Leela kishore Pinniboyana

Senior Product security engineer at Scaler
  • Claim this Profile
Contact Information
us****@****om
(386) 825-5501
Location
Bengaluru, Karnataka, India, IN
Languages
  • English Full professional proficiency
  • Telugu Professional working proficiency
  • Hindi Elementary proficiency

Topline Score

Topline score feature will be out soon.

Bio

Generated by
Topline AI

5.0

/5.0
/ Based on 2 ratings
  • (2)
  • (0)
  • (0)
  • (0)
  • (0)

Filter reviews by:

JP G.

I highly recommend Leela for his exceptional work in app and cloud security engineering. During our time working together @Scaler, I had the pleasure of seeing firsthand the level of expertise he possess in this field. Leela has an impressive ability to navigate complex security challenges and come up with creative and effective solutions. He is extremely knowledgeable about the latest security threats and trends, and is always up-to-date with the latest industry standards and best practices. In addition to their technical skills, Leela is a great team player and collaborator. He is always willing to lend a helping hand to their colleagues, and he has a positive attitude that makes him a pleasure to work with. Overall, I would highly recommend Leela for any role related to app and cloud security engineering. His skills, experience, and work ethic make him an invaluable asset to any team.

Himadhar Harinarayanan

I had the wonderful opportunity to work with Leela on two projects in Aurigo. One was for internal documentation tool and the other was for a enterprise suite. His attention to detail and keen acumen in being to identify threats is highly commendable. He shared daily and weekly reports on the analyses he made on the projects and was ensured that those vulnerabilities were handled at the earliest, through clear and regular communication with our peers. I hope to work with him again, soon.

You need to have a working account to view this content.
Join now
You need to have a working account to view this content.
Join now

Credentials

  • API Security Architect
    API Academy
    Oct, 2020
    - Oct, 2024
  • Security awareness
    Udemy
    Jul, 2018
    - Oct, 2024
  • WEB APP SECURITY FUNDAMENTALS
    Cybrary
    Mar, 2018
    - Oct, 2024
  • The competete Namp Ethical Hacking Course
    StationX
    Jan, 2018
    - Oct, 2024
  • Learn burp suite thenr .1web hacking tool
    Udemy
    Dec, 2017
    - Oct, 2024
  • Linux hacking lab for beginners
    Udemy
    Dec, 2017
    - Oct, 2024
  • Web hacking and security
    Udemy
    Dec, 2017
    - Oct, 2024
  • Certified Information Security Manager (CISM)
    ISACA
    Mar, 2022
    - Oct, 2024
  • AWS certified security specialist
    Amazon Web Services (AWS)
    Dec, 2019
    - Oct, 2024
  • AWS cloud practitioner
    Amazon Web Services (AWS)
    Oct, 2019
    - Oct, 2024
  • EC-Council Certified Security Analyst: Penetration Testing (ECSA)
    EC-Council
    Apr, 2019
    - Oct, 2024
  • EC-CEH
    EC-Council
    Nov, 2017
    - Oct, 2024
  • AWS Essentilas
    Linux Academy
  • AWS-Concepts
    Udemy
  • Introduction to Cloud Computing
    Udemy
  • Qualys-guard certification
    Qualys

Experience

  • Scaler
    • India
    • E-Learning Providers
    • 700 & Above Employee
    • Senior Product security engineer
      • Dec 2021 - Present

      Working in the Internal Security Team of Scaler Academy and interview Bit,taking care of all security related requirements and heading the security posture Includes below traits •Vulnerability Assessment and Penetration Testing (Internal and External) of servers, network devices, and endpoints. Prioritization of reports and sharing it across the management and tech teams •Application Security - Carrying out Application Security of Internal and Public Facing Applications which includes Web Application, Android Application, IS Application, and API. •Dark Web and Deep Web Monitoring Setup for Store. •Bug bounty - Reports validation, response, and closure of bug bounty security issues raised from external security researchers •WAF - Managing the WAF solution for Scaler Academy and interview-bit. Implementation of custom rules on WAF to block malicious payloads and requests. Onboarding and whitelisting of domains on WAF. •Security Training - Conducting security training across different teams. Training includes: Secure Coding Practice, Security in Cloud, Infrastructure Security, and DevSecOps •Source Code Review - Conducting Source Code Review of Applications using Open Source Tools such as Sonarqube and other tools such as HP Fortify •Wireless Security Assessment - Conducting Wireless Penetration Testing of Wireless Network •Infusing security in SDLC and ensuring security sign-off to releases •Conducting and driving POC of various security tools such as HP Fortify, Checkmarx, Nessus, Qualys, etc. • Cloud Security-Security review of AWS infra •IT security- Taking care of Google workspace, Deploying Trendmicro for Endpoint and Malware protection. .Setting Up& Review of user access profile for Mac and Windows Machines. •SOC -Deployed Sentry for monitoring Production Servers and created a Slack channel for monitoring the anomalous and Malware. Show less

  • Cashfree Payments
    • India
    • Financial Services
    • 700 & Above Employee
    • Security Engineer-2
      • Apr 2021 - Oct 2021

      Responsible for building overall strategy around security tech for Cashfree payment Gateway. Face of security for Cashfree Products country launches across SEA region. Used to take care of Platform Security, Infrastructure, Cloud, IT, PCI-DSS, ISO Audits. Responsible for building overall strategy around security tech for Cashfree payment Gateway. Face of security for Cashfree Products country launches across SEA region. Used to take care of Platform Security, Infrastructure, Cloud, IT, PCI-DSS, ISO Audits.

  • MatchMove
    • Singapore
    • Financial Services
    • 100 - 200 Employee
    • Senior Security Engineer
      • Jun 2020 - Feb 2021

      Acted as a SME for Web application penetration testing, API penetration testing, Mobile Penetration testing and Vulnerability Management, Security operation controls and AWS cloud related Activities Actively Participated in PCI-DSS Audits to Submit the artefact for the Auditor. Modulating the AWS WAF rules like rate-limiting and regular rules and Geo-location based on the requirements of the products. Actively Engagged in the ASV scans for PCI-DSS Audits. Hand on Experiences in End-point Antivirus tools like Trend Micro, Worry free etc. Used to Monitor TrendMicro DLP Data Loss Prevention for Emails bouncing out the company. Implementation of the Stride and Dread models of Security Threat modelling for Products like Remittance, BRI mobile E-wallet. Analysed incidents happened on Assets and provided the Security controls to protect the Assets. Provided Training on Developing Secure code For Developers Team and Prepared a checklist to each Dev-team to minimise the Vulnerabilities and to write the best code. Actively engaging in Validating the tools which will Meet the requirements of the company and products. Engaged in Implementing the Dev-SecOps in the company Show less

  • Aurigo Software Technologies
    • United States
    • Software Development
    • 300 - 400 Employee
    • Senior Security Analyst
      • Dec 2019 - Apr 2020

      --- Acted as SME subject matter of Expert for different Teams like Web-team, Mobile-team, Cloud and IT teamsProvided the security assessments for identity-providers like AIS (Aurigo identity service) where Aurigo has developed one such kind which can be used to provide authentication for multiple products. Responsible to work under SCRUM (Agile Development Methodologies) for different teams in the agility module. i have working Knowledge for different software life cycles like SDLC (Software development life cycle) and STLC (Software testing life cycle) techniques. Responsible for protecting the application from DOS and DDOS attacks by configuring AWS shield and i have experience in working on AWS firewall AWS WAF.Being the AWS-security Specialist i'm Responsible for Doing Security Audits on the cloud.i have experience in working on endpoint protection with endpoint tools like Carbon Black, Red cloak. Played a crucial role in getting the Aurigo NIST and Redvamp Compliant.Responsible for Analyzing and mitigated security vulnerabilities, hacking attempts, and other possible attack vectors. Stopped leakage of sensitive information and prevented damage to the company's reputation on numerous occasions Show less

    • Security Analyst
      • May 2017 - Dec 2019

      BUILD, MANAGE AND TRAIN ALL THE BELOW TEAMS AND THEIR RESPECTIVE RESPONSIBILITIES BELOW:===============================COMPONENTS OF SECURITY===============================Infrastructure SecurityApplication SecurityData Leak PreventionSecurity AutomationSecurity Awareness Campaigns===============================Red Team - Offensive Security (Pen Testers)Found vulnerabilities in all the above components of securityReview all the business functionalities with respect to security in critical componentsDevelop a Developer Best practices guide and ensure that the code review is done on the same standardsValidate the integrations done with merchants for any security issuesOwn the Responsible Disclosure program (Validate, Fix and Follow up with external/internal researchers)Automation of test cycles (By Tooling)Proposed a solution for every vulnerability/ security issue reportedOFFENSIVE SECURITY:Conducted Dynamic application security assessments against our core-product Masterworks.Triaged, validated, prioritized and reported web application vulnerabilities and exploits i have Worked directly with product management and engineering teams to prioritize and resolve vulnerabilities i have implemented the Dynamic analysis for web applications and Apps (Android and iOS) to address zero-day and known vulnerabilities with the help of the team built.i have tested and Delivered almost 13 secure applications that are integrated based on the different business requirements from the customers.Helped in clearing all third party Compliance certificates for clients who are using our products. Show less

  • AmpersandSquare
    • India
    • IT Services and IT Consulting
    • 1 - 100 Employee
    • Information Security Analyst
      • May 2015 - May 2017

      Formerly called Altranics IT solutions and it was acquired by Ampersandsquare. OFFENSIVE SECURITY Team: Conducted Dynamic application security assessments against a variety of web applications. Triages, validated, prioritized and reported web application vulnerabilities and exploits Worked directly with many customers where I got a chance to deal with many world-class Softwares i have helped them in doing the Security assessments and prioritizing the security issues according to their Business functionality and helped Dev team in closing vulnerabilities with the best possible security Mitigations Show less

Education

  • SRI VASAVI ENGINEERING COLLEGE
    Bachelor's degree, Civil Engineering
    2011 - 2015

Community

You need to have a working account to view this content. Click here to join now