Mahesh T

• Leading Security by Design and Privacy initiatives, emphasizing a proactive approach to safeguarding products and customer data with a strong focus on Zero Trust Architecture
• Understanding business objectives and translating them into security requirements
• Conducting security assessments to identify vulnerabilities and recommend appropriate security measures
• Agile threat modelling and Security Architecture Review performed in collaboration with cross-functional teams of Product & Engineering teams
• Participation in Change Management Requests (CMR) and Change Advisory boards(CAB) to review critical changes to Production environment as part of accountability in governance processes
• Writing Business Logic Security Test cases, Managing Vulnerability Assessment and Penetration Testing Engagements for Web, API, Mobile Applications and Infrastructure with strong emphasis on PCI-DSS and Privacy compliance requirements
• External Attack surface reduction with identifying, monitoring, and managing external-facing assets and vulnerabilities along with Dark Web Threats, Brand Monitoring, and Data Leak Monitoring
• Achievement in improving application security posture and automating CI/CD security testing frameworks which achieved 25% reduction in time-to-market
• Expertise in Security Tooling by Evaluating, Integrating, Optimising & Maintaining Security Tools for SAST, SCA, Secrets Scanning, FOSS and DAST as part of DevSecOps
• Continuous Security Standards based on CIS/NIST Guidelines
• Implemented Centralised Vulnerability Tracking & Remediation using DefectDojo
• Rolled out best practices for application security, identity and data protection across software development life cycle and developer platforms
• Adherence to Best Practices and Compliances such as AWS Well-Architected Framework and PCI-DSS
• Experience in wide range of AWS Security Services including EC2, ELB, Security Groups, VPC, IAM, S3, RDS, EKS, CloudTrail, GuardDuty and AWS Security Hub to secure cloud environments using AWS technologies
• Container and Kubernetes Security to secure modern cloud-native architectures
• Leading PCI-DSS and SOC2 Audits for compliance management, ensuring adherence to industry standards and regulatory requirements
• Defined Risk Exemption Process as a proactive approach to risk management, enabling Zeta to make informed decisions about risk acceptance or mitigation
• Developed Standard Operating Procedures (SOP) to standardise security practices and procedures, ensuring consistency and efficiency in security operations
• Performed Internal, External Audits and Documented Policies & Procedures as per security standards such as NIST, PCI, and RBI guidelines to maintain a secure and compliant environment, while also enhancing internal controls and governance mechanisms
• Conducting security training and awareness programs for employees and clients to promote a culture of security awareness, empowering stakeholders to identify and early mitigate security threats effectively

• Aligned security initiatives with business goals by collaborating with cross-functional teams and business leaders across departments
• Effectively managed security budgets for the right security tools and resources
• Established Security Testing Processes across the organization resulting in a significant reduction in security defects that were detected during the Pen Testing Regular and Pre-Release Assessments of Web, Network and Mobile(Android/iOS) Projects
• Conducted security architecture reviews, resulting in a 40% success rate with early detection of vulnerabilities in the SDLC
• Trained Security Champions, resulting in a 20% reduction in vulnerabilities and establishing a culture of security awareness and responsibility
• Developed security checklist, best practices and guidelines to ensure the security of the Rakuten products
• Built and managed a top-tier penetration testing team with suitable career paths for the members.

Single point of contact (SPOC) for all Client Security activities

• Discovered & Exploited OWASP Top 10 Vulnerabilities, especially on SQLi, XSS etc
• Weekly Security Meetings with CTO and Senior Management
• Worked with Dev team for the Security Solution Implementation using Antisamy and other Mobile RASP Solutions
• Training to Engineering Teams.
• Multiple onsite visits to the US for critical feature security requirement gathering and architecture review.

• Developed applications with IBM Lotus Notes
• Application Security of the Deliverables made to GE Healthcare(GEHC)
• Secure Coding Training and SAST Plugin Creation
• Internal Audit & Governance as per the GEHC controls.