SANTOSH P
santhu.career@gmail.com | 9036233009
Profile Summary
Information security professional with expertise in enhancing an organization’s product security
posture. Conducted security risk analysis, SAST, DAST, and vulnerability assessments.
Emphasized DevSecOps by seamlessly integrating security into CI/CD pipelines for projects in
cloud infrastructures with a Microservices architecture.Strong leadership in collaborating
across teams to enforce Secure SDLC and mitigate vulnerabilities, ensuring adherence to
OWASP, NIST, ISO 27001, GDPR and SOC 2 standards.
Professional Track
Senior Ext. Consultant : Deloitte : 2023- 2024
• De ned security testing strategies and implemented security governance in CI/CD
pipelines for 200+ application services.
• Integrated automated SAST, DAST, and IAST tools into the DevSecOps pipeline, reducing
vulnerabilities in early SDLC stages.
• Led a team performing comprehensive security analyses, identifying and mitigating
potential threats across multiple layers of the infrastructure.
• Implemented measures to assess and mitigate security risks associated with the use of
open-source components, promoting secure development practices using JFrog.
• Delivered training and guidance to development teams on integrating security controls into
the software development lifecycle.
• Contributed as an advisor, offering insights and recommendations on implementing
DevSecOps principles effectively across teams.
Security R&D : Amagi Media : 2022- 2023
• Enhanced security posture of 4 AWS accounts through controls regulatory.
• Implemented DevSecOps for SOC2 certi cation candidate projects for controls
implementation.
• Implemented common DAST and SAST work ows for 3 priority projects.
• Collaborated with SOC2 stake holders to implement engineering and platform controls.
• Implemented AWS CIS benchmarking assessor using Prowler.
• Implemented a comprehensive security awareness program for the organisation including
bi-monthly mailers, sessions and training for new joiners and interns.
Security R&D : Nokia Networks : 2017- 2022
• Performed Threat modeling through information gathering, risk analysis, mitigation plans;
prepared of test plans for security testing.
• Veri ed security posture of application concerning OWASP top ten vulnerability using ZAP.
• Veri ed security of infrastructures and repositories like Jenkins and Harbor.
Santosh P 9036233009
fi
fi
fi
fl
fi
�• Performed SAST on over 160 application container images to help developers address
vulnerabilities in the early phases of the SDLC using Anchore Enterprise and Clair Scanner.
• Undertook CIS Benchmarking for Kubernetes environments of the product and service to
comply with ISO27001.
• 200+ APIs tested for CIA triad posture with an indigenously built API testing tool for better
security.
• Created and executed test cases speci cally to identify the security implementations in APIs.
• Performed DAST for Network and infrastructure using NMAP, Nessus/Tenable SC.
• Created diagnostic test tools for verifying system sanity before security test.
• Automated Security in to DevOps program and making security seamless.
• Automated report collection, archival, analysis and creation, veri cation and closure of git
issues.
• Trained new recruits on security practices of Nokia and implemented framework.
• Involved in creating awareness programs to teams on common vulnerabilities and
encouraging teams to practice secure coding.
Python Developer: Granite River Labs: 2015- 2017
• Built Compliance test certi cation tool using Python for Google’s ‘Thread’- protocol for IOT
devices.
• Created test plans complying to the protocol speci cation document along with UL.
• Developed code for automated test setup creation and execution using APIs of hardware
involved.
• Performed interoperability tests across different vendors like ARM, SiLabs and Freescale.
WebMethods Developer: TechMahindra : 2011- 2013
• Worked in development of custom modules for General Electric- Aviation OASIS on
webMethods using Java.
Extramural Pursuit
• Sculpted an art installation about Cyber Security to create awareness in general public on
growing cyber threats and crimes, this endeavor earned an award in 2023.
Skills and Persona
• Security Tools : Nessus/Tenable SC, NMAP, ZAP, Anchore, KubeBench, Codenomicon,
Prowler, Clair, CheckMarx, qTest, jFrog.
• Coding Languages: Python, Shell, work experience with Go and Perl.
• Automation & DevSecOps: SAST, DAST, IAST integration in CI/CD, Secure SDLC, Kubernetes
Security, Terraform, Jenkins, GitHub Actions, GHAS, AWS Security.
• Repositories : Git, Harbor.
• Cloud Technologies: Kubernetes, Terraform and AWS.
• Education: MTech in Digital Communication from RVCE- Class of 2015.
• Strong communication skills with a commitment to continuous learning and adapting to
contemporary practices.
• Sculptor, Artist, Certi ed Mountaineer and Avid traveller.
• Responsible Human, Healthy and Happy.
Santosh P 9036233009
fi
fi
fi
fi
fi
