Durga Surya Kumar Simma

Work with the Application Security Director (Global Product and Cloud Security) and peers to provide effective strategy for Application Security, including static scanning (SAST), dynamic

scanning (DAST), Interactive Application Security Testing (IAST), Runtime Application Self Protection (RASP), Software Composition Analysis (SCA) and Penetration Testing Engage with CTO’s and CIO’s to ensure strategy is understood agreed and implemented across all Experian Regions.

Develop and implement strategy for an effective DevSecOps champion community

Ensure that Vendors provide best possible service. Lead education and awareness strategy, design and rollout for Development community.

Identify new and emerging threats and address strategically and tactically as required.

Provide guidance in the value delivery of Experian Penetration testing Program.

Lead a team of 25 in-house penetration testers and responsible for the Penetration testing Global Program.

Technical support and coaching the team to enhance their skill set.
Champion and own Policy improvements based on feedback from customers and department managers.

Implement solutions to scale security testing and enable engineering teams to identify security flaws and vulnerabilities prior to production.

Technical support and management of Application Security Program.

Serving as SME all Penetration Testing activities to address and resolve flaw findings.

3rd Party Vendor Management.

Review Legal & Compliance requirements for Penetration Testing.

Plan the assessments based on GDPR & CERT-IN Regulations.

Liaise with Senior Management on Penetration testing roadmap and budgeting.

Secure SDLC/Design Reviews

Perform Threat Modelling exercise for all Finacle developments.
Review the code using automated tools Checkmarx & Veracode.
Worked on multiple Security Tools in DAST SAST IAST & container security space
Discuss with stake holders from different squads and implement secure solutions
Vulnerability remediation for developers
Whitebox application assessments- DAST, SAST & Penetration testing
API security reviews using Postman
Log Review - App & Server log analysis and monitoring
PCIDSS - card data secure design reviews
Travel with product team & participate in Agile Scrum calls, retrospect calls.
Drive product security from design phase.

Lead Blue team for Trading client in US and a team of 15 testers.

Manage & mentor Application Security/Pen-testing Program for clients.

Security audits performed for multiple clients across Banking, Investment & Finance domains.

Worked on DevSecOps initiatives

Rewarded by multiple clients

Worked extensively on SAST and DAST programs for Discover bank.

Working sessions with developers on Code review defects.