Siddharth Ojha

CTO

Bengaluru, Karnataka, India8 yrs 9 mos experience
Most Likely To SwitchHighly Stable

Key Highlights

  • Expert in building scalable security programs.
  • Led high-impact incident response initiatives.
  • Recognized OSCP-certified professional.
Stackforce AI infers this person is a Cybersecurity expert specializing in scalable security solutions for B2C and B2B environments.

Contact

LinkedIn

Skills

Core Skills

Cloud SecurityLeadershipDevsecopsGovernance, Risk Management, And Compliance (grc)Security Operations

Other Skills

Amazon EKSAmazon Web Services (AWS)Application SecurityApplication Security ArchitectureCalifornia Consumer Privacy Act (CCPA)Cross-functional Team LeadershipCryptographyData SecurityDesign ReviewDevOpsDevice FingerprintingEarly-Stage StartupsFraud & Anti-CheatFraud DetectionFraud Investigations

About

I am a security leader with deep hands-on expertise in building and scaling security programs that balance strong defenses with business velocity. Over the years, I have driven application, cloud, and infrastructure security transformations, led high-impact incident response, and built in-house trust & safety detection systems and anti-cheat systems with integrated in-house device intelligence system. My career spans offensive security (red teaming, penetration testing, reversing, exploit research), defensive engineering (SIEM, SOAR, IAM, DLP, DevSecOps, DSPM,EDR/XDR), and strategic security leadership (ISO 27001, DPDP, ITGC, CCPA, PCI-DSS compliance). I bring a bottom-up understanding of security from debugging assembly in reversing labs to shaping executive-level security roadmaps. Highlights include: - Fraud & Anti-Cheat: Designed and deployed device fingerprinting, VPN/GPS spoofing detection, bot-farm disruption, chargeback abuse monitoring, and solver detection engines for poker. - Cloud & Infra Security: Drove AWS↔GCP migrations, rolled out Prisma Cloud, Zscaler ZIA/ZPA, and Cortex XDR; automated GuardDuty, WAF, IAM, and key management for real-time detection and response. - Application Security: Instituted secure SDLC, DevSecOps pipelines (Jenkins, GitLab, Bitbucket), code review automation, and mobile app hardening with AppSealing/AppGuard. - Threat Detection & SOC Buildout: Built an in-house Security Operations Center covering SIEM, SOAR, DR/BCP playbooks, red/blue/purple team exercises, and continuous fraud monitoring. - Leadership: Head of Security Engineering at MPL, managing 20+ engineers, fraud specialists, and IT staff across continents, embedding security into product, infra, and operations. Recognized as an OSCP-certified professional and active bug bounty hunter with acknowledgments from LinkedIn, Upwork, Canva, Lime, PizzaHut, Blend, Takeaway, Magento, and others. Technical toolbox spans across Burp Suite, ZAP, Frida, MobSF, Nessus, Metasploit, OpenVAS, Nmap, radare2, dnSpy, Vault, Kubernetes, Docker, Python, Bash, Golang. Skilled at architecting scalable detection and prevention pipelines and teaching teams how to think adversarially. TL;DR: I specialise in making security pragmatic, scalable, and forward-looking engineering solutions that outpace adversaries while enabling business growth.

Experience

Mobile premier league (mpl)

4 roles

Global Head of Security Engineering

Promoted

Sep 2023Present · 2 yrs 7 mos

Security ResearchDevOpsKubernetesCryptographyAmazon EKSCloud Security+18

Senior Security Manager

Promoted

May 2022Sep 2023 · 1 yr 4 mos

  • Leading security at MPL
  • Vulnerability Assessment and Penetration Testing
  • Bug bounty program management
  • Game Security
  • Web3 Security
  • DevSecOps
  • Security Training & Awareness
  • Perimeter Security - AWS WAF/Shield, Cloudflare WAF, Fyde
  • Endpoint security - Crowdstrike, Wazuh & Cortex
  • Building and breaking Anti-Cheat/Anti-Hack solutions
  • Analyze, and mitigate security-related frauds
  • Cloud security - AWS, GCP
  • Red Teaming
DevOpsCryptographyCloud SecurityWeb3Product SecurityCross-functional Team Leadership+15

Security Lead

Promoted

Dec 2021May 2022 · 5 mos

California Consumer Privacy Act (CCPA)CryptographyWeb3Product SecuritySecret managementThreat & Vulnerability Management+9

Founding Security Engineer

Dec 2020Dec 2021 · 1 yr

CryptographyThreat & Vulnerability ManagementAmazon Web Services (AWS)Security OperationsGovernance, Risk Management, and Compliance (GRC)Security Audits+2

Gojek

Product Security Engineer

Mar 2019Dec 2020 · 1 yr 9 mos · Bengaluru Area, India

  • Web, Network, IoT, APIs, Android and iOS penetration testing
  • Secure code review
  • Product security design review, threat modelling
  • Performing weekly network scan of the organization's IP and daily OSINT report analysis
  • Cloud security automation to setup in-house security tool around cloud infra- AWS, GCP
  • Data privacy and security
  • Handling incident response & incident analysis
  • Partly managing the API Gateway to ensure security sign-off before release to prod
  • Validating submissions of Gojek's bug bounty program on Bugcrowd
  • Help to create various security-related organisational policies
  • Vendor Assessment for the security team and product team & onboarding them
  • Conduct Security awareness training for all the new joinees
  • Managing the security of multiple products within the organisation by working closely with numerous product teams to fulfil their security needs
  • Handled security aspects of various sensitive projects & products and drove them to completion in stipulated timeline
  • Working very closely with Fraud and OpsTech teams to develop better incident management strategy
CryptographyThreat & Vulnerability ManagementAmazon Web Services (AWS)Security OperationsGovernance, Risk Management, and Compliance (GRC)Security Audits+1

Tata consultancy services

Security Analyst

Jul 2017Mar 2019 · 1 yr 8 mos · Bangalore

  • Hired at TCS through a gamified hiring platform called HackQuest. I was the winner of HackQuest 2017 held in Feb-Mar.
  • I was performing VAPT Security testing of applications for a world-renowned banking conglomerate.
  • Performing Vulnerability Assessment and Penetration Testing of web applications, network, mobile applications and web services.
  • Creating standards and guidelines for the testing process.
  • Developing scripts to automate the testing process wherever possible.
  • Train developers on secure coding practices and standards.
  • I was also working as the part of TCS Red Team. At the same time doing penetration testing of various internal TCS application.
  • I was part of the IoT lab, working on various IoT devices and reverse-engineering them.
  • Co-created in house RFID cloner and worked closely to identify vulnerabilities in HP's Aruba.
CryptographyGovernance, Risk Management, and Compliance (GRC)

Education

Bharati Vidyapeeth

Bachelor of Technology

Jan 2013Jan 2017

Bharati Vidyapeeth

Associate's degree — Network Security

Jan 2013Jan 2016

Stackforce found 100+ more professionals with Cloud Security & Leadership

Explore similar profiles based on matching skills and experience

Aniruddha Biyani

Aniruddha Biyani

Information Security

at Prophecy

Bengaluru, India10 yrs 3 mos exp
DC

Dharmendra Kr. Chauhan (DC)

Accumulated Expertise

at Career-Wide Experience

Noida, India0 mo exp
Shane Levi

Shane Levi

Business Consultant

at Nextep

Englewood, United States3 yrs 7 mos exp
LeadershipSalesforce.com
NIKHIL KUMAR GANDLA

NIKHIL KUMAR GANDLA

Application Security Manager

at Bajaj General Insurance

Hyderabad, India6 yrs 7 mos exp
Application SecurityCyber Risk ManagementCyber SecurityInformation SecurityRisk Assessment
Joas A Santos

Joas A Santos

Founder

at Red Team Leaders

Brazil9 yrs 5 mos exp
PentestRed TeamRisk AssessmentIncident Management
TK

Tarun Kumar

Senior Information Security Consultant

at Confidential

Gurugram, India8 yrs 1 mo exp
CybersecurityMobile Application SecurityPenetration Testing
Nikhil Mittal

Nikhil Mittal

Founding Security Engineer

at Clazar

Pune, India8 yrs 11 mos exp
Utkarsh Agrawal

Utkarsh Agrawal

Senior Security Engineer

at Confidential

Bengaluru, India6 yrs 10 mos exp