggesting remediation efforts.
- Maintained strict adherence to regulations such as DPP , GDPR , HIPAA, PCI – DSS and NIST data security standards.
- Conducted security audits to identify vulnerabilities.
- Recommend improvements in security systems and procedures.
Application Security Expert T2
SAP Labs India Pvt Ltd,
06.2019 - 09.2022
- Participated active penetration testing, reporting and providing remediation for applications ( cloud / On prem ) with respect to OWASP security standard.
- Responsible for aligning products with DPP , GDPR , HIPAA, PCI – DSS and NIST security standards.
- Responsible for conducting Threat modeling workshops and creation of detailed report.
- Built Bug bounty programs for requested products.
- Identify vulnerabilities related to OSS components and SAST scans
- Responsible for performing detailed code scan using fortify security tool.
- Experience on AWS , Kubernetes and container security.
Developer | Application Penetration Tester
PwC,India
07.2016 - 06.2019
- Developed PwC internal application using .net. Based on the requirements on sprints worked on html & bootstrap modification.
- Moved to application penetration testing for all PwC global projects. Performed active testing and audited the security code scans. Followed OWASP 10 as a standard to report the issues with proper remediation guide.
- Recommended security improvements to achieve system confidentiality, integrity and availability.
- Developed risk assessment reports to identify threats and vulnerabilities.
- Conducted and participated in annual disaster recovery exercises.
Education
Bachelor of Engineering - Computer Science And Engineering
IIEST, Shibpur
Kolkata05.2016
Skills
Application security
Code scan review
Threat Modeling
Security Architecture review
SAST scan review
Security hardening
Cloud security ( AWS )
CI/CD architecture
SAST & OSS Tools : Fortify,Checkmarx,
Whitesource, Protecode
Security Tools used : Lucid chart,Burp, Zap, Nessus, Nmap, Echomirage, MsfConsole, MsfVenom, Medusa, GIT,Kali, Metaspoit, Wireshark, WebInspect, NMAP
Certification
CEH, ECSA
Timeline
Senior Security Engineer
Informatica Business Solution Pvt Ltd
09.2022 - Current
Application Security Expert T2
SAP Labs India Pvt Ltd,
06.2019 - 09.2022
Developer | Application Penetration Tester
PwC,India
07.2016 - 06.2019
Bachelor of Engineering - Computer Science And Engineering
IIEST, Shibpur
CEH, ECSA
Similar Profiles
Reddi Bharadwaj BaddeReddi Bharadwaj Badde
Senior Consultant at Informatica Business Solutions Pvt. Ltd.Senior Consultant at Informatica Business Solutions Pvt. Ltd.
Pushkar JainPushkar Jain
Associate Software Engineer at Informatica Business Sultions pvt. ltd.Associate Software Engineer at Informatica Business Sultions pvt. ltd.
Soumitra PathakSoumitra Pathak
Principal Quality Assurance Engineer at Informatica Business Solutions Pvt Ltd.Principal Quality Assurance Engineer at Informatica Business Solutions Pvt Ltd.