Product Security Engineer

• Performed application security assessments for web applications, APIs, and distributed systems aligned with OWASP Top 10. • Built Python-based security automation scripts. • Developed internal automation utilities to support SAST, DAST, and SCA workflows and improve vulnerability detection coverage. • Integrated automated security checks into CI/CD pipelines using GitHub Actions and GitLab CI. • Worked with REST APIs and security scanning tools to automate vulnerability testing and reporting pipelines. • Conducted threat modeling and security architecture reviews for authentication, authorization, and data protection mechanisms. • Performed manual penetration testing using Burp Suite, OWASP ZAP, SQLmap, and Nmap. • Developed scripts to correlate scanner findings, reduce false positives, and prioritize remediation. • Collaborated with engineering teams to embed security controls directly into the SDLC. • Contributed to developer security guidance, documentation, and remediation best practices. • Conducted API security testing including authentication, access control, and data exposure risk analysis. • Supported secure design discussions and provided engineering-focused remediation recommendations.