Antara Maheshwari
Bengaluru
Summary
Software engineer with over 3.5 years of experience integrating security into the SDLC.Skilled in automating SAST, DAST, and SCA tools (Checkmarx, SonarQube, 42Crunch, FOSSA) within CI/CD pipelines.Proficient in cloud-native security with GCP and secret management tools like Secret Manager and CredHub.Strong in Java developmentand API testing (Postman).
Overview
4
4
years of professional experience
Work History
Software Engineer
Tech Mahindra
08.2022 - Current
- Implemented FOSSA SCA (Software Composition Analysis) in the development workflow, remediating 100% of critical license and security violations.
- Integrated SAST tools (Checkmarx, SonarQube) into the CI/CD pipeline to automatically detect and resolve code vulnerabilities during development, reducing security issues by 70%.
- Elevated API security by spearheading DAST using 42Crunch and Postman, achieving an 85% security score and exceeding the company's initial target of 75% for the fiscal year.
- Configured automated scans to identify code smells, insecure coding patterns, and OWASP Top 10 vulnerabilities, ensuring secure and compliant builds.
- Automated build and deployment using OpenShift Pipelines (Tekton), integrating static/dynamic security scans and open-source compliance checks, and rapid delivery in a containerized environment
- Migrated hardcoded secrets to GCP Secret Manager, implemented IAM policies to secure access, and integrated secret retrieval in CI/CD pipelines for secure deployments across environments.
- Performed manual secure code reviews to identify vulnerabilities, code smells, and insecure coding practices, ensuring compliance with OWASP and security best practices.
Associate Software Engineer
Tech Mahindra
09.2021 - 08.2022
- Migrated encrypted passwords to CredHub, strengthening security and compliance measures.
- Resolved cycode issues of all severities, addressing 70% of high and critical cases.
- Integrated 42Crunch API security scan into workflow, resulting in a security score of 85.
- Reviewed dependencies to rectify FOSSA scan issues, ensuring license compliance.
Education
Bachelor of Technology - Information Technology
Dr B C Roy Engineering College
08-2021
Skills
Java
Spring Boot framework
JIRA management
PostgreSQL
Static application security testing
Software composition analysis
Dynamic application security testing
Google Cloud Platform
Secure code review
Timeline
Software Engineer
Tech Mahindra
08.2022 - Current
Associate Software Engineer
Tech Mahindra
09.2021 - 08.2022
Bachelor of Technology - Information Technology
Dr B C Roy Engineering College