RAMI REDDY ALLAM
Security EngineerAI is analyzing your overall score…
Identifying your key strengths…
Evaluating your skill match against the job requirements…
Assessing your cultural and operational fit
AI is analyzing your overall score…
Identifying your key strengths…
Evaluating your skill match against the job requirements…
Assessing your cultural and operational fit
Security Engineer with 5+ years in Cybersecurity & DevSecOps
Cybersecurity Engineer with 5.4+ years of experience combining offensive security depth with production-grade automation engineering. As a penetration tester, has manually assessed 140+ applications and API collections across web, mobile, API, network, and thick client surfaces uncovering critical vulnerabilities in customer-facing, agent-facing, middleware, and external vendor systems for clients in telecom, defense, healthcare, banking, and e-commerce. As a security automation engineer, has architected and delivered tools running in production including compliance agents, API testing frameworks, vulnerability management platforms, and AI-driven intake pipelines - saving thousands of hours of manual effort. Brings strong DevSecOps experience integrating DAST/SAST into CI/CD pipelines, hands-on source code review capability (manual + Veracode), and the ability to communicate risk to both technical and executive audiences.
KL University (Koneru Lakshmaiah Education Foundation)
M.Tech · Computer Science & Engineering
N/A – June 30, 2021
Kalasalingam University, Srivilliputhur
B.Tech / B.E. · Computer Science & Engineering
N/A – June 30, 2019
Accenture
Senior Security Delivery Analyst
June 1, 2024 – Present
Hyderābād, Telangana, India
Andhra Pradesh Technology Services
Senior Cybersecurity Analyst
April 1, 2021 – June 1, 2024
Hyderābād, Telangana, India
Manual Penetration Testing (MPEN)
June 19, 2026 – Present
Manual VAPT across 46 applications and API collections: customer-facing portals, agent-facing tools, middleware, warehouse distribution, and external vendor APIs. Discovered critical vulnerabilities - broken access control, injection chains, business logic flaws, session hijacking, sensitive data exposure — with full OWASP-categorized reporting for dev and DevSecOps teams. End-to-end network and application penetration test; exploited weak credentials, default permissions, framework-centric CVEs; managed CERT-In disclosure and closure cycle. Result: 78% reduction in exploitable vulnerabilities. VAPT on web and mobile applications for telecom, banking, and e-commerce clients. Identified auth/authz flaws, SSL pinning bypass, account takeover risks. Result: 95% critical vulnerability closure within SLA.
AppSec Test Automation Framework
June 19, 2026 – Present
Built an automated application security testing framework executing structured test cases across application portfolios - improving coverage consistency and cutting manual testing effort significantly.
APEX API Security Testing Tool
June 19, 2026 – Present
Internal tool for structured, repeatable REST API assessment covering authentication, authorization, injection, and business logic with integrated test case management and result reporting to streamline API VAPT engagements.
CTX Compliance Agent - One-Stop Compliance Platform
June 19, 2026 – Present
Centralized compliance automation agent consolidating all compliance domains: auto-pulls control status from integrated security systems, flags gaps, and drives remediation workflows end-to-end.
CTX Compliance Agent - Getting to Green
June 19, 2026 – Present
Full vulnerability compliance management across applications, devices, databases, and cloud - automated weekly reporting, HTML dashboards, and leadership-ready email notifications.
CCDR Automation
June 19, 2026 – Present
End-to-end automation of the Compliance Control & Delivery Report process eliminating manual data collection and report preparation, significantly reducing compliance cycle time.
PI Tickets Automation iTrack Security Intake Review
June 19, 2026 – Present
Python automation that reads PI tickets from Excel, recursively pulls sub-tickets from iTrack, and uses AI to analyze descriptions, comments, forms, and attachments — auto-classifying into Ready for Testing, Needs API/Test Data, Intake Form Missing, Out of Scope, or Fetch Error. Extracts release metadata (app name, intake source, POC emails, URLs, API artifacts); generates multi-sheet Excel report and auto-drafts email notifications.
VMR - Vulnerability Management & Project Tracker
June 19, 2026 – Present
Full-stack security project management tool: log findings, track remediation lifecycle, manage POC screenshots, and auto-generate OWASP-categorized PDF reports for client delivery.
Vulnerability Reporting System Automation
June 19, 2026 – Present
End-to-end Python + Selenium pipeline: portal login ← session token extraction ← authenticated API calls ← Power BI SLA refresh → SPOC mapping → Excel report generation ← HTML email dispatch via batch scheduling.
GenAI-Powered Security Modernization
June 19, 2026 – Present
Integrated GitHub Copilot and Veracode Fix into DevSecOps pipelines, saving 3,500+ engineering hours organization-wide; led AI-TAP test modernization onboarding across multiple project teams.
CTF Challenge Platform
June 19, 2026 – Present
Designed 27 CTF challenges across web, mobile, and cryptography at varying difficulty levels using CTFd deployed for intern recruitment and technical assessment.
Certified Ethical Hacker (CEH)
Unknown
June 1, 2026 – March 1, 2027
Certified AppSec Practitioner (CAP)
Unknown
June 1, 2026 – Present
OWASP API Security Top 10 Certified
Unknown
June 1, 2026 – Present
ISO/IEC 27001 Information Security Associate
Unknown
June 1, 2026 – Present
Microsoft Certified: Azure Fundamentals (AZ-900)
Unknown
June 1, 2026 – Present
Junior Penetration Tester (eJPT)
eLearnSecurity
June 1, 2026 – Present
API Security Architect
Unknown
June 1, 2026 – Present
API Security Fundamentals
Unknown
June 1, 2026 – Present
Oracle Cloud Infrastructure 2019 Architect Professional
Unknown
June 1, 2026 – Present
AWS Knowledge: Cloud Essentials
Unknown
June 1, 2026 – Present
Cultural Fit Analysis
The candidate's project diversity, ranging from manual penetration testing to AI-powered automation and CTF platform design, indicates a broad interest and adaptability. Their experience across various client sectors (telecom, defense, healthcare, banking, e-commerce) suggests an ability to work in diverse environments. The focus on reducing manual effort and improving efficiency through automation aligns with modern agile and lean methodologies, indicating a good cultural fit for organizations valuing innovation and efficiency. The leadership awards further highlight a proactive and impactful contribution, which is desirable for senior roles.
Soft Skills & Operational Fit
The candidate demonstrates strong problem-solving skills through the development of automation tools and the identification of complex vulnerabilities. Their experience in leading Red Team operations and partnering with CISO teams indicates leadership potential and strategic thinking. The ability to communicate risk to both technical and executive audiences is a key operational fit for a senior role. The candidate's awards suggest a proactive and high-achieving work attitude.