Senior Application Security Analyst - WIPRO TECHNOLOGIES | Client-UBS - London, UK (2022–Present) | Bangalore, India (2020–2022)
(2020-06 - 2026-05)
- Secure Code Review & SAST: Performed enterprise-scale secure code reviews using Veracode and Fortify, identifying critical vulnerabilities (auth flaws, broken access control, injection) across financial applications; findings directly fed into developer remediation backlogs.
- DevSecOps Pipeline Integration: Integrated SAST and SCA (Veracode, Snyk) into GitLab CI/CD pipelines, establishing automated security gates that blocked vulnerable code and third-party libraries from reaching production.
- Threat Modeling: Facilitated STRIDE-based threat modeling workshops with data flow diagrams for new web applications and microservices, surfacing design-stage risks and defining countermeasures prior to development.
- Penetration Testing & DAST: Executed manual and automated security assessments on RESTful APIs and web portals using Burp Suite Pro, OWASP ZAP, and Postman — uncovering XSS, IDOR, CSRF, insecure deserialization, and session management flaws.
- Vulnerability Management: Managed end-to-end vulnerability lifecycle in Jira, from discovery through to validated remediation; delivered executive dashboards and stakeholder reports mapping findings to business risk and CVSS v3 scores.
- Microservices Security: Collaborated with software architects to embed security controls in microservices architecture, including secure service-to-service authentication and strict input validation at service boundaries.
- Remediation Assurance: Validated fixes through retesting, secure code review, and tool-based verification, ensuring effective closure before production release and maintaining remediation SLA compliance within Agile sprints.
- Third-Party Risk: Assessed third-party libraries and SDKs for known CVEs; flagged deprecated cryptographic practices (MD5, weak JWT configurations) and coordinated replacement with development teams.
- Security Training: Designed and delivered OWASP Top 10 security workshops with live exploit demonstrations for development teams, building secure coding awareness across multiple squads.
- Reporting: Authored detailed security assessment reports articulating technical findings, CVSS scores, and business impact, enabling leadership to make risk-informed prioritization decisions.
Senior Test Engineer - WIPRO TECHNOLOGIES | Client-UBS - Bangalore, India
(2018-08 - 2020-05)
- API Test Automation: Built functional and regression test suites for REST APIs using Postman with JavaScript, integrated into the CI pipeline.
- Performance Testing: Designed and executed performance test scripts using LoadRunner and JMeter. Analyze VuGen output and Extent Reports to identify bottlenecks.
- Test Strategy: Created test plans, identified automation candidates, and managed test execution and defect lifecycle using HP ALM and JIRA.
- Scheduled Test Execution: Configured Autosys jobs on WCC/WinSCP/Unix to run nightly regression suites, maintaining stable test coverage across releases.
- Data Management: Used SQL Server and MySQL to provision test data, execute stored procedures, and clean up post-test artefacts.
Test Engineer - WIPRO TECHNOLOGIES | Client-Lloyds Banking Group - Bangalore, India
(2016-12 - 2018-07)
- Developed and maintained automation scripts for web and API testing across desktop and mobile platforms.
- Reviewed technical specifications to identify testable features, assess risks, and define test scope.
- Produced detailed test plans, executed test cycles, and reported results with precise defect documentation to stakeholders.
- Identified software defects, escalated issues with screenshots and notes, and tracked resolution through closure.
- Drove continuous improvement initiatives that reduce testing inefficiencies and improve overall test coverage.