Kasinathan Subramani
Principal Specialist Security – Cloud security, CSPM, ASPM, DevSecOps and Technology solution)
MOBILE: +91 9543958596
KASINATHANQTP@GMAIL.COM , INDIA
TOP SKILLS
 DevSecOps
 CNAPP
 CSPM-Cloud Security
 ASPM, Network,
DSPM
 AWS Security,
Infrastructure
 Kubernetes, Container
 SOC, EDR, Mail,
Monitoring
 Java-Microservices,
 API Performance,
monitoring
TOOLS
 WIZ- CNAPP-Cloud
security
 SAST-SonarQube,
Checkmarx,WIZ,
CodeQl, Fortify
 SCA-Dependabot,
Snyk
 DAST-Burp suite,
OWASP-ZAP
 WIZ- Container
security,
infrastructure
 Kubernetes- Aquasec
 Jenkins, Docker
 GitHub
 AWS security
 JMeter, Dynatrace,
Kibanna, Postman
CERTIFICATIONS
 AWS Certified
Security - Specialty
(SCS-C02)
 CEH(Certified
Ethical Hacking)
 CSM(Agile Certified
Scrum Master)
SUBJECT:
Accomplished Security Professional with 13+ Years of Expertise in AWS Security,
Cloud Security, CNAPP-CSPM, CWPP, Data Security, Network Security, IoC,
Infrastructure, Product Security (Web & Mobile), DevSecOps, Penetration Testing,
Container Security, Kubernetes Security, ASPM and SOC Operations.
Experience Summary (Overall Experience – 13+ years)
Principal Specialist Security – Manager | Solenis.com, Hyderabad, India (Feb
2024 - Present) -Hybrid
Role & Responsibility: Product(Pharma)
Security Champion Cloud security & DevSecOps:

Reporting directly to the CISO, overseeing activities related to CNAPP,
CSPM, ASPM, DevSecOps, and team responsibilities.
 Implemented and maintain Wiz.io for comprehensive Cloud security (AWS,
Azure, GCP security, CNAPP, CSPM, CWPP, Network, Data, IoC,
Infrastructure security etc.).
 Built and implemented a robust DevSecOps pipeline integrating SAST, SCA,
SBOM, IAST, and DAST, leading to a 50% reduction in initial code review
security flaws.
 Collaborate with developers and architects to ensure secure coding practices,
code reviews, and unit testing.
Security Operations:

Coordinate with the SOC for security incident detection and response, EDR,
e-Mail, and Monitoring.
Security Monitoring & Improvement:




Monitor logs and servers to identify and address security issues.
Conduct Proof-of-Concepts (POCs) for new security tools related to ASPM.
Review Java microservice architecture documents and suggest
improvements for security and maintainability.
Expertise solutioning on Java Microservice, API performance, and monitoring
delve deeper.
Associate Architect | Mindsprint.org (Olam Group), Chennai, India (Sep 2018 Jan 2024)- Hybrid
Role: Architect: Product(Agriculture)


Led a six-member Agile team, delivering for entire Olam products,
collaborating effectively with 9 project managers. on time with zero
escalations.
Designed and implemented a comprehensive DevSecOps pipeline
incorporating NIST CSF, MITRE ATT&CK, threat modeling, SAST, and
DAST tools, securing the entire Olam product portfolio.

CSA(Certified
Splunk ES Analyst)
EDUCATION
M.Sc Computer
Science

Lead Consultant | Virtusa, Chennai, India (2015 - Sep 2018)
Responsibilities: Product( Banking and Subsidiary)

LANGUAGES KNOWN

English
Enhanced container and Kubernetes security for Olam products,
implementing security principles and WAF (Imperva) to mitigate web
application vulnerabilities.


Performed security assessments using SAST/DAST tools (Sonar, Checkmarx,
SCA, Trivy, Prisma, Snyk, Aqua) for both mobile and web applications,
integrating results into the DevSecOps pipeline.
Leveraged expertise in containers (K8s), CI/CD, IAM, and secrets
management to ensure security within the microservices architecture.
Collaborated with development and infrastructure teams to remediate
vulnerabilities identified during code reviews (manual and automated
SAST/DAST) and OWASP TOP 10 assessments.
Analyst | Netwin InfoSolutions Pvt Ltd, Nashik, India (Jun 2014 - Feb 2015)



CI/CD Pipeline Automation: Designed and implemented CI/CD pipelines using
Jenkins, Git, Docker, and Kubernetes for efficient software delivery.
Microservices & API Security: Built the TAP project using secure practices .Net web services and Java microservices with SOAP calls.
Deployment Management: Managed deployments across DEV, SIT, UAT,
Pre-prod, and production environments for web services, microservices,
virtual services, ESB, BizTalk, and scripts.
Technical Consultant | Innovative Technology Solutions, Gurgaon, India(May 2012 Jun 2014)




SDLC Integration: Worked within Agile environments, integrating penetration
testing throughout the Software Development Lifecycle (SDLC).
Vulnerability Management: Identified and addressed vulnerabilities through
web application security testing, code reviews, and vulnerability assessments.
OWASP TOP 10: Collaborated with development teams to remediate
vulnerabilities based on the OWASP TOP 10.
Reporting & Tracking: Documented and tracked defects in the log system
(TFS2015) for closure and reported findings on the MTM dashboard.