Ritesh Kumar Malviya

Security Engineer

Bengaluru, Karnataka, India4 yrs 5 mos experience

Most Likely To SwitchAI ML Practitioner

Key Highlights

Expert in building resilient security frameworks.
Proficient in both offensive and defensive security methodologies.
Strong background in cloud security across multiple platforms.

Stackforce AI infers this person is a Cloud Security and Compliance Specialist with a focus on SaaS environments.

Contact

Skills

Core Skills

Cloud SecurityGovernance, Risk Management, And Compliance (grc)Product Security

Other Skills

ACRAI SecurityAPI PentestingAWSAnalytical SkillsApplication SecurityAuth0AzureAzure DevOpsBug Bounty ManagementBurp SuiteC (Programming Language)CloudflareCommunicationCybersecurity

About

I blend technical acumen with strategic insight to help organizations protect critical assets and build trust with their customers. Leveraging both offensive (red teaming) and defensive (blue teaming) methodologies, I architect resilient security frameworks that safeguard products and cloud-native infrastructure while supporting business objectives. My expertise spans: - Product and Application Security: Leading vulnerability assessments and penetration testing across web, mobile, and API ecosystems - Cloud Security: Implementing and validating best practices across multi-cloud environments (AWS, Azure, GCP), including Kubernetes and serverless platforms - Governance, Risk, and Compliance: Driving ISO27k, SOC1, SOC2 readiness, policy development, vendor assessments, and enterprise risk management - Security Automation: Developing scalable tooling and workflows to embed security into CI/CD pipelines and daily operations With a proactive focus on incident response, continuous monitoring, and security awareness, I strive to make security a true business enabler rather than a blocker. Let’s connect if you’d like to discuss cloud security, product security, or building resilient security programs from the ground up.

Experience

Milliman

Information Security Engineer

Apr 2023 – Present · 2 yrs 11 mos · India · Hybrid

At Milliman, I lead the security and compliance strategy for the Life and Annuity Predictive Analytics (LAPA)/ Recon practice. I develop and implement security frameworks aligned with business goals to protect critical data and cloud infrastructure.
Key responsibilities include:
Security Audits & Assessments: Conduct audits and assessments of cloud infrastructure and workloads to identify gaps and improve security posture.
Vulnerability Management: Lead vulnerability management across infrastructure, applications, AKS clusters, and ACR containers. Drive remediation in coordination with engineering teams.
Penetration Testing: Perform focused pentesting and security validation for new and existing services.
Identity & Access Management: Administer Auth0 and Okta platforms, enforcing secure access and MFA across the organization.
Data Governance: Support governance initiatives to ensure secure handling of sensitive data.
Cross-Functional Collaboration: Work with DevOps, Platform, Engineering, QA, Product, and Data teams to embed security throughout the SDLC.
SOC Compliance: Drive SOC1 and SOC2 audits including risk assessments, access reviews, logging and alerting validation, firewall reviews, BIA/BCP/DR plans, and vendor assessments.
Monitoring & Response: Improve security alerting and detection with Defender and Sentinel; coordinate incident investigations and remediation.
Executive Reporting: Build dashboards to present risk, vulnerability, and remediation status to leadership.
Third-Party & Client Security: Conduct vendor risk assessments and respond to client security questionnaires and DDQs.
Tools & Technologies:
Azure, Auth0, Okta, Azure DevOps, Kubernetes (AKS), ACR, Defender, Sentinel, Databricks, KQL, Qualys, Burp Suite, Posit Connect, Power BI, Python, Purview, R, Snowflake, SQL.

AzureAuth0OktaAzure DevOpsKubernetes (AKS)ACR+15

Koo

2 roles

Cyber Security Engineer

Oct 2021 – Apr 2023 · 1 yr 6 mos · Bengaluru, Karnataka, India

At Koo, managed all aspects of the security engineering department from top to bottom:
Setup the Information Security programme from scratch & improve it gradually
Rectify the security flaws in the architecture and strengthen it by putting the necessary security controls in place
Perform pre release and post release Vulnerability Assessment & Penetration Testing on Web, Mobile Apps (Android, iOS) and APIs
Amplify Cloud Security by detecting and remediating the misconfigurations & vulnerabilities
Manage bug-bounty program and work with external researchers/agencies to enhance security at Koo
Create well-documented bug reports from internal and external pentests; and publish executive summary to the upper management to support our Vulnerability Management program
Automate monitoring controls and basic regression
Work closely with the Legal & Policy teams to draft security related policies and ensure compliance with the government laws and regulations
Conduct employee training programs and mock drills focused around social engineering, secure coding practices, secure SDLC and send newsletters for general awareness about Cybersecurity and cyber-hygiene.
Tech and Technologies: AWS, GCP, Kubernetes (EKS), Burp Suite, Cloudflare, Frida, Google Workspace/ GSuite, MobSF, Nuclei, New Relic, OWASP ZAP, PingSafe, Postman, Insomnia, Sophos, JavaScript, Python, Java etc.