About Me

Security is a practice,
not a product.

I'm Anilkumar, a Product Security Engineer with a deep focus on Application Security. My work sits at the intersection of software engineering and security architecture — helping teams build systems that are secure by design, not just hardened after the fact.

My Security Philosophy

Security must live where the code lives — inside pull requests, architecture reviews, and deployment pipelines. My approach layers threat modeling in design, automated scanning in CI/CD, and continuous validation post-deployment, creating a feedback loop loop that makes every engineer a security stakeholder.

Security Profiles & Stats

Syncing stats...

Experience

Dec 2023 – Present

Senior Security Engineer @ Trinet Zenefits

Preforming new feature secure design review, architecture reviews, and automated source code analysis (SonarQube). Writing business security test cases and performing manual pentesting using Burp Suite and OWASP ZAP. Coordinating issue debriefing and remediation with product engineering.

Mar 2023 – Dec 2023

Member of Product Security @ Edgeverve

Handled application features security testing (Web/Mobile), DAST, and SAST. Analyzed BDH scans for Software Composition Analysis (SCA) compliance. Led regular security training sessions for junior members and eliminated Checkmarx false positives.

Mar 2021 – Feb 2023

Senior Security Consultant @ EY GDS

Engaged in US and Singapore projects including vulnerability management for a telecommunications provider via High-Risk perimeter validation and automated ad-hoc assessments using Nmap & Python. Orchestrated scheduled Qualys vulnerability scanning and continuous compliance scans for major Real Estate & Insurance clients.

Feb 2018 – 2021

Associate InfoSec Consultant @ SecurEyes

Performed 30+ manual/automated penetration tests on Web, Mobile (iOS/Android), API, and Thick Clients globally across Finance, Banking, and Health Care. Led threat modeling and code analysis for 3-member engagement teams.

Certifications

  • OSCP – Offensive Security Certified Professional (In Progress)
  • CEH v10 – Certified Ethical Hacker
  • ECSA v10 – EC-Council Certified Security Analyst
  • SC-900 & AZ-900 – Microsoft Security & Azure Fundamentals
  • Qualys Certified Specialist (VM, WAS, PC)
  • AWS Certified Cloud Practitioner
  • Certified Appsec Practioner (CAP)
  • Certified in CyberSecurity (ISC2)

© 2026 Anilkumar · Senior AppSec Engineer