User:Akshaynet

Have over 5 years of experience in the field of Application Security. Currently working as a “Manager - Application Security” with IBM. I manage and execute the application security program leading a pool of security professionals. Involved in development and maintenance of applications security policy and standards. I have experience in identifying security threats, developing risk mitigation strategies, and managing security oriented activities with disciplined monitoring, control and execution for ensuring secured development and deployment of applications. Managing the risk mitigation activities such as threat modeling, source code analysis, vulnerability assessments and penetration testing (VAPT) using various tools and methodologies. Interlocking with the code development teams ensuing they are trained on the organization’s security standards and guidelines. Maintaining the status of the identified threats and vulnerabilities and planning, monitoring and ensuring the time bound resolution with the periodical review and assessment. Prepare and publish status report to higher management including head security. Plan and conduct trainings on common threats and vulnerabilities, secure coding practices and the updated organization policy and standards. Have a strong technical software development background in java/JEE technologies, frameworks, web servers, databases. Possess in-depth knowledge of web-based attacks such as exploitation of weak Authentication, Session Management and Access Control, various injections techniques, XSS, CSRF, cookie manipulation, parameter tampering, etc. Possess awareness to security industry leading standards such as OWASP, PCI DSS and ISO/IEC 27001:2013.