Partnered with 8+ product teams to embed secure-by-design requirements throughout the SDLC and drive a risk-based vulnerability management program across cloud and on-prem estates.
Key Achievements
- Integrated Snyk, Tenable, Orca, and Armis with CI/CD pipelines, reducing critical vulnerability backlog by 60 % in the first two quarters.
- Implemented policy-as-code guard-rails that block insecure builds and Terraform plans, cutting security review time from >1 day to <30 minutes.
- Hardened multi-cloud environments (AWS & GCP) leveraging Terraform modules and CIS benchmarks.
- Ran threat modelling and security assessments for new features, providing actionable guidance adopted by 100 % of squads.
- Championed Secure SDLC training that lifted team OWASP awareness scores from 55 % to 92 %.
Snyk
Tenable
Orca Security
Armis
Terraform
AWS
GCP
Python
Secure SDLC
Designed and implemented a Slack-native bot that automates compliance evidence collection, task tracking, and real-time alerting across multiple platforms.
Key Achievements
- Developed an interactive Slack bot for on-demand report generation and user self-service compliance actions.
- Integrated Slack with Asana to auto-create and track remediation tasks, ensuring 100 % audit traceability.
- Leveraged AWS Athena to analyse CloudTrail logs and surface anomalous activities within seconds.
- Connected GitHub API to monitor repo access and code changes, feeding findings back to Slack channels.
- Centralised evidence in shared dashboards, reducing manual compliance effort by 75 %.
- Implemented real-time Slack alerts for unauthorised access attempts and policy violations.
Slack API
Asana API
AWS Athena
CloudTrail
GitHub API
Python
Compliance
Security Automation
Led security implementation for a cloud-based medical device platform, enabling secure IoT connectivity and data management.
Key Achievements
- Architected and implemented comprehensive security infrastructure using Terraform
- Led SonarQube Enterprise rollout – procurement, Terraform HA cluster, Jenkins/GitLab integration, and developer enablement sessions for 120+ engineers.
- Delivered Burp Suite Enterprise deployment – licensing, IaC install, pipeline hooks, and DAST triage training that boosted scan coverage to 85 %.
- Successfully integrated Okta SAML authentication, enhancing platform security
- Spearheaded AWS Control Tower implementation for secure multi-account strategy
- Automated CI/CD security scanning pipelines across 30 repos
- Managed end-to-end security tool procurement and integration
AWS
Terraform
Okta
CI/CD
Control Tower
SonarQube
Burp Suite Enterprise
Enhanced security automation for Cisco MSX, a cloud-native software-defined networking platform designed for delivering managed services to enterprise customers.
Key Achievements
- Implemented comprehensive security automation workflows for the MSX platform
- Led integration of Black Duck for container and application security, managing open source risks
- Developed and integrated security tools into CI/CD pipelines, ensuring continuous security validation
- Established automated security testing frameworks for software releases
- Streamlined security compliance processes for managed service delivery
Cisco MSX
CI/CD
Black Duck
Container Security
DevSecOps