Open to opportunities

S Madhu User

@smadhuuser

Senior cyber security consultant specializing in application security and DevSecOps, securing web, mobile, APIs, and cloud systems.

India

Message

What I'm looking for

I’m looking for a security-focused team where I can lead application security and DevSecOps CI/CD security—using threat modeling, SAST/DAST/IAST, and clear risk prioritization—while partnering with developers and DevOps to ship secure releases.

I’m a seasoned application security professional with 15+ years securing web, mobile, API, and cloud applications across complex enterprise environments. I focus on secure design and early risk identification through threat modeling and security architecture review, helping teams build safer products from the start.

I have hands-on experience with OWASP Top 10 and end-to-end testing, including DAST, SAST, and IAST, as well as mobile and API security. I also support secure releases by creating CI/CD pipeline capabilities for DevSecOps, using tools like HCL AppScan and Burp Suite to drive reliable, measurable improvements.

As a reliable team leader and client-facing consultant, I work closely with development and DevOps teams to meet both business and security goals. I regularly lead vulnerability assessment and penetration testing (VAPT), security remediation planning and execution, and align delivery with standards such as NIST, PCI-DSS, ISO 27001, GDPR, and HIPAA.

Experience

Work history, roles, and key accomplishments

Current

Senior Cyber Security Consultant

Current

HCL Technologies

Feb 2020 - Present (6 years 3 months)

Provided enterprise application security and DevSecOps security consulting, supporting secure design through threat modeling, secure SDLC, and vulnerability assessments. Used tools such as HCL AppScan, Burp Suite, and OWASP ZAP to strengthen web, mobile, and API security.

Threat Modeling Secure SDLC OWASP Top 10 Application Security Mobile Security API Security SAST DAST CI CD Security

Senior DevSecOps Analyst

Cognizant

Jul 2019 - Jan 2020 (6 months)

Adopted DevSecOps practices by integrating security into CI/CD pipelines and supporting secure release processes. Applied SAST/DAST/IAST tooling (including AppScan and Burp Suite) to evaluate and remediate risks across applications and APIs.

DevSecOps CI CD Security Jenkins SAST DAST Application Security API Security

Senior Security Lead

Accenture Solutions Private Limited

Jun 2018 - Jul 2019 (1 year 1 month)

Led application security delivery by performing threat modeling, security architecture reviews, and vulnerability assessments. Guided remediation planning using security standards and coordinated with development and DevOps teams to meet security objectives.

Security Architecture Review Threat Modeling Vulnerability Assessment Penetration Testing SOCDashboard Creation API Security

Senior Security Analyst

Hewlett-Packard (HP)

Feb 2012 - Jun 2018 (6 years 4 months)

Supported enterprise security assessment activities across web and API systems by applying SAST/DAST/IAST testing approaches. Contributed to secure SDLC efforts, vulnerability analysis, and risk prioritization to improve overall application resilience.

SAST (Checkmarx Fortify AppScan)API Security (SOAP REST)OWASP Testing Prioritization

Senior QA Analyst

Galaxy Intelligentia

May 2011 - Feb 2012 (9 months)

Performed QA activities with security-focused testing support, including validation of common web vulnerability patterns and test execution. Helped identify issues and supported remediation through structured testing and reporting.

Security Testing Vulnerability Testing Path Traversal Testing Cookie Manipulation Testing