Sep 2018 – Oct 2023 · 5 yrs 1 mo · Bengaluru, Karnataka, India

• FireCompass is a SaaS platform for Continuous Automated Red Teaming (CART) & Attack Surface Management (ASM). It continuously indexes and monitors the deep, dark & surface web to map out an organization's digital attack surface including Shadow IT blind spots. The platform then automatically launches safe multi-stage attacks, mimicking a real attacker, to help identify attack paths before hackers do. The platform eliminates the need for multiple tools and significant manual effort while providing continuous and proactive security.
• My role is to build End to End Platform with Polyglot Micro Service Architecture and the ability to distribute workloads on multiple clouds (AWS/GCP/Aure). Some of the Key Technologies are:
• Core - Java / Python / Go Lang
• Micro Services - GraphQL, REST, CQRS Pattern
• Identity Management - JWT based Zero Trust Architecture
• Databases - Graph DB, Cassandra/HBase, Elasticsearch, Postgresql/Mysql, etc.
• Data Engineering - Apache Spark, Apache Beam, Kafka, GCP Big Query, GCP Big table
• DevOps - Github Actions, Gitlab, Kubernetes, Slackops,

Sep 2016 – Sep 2018 · 2 yrs · Hyderabad Area, India

• Cygilant, previously known as EIQ networks, is a Security as a Service company, with an in-house built cloud platform to deliver security services such as SIEM in the cloud, Security Operations Center in the Cloud, Vulnerability Management, and Patch Management, collectively known as VPM. The cloud platform is built on various cutting-edge big data technologies such as Spring Boot (Java), ELK stack (Elasticsearch, Logstash, Kibana), Kafka, Spark Stream Processing, Kafka Stream Processing, Cassandra, MariaDB, etc. It is cleanly built using Polyglot Micro Service Architecture with the ability to handle millions of events per minute, the processing of terabytes data, and deliver alerts to 24x7 SOC Team.
• My Key Responsibilities are:
• + Heading Product Engineering of 40+ team members with the focus to deliver product features as per the Product Roadmap
• + Built CI/CD pipeline to deploy releases on AWS Cloud. Setup Infra and application monitoring for critical events such as Queues Backlog, Failures, Response Time, etc.
• + Training Engineers on Secure Coding guidelines, Fundamentals of Algorithms, and Efficient Programming.
• + Design and Roll out of the Performance Management Process.

Nov 2014 – Sep 2016 · 1 yr 10 mos · Bangalroe

• We got acquired by Cigital, one of the top security companies from the USA. I was reporting to the VP of Engineering at Cigital Side. One of my key focus and KRA was to integrate the iViZ Security SaaS product with Cigital Core Systems and Processes. We had a team of 15+ engineers and scaled it to 25+. During this time, we made significant changes to
• + Integrate Product Management & Engineering - Sprint Backlogs, Prioritization, T-Shirt sizing, Interim Demos, and feedback.
• + Achieved Predictable Release cycle of 1 Month
• + Setup DevOps - CI/CD using Jenkins, Chef, Maven, Docker, Vagrant
• + Built QA Automation - Automation using Selenium and custom scripts
• + Better Performance Management and Appraisal Cycle- Skill Matrix as per engineering levels, Scoring, and Rating mechanisms.
• + Enterprise Features - Multi-Tenant SAML based Single Sign-On,
• + UX Design - Coordination with UX Teams in Vietnam to redesign UI using ReactJS (migrated from AngularJs)

Aug 2010 – Sep 2014 · 4 yrs 1 mo

• We developed a patented technology to integrate Security Experts with Security Tools using a proprietary workflow. The idea was to build Automate Web Application end-to-end security assessment to reduce cost and improve efficiency.
• We used Java, GWT, Drools (Workflow Automation), Sprint Boot (MVC), Jenkins (CI/CD), AWS Cloud, and custom scripts for deployment.
• To learn the complex workflow and build a knowledge base, we also provided rare but high-quality security assessments to our premium customers such as
• One of the top 5 banks in India: Web Application Penetration Testing of their Core Internal Application. Coordination with their Development Vendors to fix the issues. One of the two top Cloud Service Provider Companies in India: Web Application Penetration Testing of their Core Application.
• Top Casino in the Macau (China).
• + End to End Penetration Testing of the enterprise network including. Internal core servers and applications.
• + Security Audit of the Legacy Applications.
• + Provided Consultancy to fix the issues.
• One of top 4 FMGC companies in India.
• + End to End Wireless Penetration Testing including 15 offices.
• + External Network and Applications Penetration Testing
• One of the top 5 eCommerce Companies in India.
• + Web Application Penetration Testing.
• + Provided Training to their developers.

Sep 2008 – Aug 2010 · 1 yr 11 mos

• iViZ got funded from IDG ventures and we needed to scale our team to build one of the world's first Security Testing as Software as a Service (SaaS). In this role, I had to hire 12+ team members and built the SaaS version of the product using AWS Cloud, Ruby on Rails (RoR), MySql, Custom Build, and Deployment Scripts, Metasploit, Jasper Reports, etc.
• We also build our own internal web application scanner purely on Core Java, Maven, and Jenkins. We automated the detection of vulnerabilities such as SQLi, Xss, CSRF, etc.
• We also applied for a patent in Automated Social Engineering using the Multiple Attack Vector Algorithm (Attack Graph)
• It was one of the most challenging times for me from the perspective of Leadership skills. I had to learn Delegation, People Management, Release Management, the hard way.

Sep 2006 – Sep 2008 · 2 yrs

• I left Oracle to join a very early-stage startup. At iViZ, I have worked with some of the best minds in hacking / offensive security. We developed various proprietary hacking tools on Ruby on Rails, Mysql, Ruby core, Redis, etc. We developed an interesting hacking tool to perform automated hacking performing information gathering, fingerprinting, vulnerability detection, exploitation, pivoting, report generation, etc.

Aug 2005 – Sep 2006 · 1 yr 1 mo