Parvathy Vijayan

Experience

• 

  TalentPro India

  Nov 2014 - Feb 2017

  QA Engineer

  -Ran Dynamic scans and reviewed vulnerability assessment reports using HCL Appscan and BurpSuite.-Performed code review across variety of programming languages and provide recommendations for preventive and corrective actions.-Checked client code for bugs and weaknesses using Veracode, Fortify and Checkmarx .-Created and maintained comprehensive internal documentation.

• 

  Amber Road

  Mar 2017 - Nov 2018

  Security Analyst

  - Performed both Manual and Automated Web application Security Assessment for identifying vulnerabilities- Identified vulnerabilities, recommend corrective measures and ensured adequacy of existing information security controls in SAST and DAST scans with HCL appscan, BurpSuite, Veracode and Checkmarx- Reviewed roles, profiles, authorization and performed vulnerability assessment of application with regards to OWASP check list and SANS errors. - Performed code review across variety of programming languages and provided recommendations for preventive and corrective actions.- Produced final reports on compliance to detail the controls observed during security assessments . Show less

• 

  Accenture in India

  Dec 2018 - Jul 2021

  Senior Security Delivery Analyst

  - Conducted penetration test scoping/kick off meetings with technology business partners, document scope and schedule testing window- Performed web application, Mobile and API penetration testing within designated scope and rules of engagement in DevSecOps pipeline and- Agile Methodologies Worked with and setup and configuration of commercial and open source SAST, DAST & 3rd party security testing tools.- Provided technical mentorship for remediation of findings, collaborating with other CIS teams as necessary.- Performed Automated scans using HCL AppScan,BurpSuite, MobSF and Veracode and done False positiveanalysis of vulnerbilities reported.- Report on all of the findings together into a formal Vulnerability Assessment document, highlighting all issues that have been uncovered together with recommended resolution actions to be taken by theapplication team. Show less

• 

  Wells Fargo

  Aug 2021 - Oct 2023

  Senior Application Security Consultant

  Worked on Software Planning, Design, and Requirements Security, with a specialization in secure design, security requirements, security peer review, and threat modeling within agile team environments.Conducted SCA using Black Duck and Veracode SCA to effectively manage open-source components and third-party libraries within software applications.Executed DAST employing Burpsuite, HCL AppScan, WebInspect, Appspider, and sqlmap, meticulously identifying vulnerabilities and delivering actionable remediation recommendations to the AppTeam.Performed SAST by comprehensive reviews of Static Scan reports generated by Veracode and Checkmarx, furnishing thorough vulnerability assessments and providing actionable remediation suggestions to the application team.Performed mobile application security assessment using tools such as MobSF and Frida.Facilitated threat modeling sessions, utilizing the STRIDE methodology.Showcased proficiency in the Secure Software Development Lifecycle (SDLC) and maintained adherence to prominent security standards like OWASP (Web & Api), CWE, and NIST, ensuring alignment with industry best practices and regulatory requisites.Conducted API security testing, utilizing tools like Postman Collections, S OpenAPI and other common formats to organize and test REST APIs and worked with HTTP/S, SAML 2.0, OAuth protocols.Collaborated with cross-functional teams to integrate security testing into the development lifecycle and led development teams in integrating new services and applications into the CI/CD pipeline.Spearheaded project meetings, delivering regular updates on project status. Assessed project risks and issues, developed mitigation plans and resolutions, and upheld compliance standards throughout project lifecycles. Show less