profile-pic

Pravallika tanneru

As a security delivery analyst at Accenture, I ensure robust application security for various clients across different industries. I navigate the technical risk assessment, design, implementation, and maintenance phases of security projects, using security protocols such as SANS, DAST, OWASP Top 10, SAST, WEBPT, API PT, Risk Mitigation, Threatmodeling, and CRISP.

For example, I recently helped a leading e-commerce company to identify and resolve over 100 security vulnerabilities in their web and mobile applications, using DAST and API PT tools and techniques. I also communicate effectively with developers, testers, and stakeholders, leveraging my knowledge of HTML, React JS, Core Java, .Net, and other vital technologies, which I acquired during my Bachelor of Technology degree in Information Technology from PRASAD V POTLURI SIDDHARTHA INSTITUTE OF TECHNOLOGY. My goal is to continuously enhance my skills and knowledge in the field of application security, and to contribute to the security and success of my clients and team.

  • Role

    Senior Application Security Engineer

  • Years of Experience

    4.8 years

Skillsets

  • Fortify
  • Veracode
  • Source code review
  • SAST
  • SANS
  • ReactJs
  • PostgreSQL
  • OWASP
  • NMAP
  • Nexus IQ
  • Manual code review
  • HTML
  • Penetration Testing
  • design review
  • DAST
  • Core Java
  • Checkmarx
  • Burp
  • Azure
  • API security testing
  • threat modeling
  • Vulnerability management
  • Risk Assessment
  • Application Security

Professional Summary

4.8Years
  • Oct, 2024 - Present1 yr 5 months

    Senior Application Security Engineer

    Synchrony
  • May, 2022 - Oct, 20242 yr 5 months

    Security Delivery Analyst

    Accenture
  • Jun, 2021 - May, 2022 11 months

    Quality Associate

    Amazon

Applications & Tools Known

  • icon-tool

    SAST

  • icon-tool

    DAST

  • icon-tool

    OWASP

  • icon-tool

    HTML

  • icon-tool

    ReactJS

  • icon-tool

    Core Java

  • icon-tool

    PostgreSQL

Work History

4.8Years

Senior Application Security Engineer

Synchrony
Oct, 2024 - Present1 yr 5 months
    Conducting SAST, SCA, and DAST using Fortify, Checkmarx, Veracode, Burp Suite, NexusIQ. Leading security assessments for critical credit card and financial applications. Performing secure code reviews and collaborating with engineering teams for remediation. Conducted comprehensive web application penetration testing using Burp Suite and Micro Focus WebInspect, identifying critical vulnerabilities aligned with OWASP Top 10 and risk-rating findings for business impact. Integrating security processes into CI/CD pipelines for continuous security improvements. Performed secure code reviews for Azure cloud applications in alignment with Azure security best practices. Organized and led a secure code warrior competition to enhance developers secure coding skills, improving cross team security awareness and reducing common coding vulnerabilities. Conducted Security Awareness Roadshows across multiple business units, educating teams through interactive quizzes and scenario-based questions to promote strong security culture.

Security Delivery Analyst

Accenture
May, 2022 - Oct, 20242 yr 5 months
    Performed comprehensive evaluations of application source code to detect and mitigate vulnerabilities. Collaborated with development teams to ensure remediation within the defined SLA. Streamlined full code base and release scans by utilizing automated scanning tools. Conducted Application Penetration testing in accordance with OWASP Top- 10 & SANS 25 standards. Conducted Manual & Automated Code Reviews using SAST & DAST tools such as Fortify, Checkmarx and Veracode. Train and lead a team of 7 members to perform application security testing.

Quality Associate

Amazon
Jun, 2021 - May, 2022 11 months
    Collected, analyzed, and delivered intelligence to measure and manage application security risk. Tested and evaluated security products; conducted Static Application Security Testing of applications. Performed threat and attack modeling, risk analysis and management, intrusion, and compromise detection. Developed reports documenting security breaches and evaluated emerging cyber security threats. Planned for disaster recovery and created contingency plans in case of security breaches.

Achievements

  • Best Team Award
  • Awards for Excellence
  • Star Awards
  • Client Appreciation
  • Applause Award
  • Beyond Performance Award
  • Consistent Achiever Award

Major Projects

1Projects

Setup a Home Lab to learn Penetration Testing

    Deployed a vulnerable web application on a Linux server with known vulnerabilities and exploits to practice penetration testing and enhance skills in application security, focusing on a detailed, methodological approach to testing web application components. Used Nmap and Burp.

Education

  • B.Tech. (IT)

    PVP Siddhartha Engineering College (2018)