Ramya K
DevSecOps Engineer
Qubec
Summary
I am a highly skilled professional with a proven track record in Azure DevSecOps and application security engineering. My expertise lies in seamlessly integrating security practices into the development and operations lifecycle, automating security processes, and fostering secure coding practices. I am proficient in leveraging Azure's suite of security tools and technologies to safeguard cloud infrastructure, applications, and data. With a meticulous approach, I conduct thorough security assessments, identify vulnerabilities, and implement effective remediation measures. My skill set includes threat modeling, secure code review, and ensuring compliance with industry standards and regulations. As a collaborative team player, I possess excellent communication skills and excel at working closely with cross-functional teams to enhance security posture, mitigate risks, and drive continuous improvement in DevSecOps practices.
Overview
5
5
years of professional experience
4
4
years of post-secondary education
6
6
Certifications
Work History
DevSecOps Engineer
RBC
Toronto
11.2021 - Current
- Responsible for using SCM tools (e.g., Git, Bitbucket, Azure DevOps) for version control and collaborative development.
- Proficient in implementing CI/CD pipelines using tools like Jenkins, GitLab CI/CD, and Azure DevOps Pipelines.
- Automation of build, test, and deployment processes to support continuous integration and deployment practices.
- Skilled in integrating SAST tools (e.g., SonarQube, Veracode, Checkmarx) into CI/CD pipelines for automated security scanning of source code.
- Analyzing scan results, identifying security vulnerabilities, and providing guidance for remediation.
- Integrating DAST tools (e.g., OWASP ZAP, Burp Suite, Nessus) into CI/CD pipelines for scanning running applications and identifying security weaknesses.
- Leveraging SOAR tools for automating security incident response, collaboration, and workflow management.
- Utilizing vulnerability scanning tools (e.g., OpenVAS, Nexpose, Qualys) for identifying and prioritizing system and application vulnerabilities.
- Using container security tools (e.g., Docker Security Scanning, Anchore, Aqua Trivy) for securing container deployments.
- Integrating container security scans into the CI/CD pipeline and ensuring secure container image deployments.
- Utilizing SIEM tools for monitoring security events, detecting threats, and supporting incident response activities.
- Utilizing IaC security tools (e.g., Terraform, CloudFormation, Azure Resource Manager) to enforce secure infrastructure provisioning and management practices.
- Ensuring secure deployment configurations, detecting misconfigurations, and enforcing security policies within infrastructure code.
- Using compliance and governance tools (e.g., Chef Compliance, AWS Config, Azure Policy) to enforce security policies and regulatory compliance.
- Designing and implementing secure Azure architectures, including network segmentation, IAM, secure data storage, and encryption.
- Conducting threat modeling exercises to identify potential security risks and implementing appropriate security controls.
- Developing and maintaining scripts (Bash, PowerShell, Python) for automating routine tasks, configuration management, and security scans in DevSecOps workflows.
- Utilizing scripting for interacting with APIs, performing security scans, and data analysis in a DevSecOps environment.
Cloud Security Engineer
Cognizant Pvt Ltd
Hyderabad
06.2019 - 10.2021
- Utilized CSPM tools (e.g., CloudCheckr) to assess and monitor the security status of cloud environments.
- Conducted scans to identify misconfigurations, compliance violations, and vulnerabilities in cloud resources.
- Collaborated with teams to address and remediate security issues, ensuring adherence to best practices.
- Implemented CASB solutions (e.g., Netskope) to enhance security and governance for cloud services.
- Implemented data protection measures, including access controls, encryption, and activity monitoring.
- Managed user identities, roles, and access to cloud resources using IAM tools like Okta.
- Configured and enforced strong authentication and authorization mechanisms.
- Ensured compliance with identity governance and access management standards.
- Implemented encryption and key management solutions (e.g., AWS Key Management Service) to protect data at rest and in transit.
- Managed encryption keys and implemented encryption controls for cloud storage and databases.
- Implemented cloud network security tools such as Azure Network Security Groups to secure cloud infrastructure.
- Configured network segmentation, VPNs, and firewalls to protect cloud resources.
- Monitored network traffic for potential security threats and implemented intrusion detection/prevention systems (IDS/IPS).
- Leveraged tools like Azure Monitor for threat intelligence gathering and cloud environment monitoring.
- Utilized tools like AWS Config to automate compliance assessments and governance processes.
- Implemented DDoS protection and WAF solutions (e.g., AWS Shield) to safeguard cloud applications and infrastructure.
- Configured traffic filtering, rate limiting, and application-layer protection mechanisms.
- Collaborated with development and operations teams to address web application vulnerabilities and protect against DDoS attacks.
- Leveraged tools like Azure Sentinel for incident response and digital forensics investigations.
- Conducted threat hunting, log analysis, and evidence gathering for security incidents in cloud environments.
Security Analyst
Elonex Infotech
Hyderabad
06.2018 - 05.2019
- Conducting Vulnerability Assessments: Perform assessments to identify security weaknesses in systems, networks, and applications.
- Penetration Testing: Simulate real-world attacks to assess the security posture of systems, networks, and applications.
- Vulnerability Identification and Exploitation: Discover vulnerabilities, exploit them, and document findings.
- Report Writing: Prepare detailed reports summarizing penetration test findings and provide remediation recommendations to both technical and non-technical stakeholders.
- Security Analysis: Analyze security systems, network architectures, and configurations to identify weaknesses and suggest countermeasures.
- Tools and Technologies: Utilize various security tools and technologies, such as vulnerability scanners and penetration testing frameworks, to conduct effective assessments and tests.
- Research and Learning: Stay updated with the latest security vulnerabilities, threats, and techniques through continuous learning, self-study, conferences, and training programs.
Education
Bachelor of Technology - Computer Science And Engineering
JNTU University
06.2014 - 04.2018
Skills
SAST - veracode, checkmarx, sonarqube, fortify, OWASP Manual Source Code Review
DAST - BurpSuite, OWASP ZAP, IBM AppScan, Microfocus WebInpsect
SCA - veracode, snyk, OWASP Depedency Checker, Sonatype
SCM - Git, BitBucket, AzureDevOps
CI/CD - ADO Pipelines, Jenkins, Gitlab CI/CD
Container Security - Docker Security Scanning, Anchore, Aqua Trivy
Infrastructure as Code - Terraform, CloudFormation, Azure Resource Manager
Compliance and Goverance Tools - Chef Compliance, Azure Policy
VA - Qualys and Nessus Vulnerabiltiy scanner
Cloud Access Security Brokers (CASBs) - Netskope, Bitglass, Microsoft Cloud App Security
Cloud Security Posture Management (CSPM) - CloudCheckr, Prisma Cloud, Azure Security Center
HashiCorp, AzureKeyVault and Google KMS - Cloud Credentials Protection Tools, Azure DDoS Protection
Scripting - python, bash scripting, PowerShell
MITRE ATT&CK, STRIDE and 7 Step Kill Chain for Threat Modelling
Nmap, MetaSploit Framework, WireShark, JohntheRipper, sqlmap
Ticketing - ServiceNow, Jira, Slack, ADO
Certification
Microsoft Certified: Azure Security Engineer Associate (AZ-500)
Timeline
DevSecOps Engineer
RBC
11.2021 - Current
Cloud Security Engineer
Cognizant Pvt Ltd
06.2019 - 10.2021
Security Analyst
Elonex Infotech
06.2018 - 05.2019
Bachelor of Technology - Computer Science And Engineering
JNTU University
06.2014 - 04.2018