Home

Chaitra - Senior Security Engineet

[email protected]

Location: New York City, New York, USA

Relocation:

Visa: OPTEAD

CHAITRA SAMPATHRAM (CISSP) New York, USA (Willing to Relocate) SUMMARY: Leveraging 9+ Years of Experience in Application/Product Security Engineering PROFESSIONAL EXPERIENCE (Full Time) Senior Security Engineer (Toyota North America - Texas Plano) June 2023 Oct 2023 Spearheaded development and implementation of comprehensive cloud security strategies, encompassing architecture, implementation, and maintenance of security infrastructure and tooling. Collaborated with cross-functional teams to ensure compliance with industry-standard security frameworks and best practices. Conducted security assessments of web applications using the OWASP framework and other best practices to identify and mitigate vulnerabilities. Implemented multi-tiered authentication and access control strategies using RBAC/ABAC to enhance security. Designed, established, and maintained standard operating procedures for the administration, policy management, versioning, and lifecycle management of SIEM/Log Management platforms. Conducted comprehensive security testing (DAST/SAST/SCA) and provided actionable guidance to development teams for remediations, including integrating testing tools into the development pipeline. Lead Security Engineer (SRE/Dev/Application security - SONY) Jan 2017 Jan 2020 System security: Directed and Led the end-to-end application development and vulnerability assessment for clients across SONY, for over 6 years. Web security: Vulnerability Management for 150+ Web-Apps including (Sony ad manager, IDM, ODM, Video unlimited, etc), for over 3 years. Refreshed technical security control frameworks (NIST, ISO, etc). Designed secure biometric authentication implementation for SONY mobile applications. Provided risk analysis and presented control recommendations to cross-functional governance & steering committee. Performed threat modeling & design reviews to assess security implications & requirements for introducing new technologies. Application Security: Led various Android application development and vulnerability assessment team (VAPT) development for over 3 years. Developed the APC (Application Security Championship) program to increase the use of secure coding techniques across the development teams, increasing efficiency in the quality assurance of pre-production & production testing. Researched & analyzed software threats for enhancements in test results & reporting. Launched the Golden Image initiative to establish a secure baseline for cloud computing resources in both development and production environments. Evaluated new security technologies through vendor assessments and POCs to enhance visibility into cloud infrastructure and drive improvements. Maintained and monitored security tools & conducted security risk assessments. Managed security policies and processes & partnered with other teams to develop best security practices (HIPPA, PCI, GDPR). Managed vulnerability & System configurations. Updated with the latest threat intelligence and cyber threat information. Senior Software Security Engineer (Risk management, Network security - SONY) Jul 2014 - Jan 2017 Configured & operated scanning/testing tools, while also partaking in researching efforts of mobile testing tools for use by internal hacking teams (red teams). Info security (DEV): Led team for implementation of Firewall, and IDS for SONY. Performed threat modeling & design reviews to assess security implications & requirements for introducing new technologies. Procured operated & maintained tools & technology to protect production applications via applications security testing, bot mitigation, and code injection prevention, along with conducting secure code training, code review, etc. Proactively identified potential issues at various stages of SDLC & provided input on issue avoidance, while periodic application audits & manual penetration tests. Partnered in implementing VPN, Zero Trust Security (ZTNA), Software Defined Perimeter (SDP), and Secure Web Gateways. Conducted audit to remediate gaps in the sensitive data handling process. Worked with senior stakeholders to gather requirements to facilitate document analysis, interviews, questionnaires, and workshops to achieve alignment with the GDPR & AICPA best practices. Utilized a variety of security information and event management (SEIM), data loss prevention (DLP), intrusion prevention systems (IPS), and other tools in design. Worked on firewall implementations (Layer-2 and Layer-3), Internet proxy, DNS, SSL VPN, and IPS technologies. Worked on multi-factor authentication using Multi-modal biometrics based on machine learning. Implemented and supported complex security architectures including system, web, and cloud. Worked on Palo Alto Network firewalls. Hands-on experience in implementation and advanced troubleshooting in Cisco ASA, Checkpoint, Palo Alto, & Fortinet firewalls in High-availability mode. Maintained various firewalls, virtual private networks, web protocols, and email security. Extensive exposure to Blue Coat, and McAfee proxies involving complex traffic troubleshooting. Implementation of IPSEC VPNs with the ability to design and troubleshoot complex enterprise network infrastructure. Managed DLP operations by enforcing PCI & HIPPA standards. Partnered with stakeholders to encourage the adoption of security-compatible software designs and best practices. Reviewed existing IAM policies for new ERP solutions. Conducted cyber risk assessments & cyber risk mitigations. Provided cyber risk training to employees. Performed cyber risk modeling using scenario-based modeling. Developed Automation tool in Python from end-to-end. Software Engineer (Android/Embedded Platform - SONY) Sep 2010 - Jul 2013 Coordinated with the Information Security Analysts, and administrators for control implementation and Plans of Actions and Milestones (POA&Ms) closeout requirements. Embedded Engineering: Worked on DRM (Digital rights management), DLNA, and UPNP telephony projects as a development engineer. Developed proprietary SONY applications and SONY tools for SONY Mobile, and SONY BRAVIA using C, Android, and Python. Implemented Google Analytics for video unlimited applications. Ported OpenCV-based automation tool Sikuli to the Android platform to work for Android applications. Academic tutor Syracuse University, Syracuse, NY Jan 2022 - May 2023 Mentored and taught Python programming to 30+ undergrad students. Mentored Computer security to 15 Undergrad students. EDUCATION Syracuse University, College of Engineering, Syracuse, NY Jan 2022 - May 2023 Master of Science Cybersecurity, May 2023, GPA-3.5/4 UBDT College of Engineering, India Bachelors - computer science & engineering May 2010 SKILLS & OTHERS Python, Core java, shell scripting, Analytics, Red Teaming, Service-Level agreements (SLA), Establishing process, Pen testing, Network Security, Vulnerability Assessment, and Application Security, OWASP Top 10, threat modeling and actors, malware analysis, System & network attacks, and mitigation process, Vulnerability Management, SAST, SCA, DAST, IAST, MAST, S3, Lambda, EC2, KMS, IAM, bug hunting, CI/CD Jenkins, CTF experience, Incident Response, Data Acquisition, Memory Forensics, Network Forensics, Remediation, Inventory Management, web application automation, android app development, VPN, Zero Trust Security (ZTNA), Software Defined Perimeter (SDP), and Secure Web Gateways, TCP/IP and UDP Protocol, XSS, CSRF, SQL Injection, simple stack overflow, cross-site scripting, USB, JTAG, serial ports, UART, MITRE (CVE, CWE), SPI, Ethernet, and Wi-Fi, hardware security modules, secure boot, embedded crypto, digital signatures, public key infrastructure, FPGA security, operating system internals and hardening, IPSEC, HTTP, HTTPS, routing protocols, cryptography encryption-decryption algorithms, network topologies, CIA triad, hands-on cryptography, and forensic tools. Tools Metasploit, Burp suite, AWS, Wireshark, Autopsy, Cisco Packet Tracer, FTK, FTK Imager Lite, Foremost, Sleuth kit, Autopsy, Sy internal Tools, Hindsight, meld, fiddler, postman, ServiceNow, Splunk, IAM, configuration management, Vulnerability/risk assessment, Osquery, Kubernetes, OpenVAS, Grafana. ACADEMIC AND PROFESSIONAL PROJECTS SEED INTERNET & BLOCKCHAIN EMULATOR FOR RESEARCH & EDUCATION PURPOSES: Partnered in the implementation of Autonomous Systems, BGP, Internet exchange, and peering for internet infrastructure emulation. Partnered in the implementation of DNS, and blockchain for internet service emulation using Python classes. Partnered in the implementation of low-level APIs to support software installation & configurations. IMPLEMENTATION OF DDOS ATTACKS BY ATTACKING A TARGETED SERVER IMPLEMENTED IN A VIRTUAL ENVIRONMENT: Hands-on and introduced to the functioning of DDOS attacks by attacking a targeted server implemented in a virtual environment. Constructed a fully functioning client-server VPN architecture. Introduced Access Control Policies and their working. DIGITAL FORENSIC-CASE STUDY, SYRACUSE UNIVERSITY: Made a fake case study and evidence to be used for a computer forensics study. Efficient in FTK, Autopsy, Hex, and Steganographic tools. CERTIFICATION: CEH, CCNA, Web security/Network security/Cryptography by Udemy. Keywords: cprogramm continuous integration continuous deployment sthree active directory microsoft New York Wisconsin