Manoj Sajwan
Summary
Seasoned Application Security Leader with over a decade of experience driving enterprise-wide security programs in the financial services sector. Proven expertise in designing and executing application security strategies, integrating DevSecOps practices, and leading the adoption of SAST, DAST, IAST, and SCA tools to enhance vulnerability detection and reduce remediation timelines. Adept at collaborating with business, technology, and risk stakeholders to align security initiatives with regulatory frameworks including FINMA, ISO 27001, and NIST. Recognized for building and mentoring high-performing security teams, fostering a shift-left culture across development groups, and transforming security into a business enabler. Skilled in executive reporting, risk management, and incident response, with a strong track record of reducing vulnerabilities, improving compliance posture, and safeguarding mission-critical applications.
Overview
19
19
years of professional experience
Work History
Associate Director – Application Security
UBS
11.2024 - Current
- Led the enterprise-wide application security program, embedding security into SDLC and DevSecOps pipelines, reducing critical vulnerabilities across 500+ applications.
- Directed adoption of SAST, DAST, IAST, and SCA tools, improving vulnerability detection and remediation efficiency by 40%.
- Partnered with business and technology leaders to define secure design standards, aligning with regulatory frameworks (FINMA, ISO 27001, NIST).
- Championed threat modeling and secure architecture reviews for high-risk applications, strengthening UBS’s defense against advanced cyber threats.
- Built and mentored a high-performing team of application security engineers and analysts, fostering a culture of innovation and accountability.
- Collaborated with developers and product teams to accelerate secure coding practices, reducing recurring vulnerabilities in production by 35%.
- Provided executive-level reporting on application security posture and risk metrics to CISO and risk committees, enabling informed decision-making.
- Drove incident response and vulnerability remediation initiatives in coordination with SOC, reducing mean time to resolution (MTTR) for application security incidents.
- Evaluated and integrated modern security tools and practices, ensuring UBS stayed ahead of evolving cyber risks.
Global Investment Bank
02.2021 - Current
- Company Overview: Switzerland
- Integrated SonarQube, Nexus IQ, Netsparker, and Contrast Security into the CI/CD pipeline, securing 6,000+ applications.
- Coordinated onboarding with application owners and architects, ensuring seamless implementation of SAST, DAST, SCA, and IAST services.
- Led threat modeling sessions to identify design-level risks and strengthen application security posture.
- Reduced noise by triaging false positives, enabling development teams to focus on true vulnerabilities.
- Guided developers with remediation of vulnerabilities identified by automated tools, improving MTTR.
- Designed and executed proof of concepts for validating security vulnerabilities.
- Switzerland
Application Security Consultant
HCL Technologies Ltd.
05.2016 - 11.2024
- Designed customized application security solutions by aligning with client requirements and business objectives.
- Performed effort estimations and pricing strategies, enabling accurate project scoping and sales positioning.
- Delivered POCs and demos to showcase AppSec solutions, assisting the sales team in lead conversion and client engagement.
- Conducted code reviews, static analysis, and security assessments, identifying vulnerabilities and providing remediation guidance.
- Developed and enforced application security standards and policies, improving overall governance and compliance posture.
Multinational Pharmaceutical Corporation
08.2019 - 02.2021
- Company Overview: Switzerland
- Conducted web application evaluations, source code reviews, and SCA scans to identify and mitigate risks.
- Implemented SAST and DAST automation, improving secure coding compliance across critical applications.
- Performed penetration testing and prepared detailed reports with remediation strategies for development teams.
- Supported architecture risk assessments, offering recommendations to strengthen application design security.
- Switzerland
Multinational Dairy Co-operative
01.2018 - 08.2019
- Company Overview: New Zealand
- Executed web application penetration testing and secured critical applications using HCL AppScan (SAST, DAST, SCA).
- Acted as the primary contact for AppScan-owned products, ensuring effective utilization of scanning capabilities.
- Delivered detailed security analysis reports and executive presentations, bridging communication between technical and business teams.
- New Zealand
Healthcare System
05.2016 - 01.2018
- Company Overview: USA
- Performed web application vulnerability assessments, code reviews, and penetration testing using AppScan, Burp Suite, and DirBuster.
- Identified security gaps and provided remediation guidance based on OWASP Top 10 and CWE standards.
- Authored comprehensive technical and management reports, including findings, risk ratings, and remediation recommendations.
- Partnered with developers to fix vulnerabilities, reducing recurring issues and enhancing overall security maturity.
- USA
Senior System Administrator
NIIT Technologies Ltd.
03.2015 - 05.2016
- Supervised and maintained multi-site Microsoft Exchange 2010/2013 environments, ensuring high availability and seamless mail flow across business units.
- Administered and optimized Active Directory 2008/2012 infrastructure, resolving replication, trust, and DNS issues to maintain secure authentication and domain stability.
- Automated routine administrative tasks with PowerShell scripts, reducing manual effort and improving operational efficiency.
- Managed Microsoft Lync 2013 infrastructure, enabling reliable enterprise communication and collaboration.
- Configured and customized Websense for content and data filtering, strengthening compliance and information security.
- Monitored server performance (hardware/software), implemented proactive maintenance, and ensured 99.9% uptime across systems.
- Led incident resolution for Exchange HUB/MAILBOX/CAS server issues and SMTP problems, minimizing downtime and ensuring smooth internal/external email flow.
- Managed daily backup and recovery operations, safeguarding critical business data.
- Authored and maintained technical documentation for streamlined knowledge transfer and future reference.
System Administrator
Motorcraft Sales Pvt. Ltd.
08.2006 - 03.2015
- Implemented and administered Windows Server 2008/2008R2 environments, ensuring reliable IT infrastructure to support business operations.
- Installed, configured, and upgraded software, hardware, and operating systems, aligning with organizational requirements.
- Strengthened system resilience by managing firewalls, access controls, and backup processes, safeguarding against data loss and unauthorized access.
- Deployed and maintained Microsoft Exchange 2010, enabling secure enterprise email and collaboration.
- Built and managed Active Directory domain controllers and Global Catalogue servers, overseeing user accounts, distribution lists, and security group administration.
- Created and managed mailboxes, permissions, and group policies, streamlining user provisioning and access control.
- Integrated workgroup machines into domain environments, improving central management and security compliance.
- Configured LAN, proxy servers, internet sharing, and remote connections, enhancing internal and external connectivity.
- Resolved end-user issues including NDRs, spam, and email delays, ensuring high service availability and user satisfaction.
- Monitored server performance, applying patches and updates to maintain system stability and security.
Education
BACHELOR OF COMMERCE -
Delhi University
IndiaSkills
- Secure SDLC
- Threat Modeling
- Pen Testing
- Vulnerability Management
- SAST
- DAST
- IAST
- SCA
- CI/CD security automation
- SonarQube
- Nexus IQ
- Netsparker
- Contrast
- AppScan
- Burp Suite
- Securing AWS/Azure workloads
- AD/LDAP
- SSO
- Access controls
- Python
- PowerShell
- Unix Shell
- Java
- NET
- JS
- C
- Windows Server
- Exchange
- DNS
- TCP/IP
- Firewalls
- OWASP
- CWE
- NIST
- ISO 27001
- FINMA
Qualifications Skills
CEH, ISO 27001 Lead Implementer, (CISSP/CCSP/CSSLP if applicable), Secure SDLC, Threat Modeling, Pen Testing, Vulnerability Management (SAST, DAST, IAST, SCA), CI/CD security automation, SonarQube, Nexus IQ, Netsparker, Contrast, AppScan, Burp Suite, Securing AWS/Azure workloads, AD/LDAP, SSO, access controls, Python, PowerShell, Unix Shell, working knowledge of Java, .NET, JS, C++, Windows Server, Exchange, DNS, TCP/IP, Firewalls, OWASP, CWE, NIST, ISO 27001, FINMA
Timeline
Associate Director – Application Security
UBS
11.2024 - Current
Global Investment Bank
02.2021 - Current
Multinational Pharmaceutical Corporation
08.2019 - 02.2021
Multinational Dairy Co-operative
01.2018 - 08.2019
Application Security Consultant
HCL Technologies Ltd.
05.2016 - 11.2024
Healthcare System
05.2016 - 01.2018
Senior System Administrator
NIIT Technologies Ltd.
03.2015 - 05.2016
System Administrator
Motorcraft Sales Pvt. Ltd.
08.2006 - 03.2015
BACHELOR OF COMMERCE -
Delhi University
Similar Profiles
Natalie MacriNatalie Macri
Wellbeing Benefits Manager / Director at UBSWellbeing Benefits Manager / Director at UBS
Nitesh BajajNitesh Bajaj
Director (Present) -Associate Director (2019-2023) at UBSDirector (Present) -Associate Director (2019-2023) at UBS
Amanda Hsin Ying ChuaAmanda Hsin Ying Chua
Periodic Review Specialist at UBSPeriodic Review Specialist at UBS
Ashish TiwariAshish Tiwari
Authorized Officer at UBSAuthorized Officer at UBS
Priyanka DalwaniPriyanka Dalwani
Application Security Associate Manager at AccentureApplication Security Associate Manager at Accenture