Jagadeesh Korukondi

jagadeeshk89j@gmail.com
(402)-999-3468

Skill Set

 Security Architecture & Risk Assessments: Designed and reviewed security architectures to assess
current controls, identify potential flaws, and conducted security risk assessments of applications and
APIs using NIST-mandated security domains, ensuring comprehensive security evaluations and enhancing
the overall security posture.
 Penetration Testing & Vulnerability Scanning: Performed manual penetration testing for web
applications using tools like Burp Suite Pro, OWASP ZAP, and SQL Map to identify vulnerabilities and false
positives, while also executing network and server vulnerability scans with Nessus, Qualys Guard, and
Nmap to enhance system security.
 Led the introduction of Zero Trust architecture concepts into the enterprise security strategy, improving
security controls and mitigating risks associated with modern cloud technologies, resulting in enhanced
security across the organization.
 Identified and mitigated risks in SD-WAN and SASE/SSE solutions by conducting thorough risk
assessments of middle-mile cloud-transit networks, ensuring robust security implementations and
reducing potential attack vectors.
 Collaborated with senior leaders and stakeholders to recommend business modifications during periods
of high vulnerability, aligning security efforts with business objectives and improving overall resilience.
 Established governance frameworks and enterprise security controls as a subject matter expert, creating
governance models that enhanced security compliance with standards such as NIST, CIS, and GDPR,
ensuring alignment across the organization.
 Led threat modeling and risk analysis activities during different design iterations, identifying
vulnerabilities early in the process and enabling proactive remediation, resulting in more secure
architecture designs.
 Application Security Testing (SAST/DAST): Conducted static and dynamic application security testing
(SAST/DAST) using tools like Veracode, HP Web Inspect, and Acunetix360, analyzing false positives and
collaborating with development teams to address security vulnerabilities, resulting in a significant
reduction of critical vulnerabilities across multiple release cycles.
 Source Code Reviews & Secure Coding Practices: Led comprehensive source code reviews across
languages such as Python, JavaScript, Angular, Oracle (PL/SQL), and Apex Low Code, ensuring compliance
with industry standards and improving security and performance by reducing vulnerabilities by 20% in
production systems.
 Server, Network, & Data Center Management: Administered server management, Active Directory,
VMware, data centers, and network security, ensuring system reliability, high availability, and securing
environments through virtualization, hardening, and network security protocols, including firewalls,
routers, and web application firewalls.
 Infrastructure & System Administration Tools: Leveraged Microsoft tools like SCCM, SCOM, AD tools, and
application management platforms to streamline infrastructure and system administration, optimizing
system performance and ensuring seamless operations across multiple geographies.
 Led the migration of 10+ legacy applications to cloud-based infrastructure, developing a security planning
and risk mitigation strategy that ensured compliance with industry standards (ISO 27001, GDPR), resulting
in enhanced security and regulatory adherence.
  Led software development initiatives for over 10 years with proficiency in Python, JavaScript, Angular,
Oracle (PL/SQL), and Apex Low Code, driving the creation of secure, high-performance applications,
resulting in improved system efficiency and code maintainability across multiple projects.
 Oversaw security event monitoring and analysis from multiple sources including SIEM, IDS/IPS, endpoint
protection, and cloud platforms, successfully coordinating incident containment and remediation efforts
to minimize downtime and damage.
 Security Frameworks, Vulnerability Management, and Compliance: Leveraged industry-standard
frameworks (NIST 800-53, PCI DSS, ISO 27001, OWASP Top 10, SANS Top 25) to establish a comprehensive
vulnerability management program using Qualys and Wiz across cloud and on-premises environments,
aligning security practices with compliance standards such as GDPR, HIPAA, and SOX.
 Cloud Security and Threat Detection: Configured cloud security services (IAM, CloudTrail, GuardDuty,
Config, Security Hub) for enhanced threat detection and monitoring, and led cloud migration projects for
AWS, Azure, and GCP, optimizing application performance, scalability, and security.
 Penetration Testing and Source Code Audits: Conducted pre- and post-migration security audits,
including source code reviews in Python, JavaScript, Oracle PL/SQL, and Apex Low Code, identifying and
remediating vulnerabilities, resulting in a 20% reduction in security flaws and ensuring compliance with
OWASP and ISO 27001 standards.
 Endpoint and Infrastructure Security: Provided primary support for endpoint security through
CrowdStrike Falcon, implementing USB blocking and firewall modules, while utilizing tools like Splunk,
Qualys FIM, and Axonius for comprehensive security monitoring and real-time compliance across cloud
and IT systems.
 Automation, Incident Response, and Identity Management: Developed Python scripts to automate
vulnerability scanning, penetration testing, and security monitoring, improving efficiency by 50%.
Managed identity lifecycle processes, implementing IAM controls, SSO, and MFA to ensure secure access
and compliance, reducing unauthorized access incidents by 20%.
 Project and Risk Management: Applied project management tools (ServiceNow CRM, Jira) to manage
vulnerability assessments, pen testing, and security/compliance programs, ensuring timely risk mitigation
within SLAs and achieving a 25% reduction in regulatory non-compliance risks through strategic risk
assessment and mitigation strategies.

Education:
Masters in CIS from Bellevue University, Omaha (Nebraska). 2016
Bachelor of Technology in Computer Science & Engineering. 2010

Certifications:
Certified Ethical Hacker version 11 Certification number: ECC7283490156
Microsoft Certified: Azure Security Engineer Associate Certification number:H605-3371

Languages: .Net, Core Java, Apex

Web services: WCF, Web Services
Scripting Languages: Java Script, AJAX, Python
Markup Languages: XML, HTML, CSS, Server XMLHTTP.
Databases: SQL Server 2012/2016 , PostgreSQL
Operating Systems: Windows 10, Linux, windows server 2016
Tools: Qualys, Nessus, Burp Suite, Acunetix,Zap Proxy, IBM/HCL App
scan, Splunk, Crowdstrike, BloodHound,SharpHound,Axonious,
Splunk/SOAR, ArcSight, Microsoft XDR, PurView, SQL Map, Qualys
FIM,Crowdstrike Falcon, Sentinel One, ThreatGrid, Microsoft
Defender, OWASP Zap Proxy, CheckMarx Etc.
Software: VisualStudio.NET 13/12/10,IIS(7.0,6.0,5.0)
 Version Control: Team Foundation Server(TFS) and SVN

PROFESSIONAL WORK EXPERIENCE

Eli Lilly and Company, Indianapolis, IN Jan 2024 - Present

Application Cyber Security Architect

Responsibilities:

 Dynamic Application Security Testing (DAST) and Vulnerability Management: Performed DAST scans
using Qualys and WebInspect, ensuring data confidentiality, integrity, and availability, and conducted
false positive analysis using Burp Suite, reducing unnecessary remediation efforts while enhancing overall
vulnerability management efficiency.
 Application Security and OWASP Compliance: Verified the security posture of web applications against
OWASP Top 10 vulnerabilities, collaborated with development teams to remediate vulnerabilities, and
assessed application risks and severity, ensuring legal compliance and minimizing attack surfaces.
 Endpoint Security and Microsoft Defender: Configured and administered Microsoft Defender Advanced
Threat Protection (ATP) and created GPOs to manage endpoint security policies, improving threat
detection, policy enforcement, and overall security posture for endpoints and servers.
 Network and API Security: Architected secure network infrastructures using Fortinet firewalls, enhancing
defenses against DDOS attacks and advanced persistent threats, and exploited common API vulnerabilities
to tighten security controls, improving system stability and API security.
 Encryption and Key Management: Managed encryption of data at rest and in transit using AWS KMS and
PKI systems, ensuring key security and compliance with data protection standards, and integrated
encryption mechanisms into systems, reducing data breach risks by 40%.
 Code Review and Secure Development: Conducted code reviews for Python, JavaScript, and PL/SQL
applications, implementing secure coding standards in Java to mitigate common vulnerabilities like SQL
injection and XSS, resulting in improved security posture and reduced security incidents by 20%.
 Directed post-incident analysis efforts, identifying root causes of security incidents and driving
improvements in SOC processes, reducing response times and increasing the organization's resilience to
future attacks by 30%.
 Conducted comprehensive manual penetration testing on web and mobile applications, leveraging tools
such as Burp Suite, ZAP, Metasploit, Checkmarx, and AppScan to identify critical vulnerabilities like XSS,
SQLi, and CSRF, collaborating with development teams to implement effective remediation strategies and
improve overall application security posture.
 Performed dynamic and static application security testing (DAST/SAST) using IBM AppScan, HP
WebInspect, and Acunetix to uncover security flaws, providing actionable insights to development teams
while integrating security controls into CI/CD pipelines to proactively address vulnerabilities following
DevSecOps principles.
 Implemented and enforced cloud security controls across AWS and Azure environments by configuring
services such as EC2, S3, KMS, RDS, and Azure VNets, enhancing Azure DevOps pipeline security, and
integrating security measures to ensure data protection and mitigate cloud-based threats.
 Established and tracked SOC performance metrics and reporting mechanisms, ensuring continuous
assessment of team effectiveness, operational improvements, and alignment with organizational security
goals.
 Collaborated with internal cybersecurity teams (CSIRT, Threat Hunt, Threat Intelligence, Vulnerability
Management) and external stakeholders, ensuring comprehensive security incident handling and
strengthening the organization's overall security posture.
 Penetration Testing and API Security: Performed penetration tests on RESTful and SOAP APIs, uncovering
critical vulnerabilities such as broken authentication and excessive data exposure, enabling developers to
patch security flaws, reducing security risks by 30%.
  Encryption Audits and Data Protection: Conducted encryption vulnerability assessments, ensuring regular
key rotation and secure encryption practices for data in transit and at rest, safeguarding sensitive
information and enhancing overall encryption security during migration processes.

Humana Inc, Louisville, KY Mar 2021 – Dec 2023

Application Cyber Security Architect

Responsibilities:

 Application and API Risk Assessments: Conducted comprehensive security risk assessments of
applications and APIs based on architecture, design, and data flow, identifying security gaps and providing
mitigation strategies across 7 NIST-mandated security domains, improving overall security posture.
 Static and Dynamic Analysis for Vulnerability Identification: Performed static (SAST) and dynamic (DAST)
analysis, leveraging tools like Veracode and WebInspect to detect vulnerabilities in application source
code, collaborating with development teams to implement secure coding best practices, resulting in a
30% reduction in critical vulnerabilities.
 Cloud and Endpoint Security: Deployed cloud agents across Windows and Linux environments to identify
vulnerabilities, implemented Qualys FIM for PCI-critical systems, and enhanced endpoint security with
CrowdStrike, automating vulnerability management and ensuring compliance with PCI, GDPR, and HIPAA
regulations.
 Automated Security Integration in CI/CD Pipelines: Integrated Veracode SAST and Burp Suite into CI/CD
pipelines, automating security scanning and vulnerability detection, reducing manual security
assessments by 50%, and improving development efficiency by streamlining the feedback loop.
 Penetration Testing and Threat Mitigation: Conducted internal and external penetration tests on web,
mobile applications, and networks, uncovering critical vulnerabilities like SQL injection and XSS, and
executed tailored remediation plans that reduced high-risk vulnerabilities by 25% and improved network
resilience by 40%.
 Conducted secure code reviews for applications written in Java, and Python to identify security flaws,
enforce secure coding standards, and reduce the risk of code-level exploits, ensuring adherence to secure
development best practices.
 Developed and maintained API security frameworks by implementing secure authentication and
authorization mechanisms, ensuring data integrity, and mitigating API-related risks, while also providing
architectural guidance on network security design, SSL/TLS configurations, and cloud security best
practices.
 Led security scoping discussions with key stakeholders to evaluate security risks, define mitigation
strategies, and align security practices with organizational policies, while actively participating in
platforms like Hack the Box CTF challenges to sharpen penetration testing skills and stay updated on
emerging threats.
 Security Incident Detection and Response: Utilized SIEM systems to analyze and correlate security event
data, monitoring network traffic and system logs for threats, and implemented custom security plug-ins
for CI/CD tools, enhancing threat detection and reducing response times.
 Vulnerability Management and Automation: Automated vulnerability discovery and remediation using
Python scripts with tools like Nessus and Qualys, increasing patching efficiency and reducing manual
effort, while integrating Axonius to streamline the management of devices, users, and cloud assets.
 Network Security and Compliance Audits: Managed secure network protocols, configured firewalls and
VPNs, and executed network penetration tests, identifying misconfigurations and ensuring regulatory
compliance, resulting in successful quarterly audits with financial institutions.
DuPont, Wilmington, DE July 2017- Feb 2021
Application Security Specialist

Responsibilities:

 Web Application and API Security: Performed dynamic and manual security scans for web applications
(Azure & On-Premises) and APIs using tools like Burp Suite, Imperva WAF, and automated testing tools,
identifying and remediating vulnerabilities like SQL Injection and Cross-Site Scripting (XSS), resulting in a
40% reduction in successful attack attempts.
 Cloud Security and Compliance: Developed secure onboarding processes for cloud accounts across AWS
and Azure, provisioning and configuring cloud security services such as IAM, logging, and threat detection.
Ensured compliance with federal regulations and security standards, enhancing the overall cloud security
posture.
 Secure Code Reviews and Development: Conducted in-depth code reviews in Java, Python, JavaScript,
and PL/SQL to identify vulnerabilities and enforce secure coding practices, reducing reported bugs and
security incidents by 20%. Implemented secure coding standards and input validation to mitigate injection
attacks and buffer overflows.
 Incident Response and SIEM Management: Managed security operations, overseeing incident response
and monitoring in a 24/7 SOC environment. Optimized SIEM tools and integrated them with IDS and
firewalls, improving real-time detection and reducing incident response times by 25%.
 Penetration Testing and Vulnerability Management: Conducted regular penetration testing using Burp
Suite and Zap proxy tools, uncovering and remediating vulnerabilities. Applied CVSS scoring to prioritize
remediation efforts, ensuring compliance and enhancing the security posture of web applications.
 Active Directory and Asset Management: Executed Active Directory infrastructure backup and restore,
performed asset onboarding and migration using SailPoint IIQ, and ensured secure management of MA2
assets in the DuPont IAM application, enhancing identity and access management processes.

Cox Enterprises, Omaha, NE Jan 2016- June 2017

Cyber Security Engineer

Responsibilities:

 Performed DAST and SAST scans using automated testing tools, conducted false positive analysis, and
provided reports with remediation to customers, ensuring accurate vulnerability identification and
facilitating timely security improvements.
 Prepared proof of concepts (POCs) for regularly generated vulnerabilities to remediate them faster,
accelerating the vulnerability management process and enhancing overall security.
 Improved security and reduced vulnerabilities by identifying and mitigating potential risks associated
with systems and applications, enhancing the organization’s security posture.
 Minimized gaps in the vulnerability management process and recommended areas for improvement,
optimizing security operations and strengthening defenses against potential threats.
 Performed network and server scans using Qualys WAS, identifying vulnerabilities and helping to
maintain a secure and compliant IT environment.

Vertiyon Solution Pvt Ltd, Hyderabad, India Feb 2011 - June 2015
Application Security Analyst

Responsibilities:

 Installed and configured Active Directory and Windows Servers for multiple clients, ensuring seamless
integration, optimal performance, and operational efficiency.
  Identified and remediated security vulnerabilities (XSS, SQL Injection, CSRF) through gray box testing,
improving application security and reducing risks in alignment with OWASP and SANS standards.
 Collaborated with design teams during the SDLC to address security requirements early, minimizing
rework and reducing development costs.
 Developed POCs and conducted secure coding sessions for critical vulnerabilities, enhancing security
awareness and reducing high-severity issues.
 Centralized disaster recovery (DR) and BCP efforts for critical servers, ensuring resilience and minimizing
downtime during incidents.
 Conducted risk assessments and applied CIS Benchmarks and CVSS scoring to provide remediation
guidance, ensuring compliance and mitigating risks.
 Applied secure SDLC practices and performed source code analysis to identify and fix vulnerabilities,
enhancing overall application security.
 Conducted security assessments, including scoping questionnaires, DAST, and secure code reviews,
identifying vulnerabilities and improving security posture across applications and systems.
 Performed penetration testing (black box, gray box) and generated custom scripts and test documents to
validate vulnerabilities, improving security measures and protecting against attacks.
 Provided OWASP Top Ten training to QA Engineers and developers, increasing awareness of common
vulnerabilities and ensuring secure development processes.
 Installed, configured, and hardened systems, laptops, and encryption tools, enhancing data security,
reducing vulnerabilities, and improving system integrity.

JDA Software, Hyderabad, India June 2010 – Jan2011

Application Security Engineer

Responsibilities:

 Created security risk assessment reports with remediation strategies for identified vulnerabilities in
applications, enabling effective risk management and improving overall security posture.
 Performed penetration testing for applications using organizationally provided payloads to identify
vulnerabilities, enhancing application security by exposing potential weaknesses.
 Collaborated with the development team to remediate vulnerabilities in applications, ensuring timely
resolution of security issues and minimizing potential attack vectors.
 Conducted security scans based on OWASP Top 10 standards to identify and address common
vulnerabilities, strengthening application defenses and reducing the risk of exploitation.