Durga Surya Kumar Simma

Develop and implement comprehensive security strategies and policies to ensure the protection of the Coupa assets.

Primarily responsible for overseeing the security operations and Application Security Engineering efforts for Coupa.

Oversee the recruitment, training, and supervision of the security team, ensuring they are well-prepared to meet the organization’s security needs.

Conduct risk assessments and security audits to identify vulnerabilities, and implement corrective actions to mitigate risks.

Direct and/or perform ongoing vulnerability assessments, penetration tests, and application and network security scans.

Ensure the development, testing, and implementation of appropriate security plans, products, and control techniques.

Develop and maintain security plans and best practices for all system facilities and associates throughout the BU.

Work in partnership with internal infrastructure teams, including Legal and Compliance, Technology, Operations Risk and Control teams, external regulators, and exchanges.

Provides research, analysis, coordination, publishing, and briefs on security threats, non-technical risks.

• Oversaw security for applications and engineering processes at Experian Services India Pvt. Ltd.
• Implemented robust security measures to mitigate cyber threats and vulnerabilities.
• Led secure coding practices and security tooling to safeguard application integrity and confidentiality.
• Conducted security assessments and audits to identify gaps, ensuring compliance with industry standards.
• Collaborated with cross-functional teams to integrate security into software development lifecycle.
• Developed training programs on application security best practices for engineering teams.
• Managed DecSecOps operations to integrate security tooling within CICD pipelines.
• Directed a team of 40 in-house AppSec professionals, enhancing the Global AppSec Program.

• Designed and implemented security solutions to protect digital assets and customer data.
• Conducted secure SDLC and design reviews to ensure robust application security.
• Performed threat modeling for all Finacle developments, identifying potential vulnerabilities.
• Reviewed code using Checkmarx and Veracode to enhance software security.
• Collaborated with stakeholders across squads to implement secure solutions.
• Facilitated vulnerability remediation processes for developers to address security gaps.
• Executed white-box application assessments, including DAST, SAST, and penetration testing.
• Conducted API security reviews utilizing Postman for comprehensive security validations.

• Lead Blue team for Trading client in US and a team of 15 testers.
• Manage & mentor Application Security/Pen-testing program for clients.
• Security audits performed for multiple clients across Banking, Investment & Finance domains.
• Worked on DevSecOps initiatives.
• Rewarded by multiple clients.

• Executed extensive work on SAST and DAST programs for Discover Bank.
• Collaborated with developers to address code review defects.
• Facilitated incremental scans alongside development team.
• Authored white paper on cybersecurity trends across various industries.