Abisheik Magesh

Conducted SAST and secure code reviews across GitLab and open-source libraries, uncovering logic flaws, injection, and access control issues. Expanded GitLabs SAST engine by adding custom detection patterns for modern frameworks (JavaScript, TypeScript, Python). Researched supply chain risks including dependency confusion, malicious NPM packages, and open source exposures. Partnered with development teams to provide remediation guidance and training for security champions. Worked on an AI-driven research Initiative Focused on Secure code. Engineered AI agents to automate workflows in the team.

Managed Bug Bounty Program (Bugcrowd), validating 150+ reports and reducing SLA by 25%. Deployed SAST (Semgrep) and SCA (Nexus IQ) across SDLC pipelines, increasing adoption by 40%. Conducted attack modeling and API penetration tests, preventing authentication bypass and IDOR vulnerabilities. Automated security regression testing for critical APIs using CI/CD integration.

Promoted to Senior Engineer for leadership in secure SDLC, threat modeling, and API security. Lead Dynamic Application Security Testing (DAST) scans and comprehensive web application security assessments for a variety of applications, encompassing customer-coded, internal, and external-facing systems. The DAST tools used by the enterprise to perform thorough evaluations and identify vulnerabilities significantly improved the overall security posture of the application. Automated vulnerability triage and exploit validation (Python/Bash), cutting false positives by 30%. Conducted SAST and SCA, ensuring secure usage of third-party components. Delivered developer security training for 500+ engineers, reducing recurring flaws by 35%. Performed threat modeling workshops with architects to identify high-risk attack surfaces early. Drove AppSec metrics and reporting for executive leadership using dashboards and KPIs.

Assisted in SAST/DAST scanning and triaging results, providing remediation support to developers. Performed secure code reviews on Java and JavaScript microservices. Conducted OWASP Top 10 testing for internal APIs and web applications. Created security playbooks and documentation for repeatable vulnerability assessments.