Pulkit Garg

Product Manager

Bengaluru, Karnataka, India8 yrs 3 mos experience
Most Likely To Switch

Key Highlights

  • Expert in embedding security into CI/CD pipelines.
  • Led DAST & SAST initiatives for enhanced application security.
  • Passionate about scaling security through collaboration and automation.
Stackforce AI infers this person is a SaaS security expert with a focus on application and product security.

Contact

LinkedIn

Skills

Core Skills

Product SecurityApplication Security

Other Skills

API TestingAppsec strategiesBurp SuiteCC++Cloud Configuration ReviewsCloud SecurityCommunicationComputer NetworkingCustomer ServiceCybersecurityDASTData StructuresImplementing DAST in CD pipelineInformation Security

About

With over 8 years of experience in Cybersecurity, I’ve journeyed from breaking things as a "Penetration Tester, Security consultant" to building and scaling secure-by-design systems as a "Staff Product Security Engineer". My current focus is on driving SSDLC at scale — embedding security into CI/CD pipelines, integrating threat modeling into agile workflows, and enabling engineering teams to build securely without slowing down. Key areas of expertise: ✅ Product & Application Security (Web, Mobile, APIs, Cloud-Native) 🛡️ Threat Modeling & Secure Architecture Reviews 🚀 Shift-Left Security Enablement through DevSecOps ☁️ Cloud Security (AWS, Container Security, IAM Hardening) ⚙️ Security Automation & JIRA-integrated AppSec Workflows 🧑‍🏫 Security Training & Developer Enablement - Delivering Security trainings on multiple technologies such as Docker Container & AWS Cloud Security 🧠 Former Offensive Security Consultant (VA/PT across Web, Mobile, Thick Clients and API's) I’m passionate about scaling security through collaboration, automation, and shift-left mindset — helping organisations transform security from a gatekeeper to a growth enabler. Let’s connect if you want to talk AppSec, DevSecOps, or building security into fast-moving teams.

Experience

Sentinelone

2 roles

Staff Product Security Engineer

Promoted

Apr 2025Present · 11 mos · Bengaluru, Karnataka, India · Hybrid

Threat AssessmentSecurity AutomationProduct SecurityApplication Security

Senior Product Security Engineer

May 2023Mar 2025 · 1 yr 10 mos · Bengaluru, Karnataka, India · Hybrid

Threat & Vulnerability ManagementProduct SecurityApplication Security

Atlassian

Product Security Engineer

May 2022Apr 2023 · 11 mos · Bengaluru, Karnataka, India · Hybrid

  • Led the end-to-end DAST & SAST initiative, assessing and selecting the most effective tools, resources, and workflows for optimal results
  • Defined DAST standards for API Security and successfully implemented AWS traffic mirroring at ELB level to solve the API Inventory problem
  • Managed the Atlassian's Bug Bounty program through Bugcrowd
  • Explored and improvised Atlassian tailored scan policies for Burp Enterprise, resulting in more effective and efficient scans
  • Instrumented scanning workflows as per FedRAMP compliance for all Atlassian products, ensuring compliance with government regulations
  • Triaged the vulnerability reports, filed the JIRA ticket in VULN funnel, collaborate with dev teams to remediate P0/P1 security issues
  • Established Secure Coding guidelines for developers and enforced ShiftLeft approach for SDLC, reducing the risk of security vulnerabilities
  • Integrated the Semgrep custom rules in CI/CD pipelines to avoid the systemic security issues across products
Cloud SecuritySecurity EngineeringThreat ModelingOWASPThreat & Vulnerability ManagementProduct Security+6

Hike

Senior Product Security Engineer

Apr 2022Apr 2022 · 0 mo · Delhi, India · Hybrid

  • Engaged in security tool licensing and the overall security budget estimation/cost plan
  • Collaborated with multiple external vendors to partner for control tooling and Pen test engagements
  • Conducted interviews to identify suitable candidates for the Product Security Engineer position at Hike
LeadershipSecurity Analysis (Securities)Threat & Vulnerability ManagementProduct SecurityApplication Security

Rsa security

Senior Product Security Engineer

Jun 2021Mar 2022 · 9 mos · Bengaluru, Karnataka, India · On-site

  • Implemented Checkmarx Cloud for all product repositories, scanning each project from GitLab pipeline, triage the reported
  • vulnerabilities to deliver quality SAST reports
  • Validated security issues, collaborated with development teams and suggested code-level remediation
  • Researched vulnerabilities in third-party applications, including Zoom and Slack, used by the organization
  • Led a weekly research hour to enhance team knowledge on security concepts such as JWT exploitation and Docker Container misconfigurations
  • Performed architecture reviews for products every sprint/cycle, ensuring end-to-end security, including SAST, DAST, Thick Client testing of SIEM Agent, and threat modeling
  • Assisted in building a structured process for interview drives and hiring new candidates for the product security team
  • Implemented the Secure Code Warrior Hackathon to establish security metrics and promote adherence to secure coding standards throughout the product teams
Security EngineeringOWASPProduct SecurityCommunicationApplication SecurityCloud Configuration Reviews+2

Synopsys inc

2 roles

Security Services Consultant

Promoted

Jul 2019May 2021 · 1 yr 10 mos · Bengaluru, Karnataka, India

  • Upgrading the knowledge by learning new offerings in Pen Test such as Thick Client application testing, Threat Modelling, Cloud Security etc.
Cloud SecurityOWASPCommunicationApplication SecurityVulnerability ManagementProduct Security

Associate Security Consultant II

Jul 2018Jun 2019 · 11 mos · Bengaluru, Karnataka, India

  • Enhancing career by actively being an Instructor Led Trainer (ILT) for multiple Security domains such as Docker Security as well as AWS Cloud Security.
Cloud SecurityOWASPCommunicationApplication SecurityVulnerability ManagementProduct Security

Cigital, inc (a part of synopsys)

Associate Security Consultant I

Jun 2017Jun 2018 · 1 yr · Bengaluru Area, India

  • Performed VA/PT of Web application and Mobile applications. Also done Secure Code Review for different code language such as JAVA, PHP etc.
Cloud SecurityOWASPCommunicationApplication SecurityVulnerability ManagementProduct Security

Education

Rajiv Gandhi Prodyogiki Vishwavidyalaya

Bachelor's of Engineering(BE) In Computer Science — Computer Science

Jan 2013Jan 2017

Stackforce found 100+ more professionals with Product Security & Application Security

Explore similar profiles based on matching skills and experience

Pankaj Gaikar

Pankaj Gaikar

Senior Manager Application Security

at CoinDCX

Mumbai, India8 yrs 4 mos exp
Infrastructure SecurityThreat & Vulnerability Management
Manmeet Singh

Manmeet Singh

Application Security Engineer

at Gemini

Jammu, India6 yrs 5 mos exp
Application SecurityDevSecOpsPenetration TestingRed TeamingSecurity
Apoorva Jois

Apoorva Jois

Senior Security Engineer

at Zepto

Bangalore, India5 yrs 9 mos exp
Indhiravelu Ezhumalai

Indhiravelu Ezhumalai

Senior Security Engineer

at slice

Chennai, India4 yrs 5 mos exp
Android securityCloud securityIncident responsePenetration testing
Mukesh chaudhari

Mukesh chaudhari

Application Security Manager

at Paytm

India10 yrs exp
Penetration TestingVulnerability Assessment
Neeraj Nigam

Neeraj Nigam

Security Engineer

at Amazon

Bengaluru, India8 yrs 9 mos exp
Manikanta T P

Manikanta T P

Senior Product Security Engineer - 4

at Pluralsight

Bengaluru, India8 yrs 11 mos exp
PV

Prashant V

Product Security Leader

at Confidential

San Francisco, United States21 yrs 10 mos exp
Application SecurityInformation SecurityInformation Security Management