Open to opportunities

Madhu Nandyala

@madhunandyala

Message

Results-driven Application Security Consultant with 13+ years of experience.

India

Message

What I'm looking for

I am looking for a role that fosters innovation and collaboration, where I can leverage my expertise in security to drive impactful changes and mentor teams in best practices.

I am an experienced Application Security Consultant with over 13 years of expertise in DevSecOps, Secure Code Review, and Application Security Tooling. My career has been dedicated to mitigating security risks through the seamless integration of security practices within the development cycle. I have a proven track record of leading Application Security initiatives and integrating security into CI/CD pipelines, ensuring that security is not an afterthought but a fundamental aspect of the development process.

Throughout my career, I have successfully collaborated with numerous teams across various organizations, onboarding applications into security tools such as Sonarqube and Blackduck. My efforts have led to the identification and remediation of vulnerabilities, significantly enhancing the security posture of the applications I have worked on. I am passionate about mentoring and training others in secure coding practices and have received multiple awards for my contributions to security automation and team development.

Experience

Work history, roles, and key accomplishments

Current

Staff Application Security Engineer

Current

Alteryx

Oct 2023 - Present (1 year 7 months)

Responsible for performing Static Application Security Testing (SAST) and Software Composition Analysis (SCA) by onboarding applications into security tools like Sonarqube and Blackduck. Integrated security tools with CI/CD pipelines and collaborated with multiple teams to identify and remediate vulnerabilities.

SAST SCA SonarQube Black Duck CI CD Pipelines Vulnerability Management Python AWS DevSecOps

Staff Information Security Analyst

Cadence Design Systems

Mar 2022 - Oct 2023 (1 year 7 months)

Built and managed the Fortify tool for Static Application Security Testing (SAST) and Software Composition Analysis (SCA). Collaborated with over 80 teams to onboard applications and remediate vulnerabilities, ensuring tool availability and scan efficiency.

SAST SCA Fortify Vulnerability Management GitHub Security Tools Team Collaboration

Senior Advisory Consultant

IBM

Feb 2021 - Apr 2022 (1 year 2 months)

Led cloud migration and modernization for 35 applications, ensuring security compliance and performing SAST scans. Integrated security tools into CI/CD pipelines and guided development teams on security mandates.

Cloud Security SAST DevSecOps AWS Jenkins Security Compliance Team Leadership Application Security Vulnerability Management

Consultant Specialist

HSBC

Oct 2019 - Mar 2021 (1 year 5 months)

Focused on Secure Development Lifecycle by implementing secure coding practices and providing training on security tools. Developed an API for automating user onboarding to security tools and supported development teams in utilizing these tools effectively.

SAST DAST Training API Development

Application Security Consultant

IBM

Oct 2014 - Oct 2014 (0 months)

Managed SAST and DAST remediation efforts, achieving significant reductions in vulnerability mitigation time. Integrated security tools with DevOps pipelines and led a team to ensure effective offshore delivery.

SAST DAST Vulnerability Management DevSecOps Team Leadership Application Security Offshore Delivery

Process Specialist

Infosys

Nov 2012 - Oct 2014 (1 year 11 months)

Involved in the complete project execution cycle, including design, build, test, and production support. Acted as the primary contact for offshore testing phases and documented changes and issues.

Project Management Documentation Communication Team Collaboration