Staff Information Security Engineer
San Diego, CA
Apr 2016 - Present
I currently lead Illumina's application security efforts as a part of the Cyber Security team. Some of my major responsibilities include:
- Performing web application penetration tests against Illumina's cloud service offerings.
- Determining methods and promoting policies and processes around static source code analysis.
- Designing, developing and setting up infrastructure for code signing.
Senior Product Security Engineer
Qualcomm Technologies, Inc.
San Diego, CA
Feb 2011 - Mar 2016
At Qualcomm, I performed risk and threat analysis and provided recommendations for mitigation of security threats across a variety of products. I also helped internal divisions and teams establish processes to embed security at various stages in their software development cycle. I developed skills in application security, web security, source code reviews, Android security and PKI management. Some of my sample projects include:
- End-to-end secure design and risk analysis of the 2Net wireless health platform and 2Net Mobile.
- Manual security code review of multiple QSEE (Qualcomm Secure Execution Environment, Qualcomm’s TrustZone solution) applications.
- Secure protocol design and manual security code review for an over-the-air licensing and activation service that allows OEMs to license and activate Qualcomm software components on after-market devices.
- Secure default configuration for Qualcomm Atheros router firmware builds (based on OpenWRT) which ship with proprietary and open source software.
- Incident response for Snapdragon Web Engine (an optimized web engine based on Chromium for Snapdragon processors, which is used by a modified version of the AOSP browser).
- Porting and testing an IDS/IPS for Qualcomm Atheros router/IoT chip builds, which is aimed at detecting and preventing exploitation of security bugs before a patch can be provided by the OEMs.
Associate Consultant Intern
May 2010 - Jul 2010
As an intern at Cigital, I performed automated (using IBM Rational AppScan) and manual web penetration testing for a large client in the banking sector and participated in calls explaining findings to client stakeholders.
Infosys Technologies Ltd.
Pune, Maharashtra, India
Nov 2007 - May 2009
At Infosys, I gained experience in web development and manual/automated software testing. Some of my responsibilities included:
- Performing manual/automated software testing for Framework Manager and Report Studio (products in the IBM Cognos 8 Business Intelligence suite) and managing defect reports and bug verification for these products.
- Developing features for workorders and bug fixes for products such as Upfront, Cognos Open Source (COS), Cognos Script Editor (CSE) and Cognos Server Administration (CSA) in the IBM Cognos Series 7 suite.
- Designing and developing an XML parser for COS to parse excessively large XML files.
- Setup and administration of the portal for Cognos Tools Development Group using Joomla. Additionally, I developed custom Joomla plugins for adding functionality to the portal.