profile-pic

ANANYA TEWARI

Application Security Engineer @ Teradata with 5+ years of experience securing cloud, web, mobile, and API driven platforms at enterprise scale.

🚀 I focus on building security into products and platforms, not just finding bugs. I embed security into SDLC, CI/CD pipelines, and engineering workflows so teams can ship faster without compromising security.

🔐 At Teradata, I work on:

• Securing 200+ business critical services and applications

• Performing deep manual secure code reviews across microservices and APIs

• Driving threat modeling and secure design reviews for new features and platforms

• Scaling DevSecOps by integrating SAST, DAST, SCA, secrets scanning, and container security into CI/CD pipelines

• Building security automation to improve detection, triage, and remediation workflows

• Running penetration tests and attack simulations on high risk systems

🧪 Previously at Cognizant, I worked on:

• Security testing and reverse engineering on 1000+ applications

• Mobile, API, and backend penetration testing for enterprise platforms

• Static and dynamic malware analysis and large scale threat investigations

• Building detection workflows that reduced investigation time and false positives

🧠 I enjoy working at the intersection of:

Product Security • Cloud & DevSecOps • Threat Modeling • Secure Architecture • Offensive Security

📜 Certifications:

• INE Junior Penetration Tester (eJPT)

• INE Certified Cloud Associate (ICCA)

🤝 I’m always interested in:

• Product and platform security challenges

• Cloud native security architectures

• Scaling security programs in engineering driven organizations

  • Role

    Application Security Engineer

  • Years of Experience

    4.9 years

Skillsets

  • Reverse Engineering
  • MITRE ATT&CK
  • Mobile Security
  • Mobsf
  • Monitoring
  • Nessus
  • NIST
  • OWASP
  • OWASP ZAP
  • Penetration Testing
  • Python
  • Qualys
  • red teaming
  • Malware Analysis
  • Risk Assessment
  • Secrets Management
  • secure code review
  • secure design
  • Secure SDLC
  • Semgrep
  • Snyk
  • static analysis
  • threat modeling
  • Vulnerability management
  • Web security
  • Frida
  • Armorcode
  • Attack Surface Management
  • AWS
  • Bash
  • Burp Suite
  • CI/CD
  • Cloud IAM
  • container security
  • CVSS
  • CWE
  • DevSecOps
  • dynamic analysis
  • Api Security
  • GCP
  • Gitguardian
  • Github
  • GitLab
  • Go
  • Infrastructure security
  • Invicti
  • Jadx
  • Java
  • Jira
  • Logging

Professional Summary

4.9Years

  • Member

    Women in CyberSecurity (WiCyS) India

  • Core Team Member

    She Builds Tech

  • Application Security Engineer II

    Teradata
  • Aug, 2021 - Jul, 2022 11 months

    Programmer Analyst

    Cognizant
  • Aug, 2022 - Jul, 2023 11 months

    Cyber Security Analyst

    Cognizant
  • Aug, 2023 - Feb, 2024 6 months

    Associate

    Cognizant
  • Jun, 2019 - Jul, 2019 1 month

    Trainee

    NTPC Limited

Work History

4.9Years

Member

Women in CyberSecurity (WiCyS) India

Core Team Member

She Builds Tech

Application Security Engineer II

Teradata
    Own application and product security for 200+ business-critical services across cloud and enterprise environments. Perform deep manual secure code reviews across microservices and APIs, identifying RCE, IDOR, auth bypass, business logic flaws, SQLi, XSS and supply-chain risks. Built and scaled DevSecOps pipelines integrating SAST, DAST, SCA, secrets scanning, container scanning across 30+ CI/CD pipelines, reducing security defects reaching production by 40%+. Designed and deployed automated secrets detection and response workflows, remediating 100+ credential exposure incidents using GitGuardian. Led ArmorCode platform rollout, centralizing vulnerability management and security posture across multiple engineering orgs. Drive threat modeling and secure design reviews for new platform features and services. Conduct red team exercises, attack simulations, and penetration tests on high-risk applications. Built 100+ Python and Go automation scripts for security triage, correlation, and reporting. Partner closely with engineering, SRE, and platform teams to shift security left and scale product security.

Associate

Cognizant
Aug, 2023 - Feb, 2024 6 months

Cyber Security Analyst

Cognizant
Aug, 2022 - Jul, 2023 11 months

Programmer Analyst

Cognizant
Aug, 2021 - Jul, 2022 11 months
    Performed security analysis, reverse engineering, and penetration testing across 1000+ Android, API, and backend systems. Led mobile, API, and web penetration tests for enterprise applications, uncovering auth flaws, token abuse, business logic issues, insecure data storage, hidden APIs, and backend access control gaps. Conducted static & dynamic malware analysis on 1000+ applications, detecting spyware, trojans, ad fraud, and phishing campaigns. Reverse engineered 500+ applications using JADX, Frida, custom tooling to uncover obfuscation bypasses and hidden functionality. Built automated analysis workflows and detection heuristics, reducing investigation time by 25%. Partnered with product and engineering teams to secure mobile-to-API communication and backend authorization models. Authored security playbooks, detection guides, and engineering documentation. Delivered 50+ security training sessions, driving 90%+ adoption of secure development practices. Reduced false positives by 30% by improving detection pipelines and workflows.

Trainee

NTPC Limited
Jun, 2019 - Jul, 2019 1 month

Education

  • Bachelor of Technology (B.Tech) in Electrical & Electronics Engineering

    Shri Ramswaroop Memorial College of Engineering and Management (2020)