Murali Krishnan S

Experience

• 

  Honeywell Technology Solutions, Inc.

  Feb 2011 - Mar 2016

  • Review and define mobile device/embedded/control systems product security requirements• Identify security issues and risks, and develop mitigation plans• Evangelize security within the group and be an advocate for customer trust and data protection• Evaluate and recommend new and emerging security products and technologies• Build/Maintain the infrastructure for internal/external penetration tests and vulnerability assessments• Mentor software engineering teams on security best practices• Assist with creating information security policies Show less •Driving Secure SDLC throughout Software Development Life Cycle, performing Application & Infrastructure Security Assessment on critical Honeywell projects.•Performing Security Source Code Audits for Honeywell developed Java and C# based applications using tools like Fortify, Code It Right, etc. •Performing Web Application Security Assessments and Penetration Testing for various Honeywell based web applications and products. This Penetration Test included latest exploits, Information Gathering, Vulnerability Scanning using tools like Nessus, Web Inspect, Burp Suite pro, Zed Attack Proxy, Paros Web Proxy etc.•Exploiting known vulnerabilities in the web application through SQL Injection, Cross Site Scripting and other attacks. Web Application Security testing is based on the industry recognized OWASP methodology.•Performing Mobile Application Security Assessments for many of the Honeywell developed mobile apps (Iphone and Android Apps).•Contributing and maintaining Honeywell web applications security methodology, procedures and web application security guidelines, writing blogs and articles for internal Honeywell IT security portals.•Providing assistance and consultation on PCI Compliance. Performing Application/ Network Security Assessment for the PCI DSS compliance requirement.•Conducting trainings on Security Awareness, Secure SDLC, OWASP top 10 vulnerabilities and on ways to curb them at code level, etc to developers.•Occasionally, develop Perl based scripts to automate some of the existing Security processes and procedures. Show less

  • Senior Security Engineer

    Oct 2014 - Mar 2016

  • Application Security Engineer

    Feb 2011 - Sept 2014
• 

  Citi

  Apr 2016 - now

  • Vice President

    Jan 2020 - now

  • Assistant Vice President

    Jul 2018 - Dec 2019

  • Manager

    Apr 2016 - Jun 2018