•
Own and lead the Application Security program securing 10+ SaaS platforms
•
Act as final NOC authority — no development moves to production without my approval
•
Manage and mentor a team of 10+ AppSec engineers, driving security maturity across engineering groups
•
Define and implement SSDLC practices, embedding security into product development
•
Conduct security architecture reviews, threat modeling, and secure design assessments
•
Perform manual and automated security testing (SAST, DAST, API, mobile)
•
Drive secure code reviews for .NET and backend applications
•
Integrate security checks into CI/CD pipelines, enabling continuous validation
•
Conduct developer training sessions to improve secure coding practices
•
Trained and mentored 10 engineers, collectively identifying and remediating ~1,000 vulnerabilities
•
Reduced bug bounty payouts to near zero by proactively eliminating exploitable issues
•
Championed AI-driven security adoption, embedding Agentic AI and RAG into workflows
•
Elevated organizational security posture to above industry standards, ensuring resilience against evolving threats
•
Instituted a “No-Go Live Without Security Clearance” policy, strengthening organizational trust
•
Established and scaled the Application Security program from ground up across the organization.
•
Reduced critical and high-severity vulnerabilities significantly through proactive security practices.
•
Improved developer security awareness, resulting in fewer vulnerabilities in production releases.
•
Successfully secured multiple enterprise-grade applications and APIs handling real-world user traffic.
•
Automated key security processes, reducing manual effort and improving detection efficiency.
•
Played a key role in architectural security decisions, preventing design-level flaws early.