RESUMÉ

Ramakrishna Marella +91-9963190003

Hyderabad, India ram.marella@gmail.com

Application Security architect, Security Code reviewer (Security Static Analysis)

along with extensive Java/J2EE development background.

 Technical experience
Total Experience - 18 yrs Application Security - 8 yrs Java/J2EE - 10 yrs

J2EE Application Security

Languages Java NA
Web HTML, JavaScript, XML,
NA
REST and SOAP Web services
Frameworks Saml, Oauth,
Struts, Spring, Hibernate
Spring Security, Owasp
Tools / IDE Appscan, Fortify, Contrast, Burp,
Eclipse, RAD, WSAD, Rational Rose,
SD Elements,
SQL client.
MS Threat Modeler
Servers Websphere, Weblogic, Tomcat, JBoss NA
Database Oracle, SQL Server NA

 Tasks that I can perform

Application Security
1. Do ThreatModeling and find out security issues in design phase of SDLC.
2. Perform static code review/analysis and find security issues in application
code. (OWASP Top 10)
3. Perform/suggest remediation for security issues found in
design/development phase of software development life cycle ( SDLC ).
4. Can work as security architect in providing secure SDLC.
J2EE
1. Do high/low level design, coding, unit testing in various java technologies
as per above technology list.
2. Do code review of java applications.
3. Can work as architect in java/j2ee applications.

Also, possess experience in managing teams in Secure SDLC lifecycle and

implementing J2EE development projects.

 Certifications
 Certified OCP (Oracle Certified Professional Java 7) in Jun'15
 Certified CEH 7 (Certified Ethical Hacker) in Dec'11

Page 1 of 3
  Education Background
Masters M.C.A, Master of Computer Applications from 1997-2000
University of Hyderabad, Telangana, India.

Graduation B.Sc., Bachelor’s degree in Math, Physics, 1994-1997

Chemistry from Nagarjuna University, A.P, India

 Achievements
 Got Recognition awards in IBM for 2 consecutive years during client visit.
 Got 5th rank in state level entrance exam conducted by University of
Hyderabad.
 Got 236th rank in the state level M.C.A entrance test.

Prior work experience:

IBM (May'16 to till date)

Overall Work description

 Do threat modeling based on high level design and provide vulnerability report.
 Do static code analysis (Fortify) and provide remediation support to development team.
 Provide various reports (No. of issues closed, velocity of closed vulnerabilities)
to senior management whenever required.
 Provide secure design principles, secure standards in various phases of project life cycle.

Projects worked-on
Threat Modeling, Secure Software Development Life Cycle for Switzerland client
Duration : Jul’18 – Till date (India)
Role : Application security consultant

Security remediation for a U.S insurance client

Duration : Jun’16 – May’18 (India)
Role : Application security consultant

ADP (Jun'11 to May’16)

Overall Work description

Perform static analysis of various ADP applications in security perspective by scanning code
using Appscan tool, review the findings reported by the tool and finally do manual review. Filter
all false positives and then report confirmed security vulnerabilities (SQL Injection, Cross site
scripting) to respective application team by suggesting remediation fixes. Also, taken security
awareness sessions to development teams.

Static Analysis of various ADP applications (Security code review)

Duration : Jun’11 – May’16 (India)
Role : Consultant

Page 2 of 3
Infosys (Feb'01 to May'11)

Overall Work description

Worked in various phases of SDLC in different Java/J2EE development applications (java, struts,
spring & hibernate). Worked as a developer, Team lead providing high level design, coding, unit
testing.

Few projects worked-on

Implement Collections and Payouts system for a major India based Insurance provider
Duration : Jul’09 – Apr’10 (India) Role : Technical Manager

Funds Transaction Management for a leading U.S based Health Insurance client
Duration : Dec’05 – Oct’06 (U.S) Role : Technology Analyst

Testing of legacy application for a U.S based Mortgage insurance company

Duration : Apr’05 – Nov’05 (U.S) Role : Technology Analyst

Developing Claims Management system for a U.S based Mortgage insurance company
Duration : Jul’04 – Mar’05 (India) Role : Technology Analyst

Developing online certification tracker application for a leading U.S manufacturing company
Duration : Jul’02 – Sep’02 (India) Role : Developer

Personal Details

Name : Ramakrishna Marella

Marital status : Married
Phone : +91-9963190003
Email : ram.marella@gmail.com
Passport : India
Interests : Plays Cricket, Chess and Table Tennis

Page 3 of 3