Varun Wadhwa
Lead Information Security Engineer
Summary
Experienced Information Security professional with 10+ years of expertise in Vulnerability Assessment, Application Security, Penetration Testing, and DevSecOps. Proficient in OWASP Top 10 best practices, with a comprehensive background in cloud security and end-to-end application security, from scoping to remediation. Proven track record of driving successful project outcomes by leading cross-functional teams in fast-paced, deadline-driven environments.
Overview
10
10
years of professional experience
4
4
years of post-secondary education
2
2
Certifications
Work History
Lead Information Security Engineer
S&P Global Market Intelligence
11.2019 - Current
- Leading divisional appsec enablement team to perform end to end application security for different products including SAST & DAST.
- Involved in security architecture reviews & threat modelling for applications on both cloud & on-prem infrastructure.
- Responsible for integrating security assessment tools(Fortify, Mend) into the CI/CD pipelines on different products like GitHub, Azure DevOps, Jenkins, etc. as part of the DevsecOps project
- Designed & setup infrastructure & framework to integrate Mend plugin on GitHub helping development teams onboard there repositories to software composition analysis scans during development phase.
- Setup GitHub Advance Security(GHAS) to perform static scans on source code.
- Performed different application & network scans using open-source(Kali-tools) & licensed tools to identify vulnerabilities and support product teams with remediation & mitigation of risks.
- Manage & co-ordinate external penetration test & audit with third party vendors to generate product attestation & executive summaries for client sign-off.
- Designed tools to eliminate false positives using Generative AI & LLM technology as well JAVA & React JS which reduced 80% of man hours & effort in performing vulnerability audit.
- Designed documentation around secure coding, infrastructure guardrails(specifically to implement firewalls & AWS cloud controls) as well as cookbook with secure code snippets to help product development teams integrate security in SDLC.
Senior Associate
Publicis Sapient
07.2019 - 11.2019
- Evaluating an application during runtime using scanning, reconnaissance & Man-in-middle attacking tools.
- Experienced in Vulnerability Scanning, Vulnerability Remediation, and Secure
Configurations support. - Build threat models and control catalogs for software teams; stay current on
emerging threats. - Developed test code in Java language using Eclipse IDE and TestNG framework with Cucumber layer
- Setup the Automation framework using Selenium to run unit tests in multiple browsers and platforms
Test Engineer
SSP Limited
05.2018 - 07.2019
- Designed Security pipeline and Web Inspect plugin to run automated DVA scans for application vulnerability assessment leveraging the QA automation framework in both Jenkins and Azure devops pipeline.
- Experienced in development and execution of a Security Management program
across multiple,agile software development teams. - Working as part of Security task force to ensure application security by designing and providing stake holders necessary training for Penetration testing and testing tools like Burp suite and Web Inspect.
- Setup the Automation grid-Selenium to run test cases in multiple browsers and platforms on AWS platform.
Test Engineer
Infosys Limited
12.2014 - 04.2018
- Performing SAST(Static AppSec testing assessment) & DAST (Dynamic AppSec
testing assessment) & Penetration tests on Web, API's & Thick client applications. - Prepared Security Test Plans in accordance with OWASP Top 10 attacks and testing methodologies.
- Provided comprehensive reports on findings to product teams and stakeholders with action items to fix them.
Education
Bachelor of Technology -
University Institute of Engineering & Technology
08.2010 - 07.2014
Skills
DevsecOps
Vulnerability Assessment
SAST
Penetration Testing
DAST
Project Management
Architecture Review
Threat Modelling
Application development
Generative AI & LLM
Network Security
Cloud Security
Infrastructure Security
Web & API Security
Zero Trust Architecture
Cryptography
Tools & Languages
- Burpsuite
- Fortify
- Web Inspect
- GitHub Advance Security
- Azure DevOps
- Kali Linux
- Nmap
- Metasploit
- JAVA
- Python
- Shellscript
- ReactJS
Certification
Certified Ethical Hacker V12
Accomplishments
- Developed two in-house tools, one to perform auto audit on vulnerabilities using OpenAI LLM, JAVA & ReactJS reducing manual effort to weed out false positives and second to scan the web application pages and identify sensitive information leakage.
- Designed a framework to create vulnerability reports, email the same to the product teams & perform delta analysis on the vulnerabilities in every consecutive scans to identify each remediated & newly introduced vulnerability
Timeline
Certified Ethical Hacker V12
12-2024
Certified Appsec Practitioner
06-2023
Lead Information Security Engineer
S&P Global Market Intelligence
11.2019 - Current
Senior Associate
Publicis Sapient
07.2019 - 11.2019
Test Engineer
SSP Limited
05.2018 - 07.2019
Test Engineer
Infosys Limited
12.2014 - 04.2018
Bachelor of Technology -
University Institute of Engineering & Technology
08.2010 - 07.2014
Similar Profiles
Aditya SinghAditya Singh
Research Analyst at S&P Global Market IntelligenceResearch Analyst at S&P Global Market Intelligence
Robert SackaRobert Sacka
Senior Account Manager at S&P Global Market IntelligenceSenior Account Manager at S&P Global Market Intelligence
Michael R. BeckerMichael R. Becker
Senior Product Manager, Commercial Technology at S&P Global Market IntelligenceSenior Product Manager, Commercial Technology at S&P Global Market Intelligence
Kya EndresonKya Endreson
Client Services Associate at S&P Global Market IntelligenceClient Services Associate at S&P Global Market Intelligence
Robert McCutchanRobert McCutchan
Lead Information Security Engineer at McKessonLead Information Security Engineer at McKesson