Utkarsh Kher

DevOps Engineer

India9 yrs 7 mos experience
Highly Stable

Key Highlights

  • Proven experience in building security programs.
  • Expert in product security and red teaming.
  • Skilled in developing internal security tools.
Stackforce AI infers this person is a Security Engineer specializing in SaaS product security and red teaming.

Contact

LinkedIn

Skills

Core Skills

Product SecurityRed TeamingPenetration TestingSecurity Automation

Other Skills

AWS SecurityApplication SecurityApplication securityCode reviewsDevelopmentDevelopment skillsDocumentationInfra Structure SecurityInfrastructure securityScanner developmentSecure Architecture DesignSecure Code ReviewSecurity Architecture DesignSecurity advisorySecurity assessments

About

I like to do detailed research about products. I have helped multiple security startups to scale their product features. If you would like to know more, please get in touch. Security engineer with proven experience in building and leading a security program. Software Development, Skilled in Source Code-Driven Pentests, Product Security, InfraStructure Security, Web and Mobile Application Security (OWASP), Red Teaming, Penetration Testing, Secure SDLC, DevSecOps, CICD Automation, Manual Secure Code Reviews, Security Tool Development, Infra Security, Network Penetration Testing, Threat Modeling, and Cloud Security. I am currently working as an independent security engineer. Previously, I worked for Rippling, where I started as the first member of the product security team and was a co-contributor to enabling the product security program. I've worked on numerous web applications, mobile applications, and cloud and infrastructure security assessments during my time here. I am equally adept at manual secure source code reviews and dynamic security assessments. In the past, I have also worked as the only security engineer at Zeta (Directi), where I have worked on all things security. I have also built internal security tools in Java and Python. Core Skills: Development Skills: Java, Javascript, and Python; Developed professional applications in the past. Also built security scanners. Architecture Reviews Threat modeling; Manual secure code reviews (Java, Python, React) Cloud Security - AWS, Terraform (basics), Kubernetes, and Docker. Red Teaming Secure SDLC Web and Mobile Application Security Testing InfraStructure and Network Security Testing

Experience

Self-employed

Independent Security Engineer (Working for different clients)

Mar 2024Present · 2 yrs

  • I like to do detailed research about security products. I have helped multiple security startups to scale their product features. If you would like to know more, please get in touch.
  • Currently working for multiple clients. Contact me for short-term contract opportunities. I can help you to develop and implement robust product security and red teaming program from inception.
  • With a proven track record in building comprehensive security frameworks for billion-dollar startups, I have experience in helping safeguard products and organizations against cyber threats. If you're in need of services to fortify your security measures, feel free to reach out. Let's collaborate to ensure your product's resilience in the face of emerging threats.
  • Additionally, I bring extensive experience in security advisory roles, providing strategic guidance to executive teams on navigating complex security landscapes. My consultancy services extend beyond technical implementation to encompass holistic security advisories tailored to your organization's unique challenges and objectives. By aligning security initiatives with business goals, I empower leaders to make informed decisions that mitigate risk and drive sustainable growth.
  • I look forward to the opportunity to collaborate and contribute to the advancement of your security initiatives.
Security advisoryProduct securityRed teamingProduct SecurityRed Teaming

Rippling

First Security IC @Rippling | (Product Security and Red Teaming) | Staff Security Engineer

Aug 2020Mar 2024 · 3 yrs 7 mos

  • Started as the first member of the Security Team at Rippling. I have been a co-contributor in initiating the security program. Tasks carried out:
  • Found numerous critical security issues such as ATOs, AuthZ flaws, MFA bypasses, RCEs, file security vulnerabilities, etc., in Rippling's infrastructure using code reviews and penetration testing. I also humbly challenged Rippling's executive team to improve the framework of our codebase. Additionally, I created a comprehensive security best practices guide and an onboarding video that includes real-world exploitation scenarios to help uncover and prevent security issues in our codebase.
  • Successfully deployed Semgrep and scaled it to 800+ engineers. Made it popular enough to be adopted by development teams as well.
  • Created a scanner used to identify security issues at scale. Added controls to detect and identify issues within our products.
  • Worked on Infrastructure security (AWS, Docker, K8s, etc)
  • Threat Modelling
  • Development Skills – Python, Java, and JavaScript
  • Infrastructure Skills – Terraform, Docker, Kubernetes, and AWS
  • Secure manual code reviews (Python REST Framework, React, Rust, and Go)
  • Development (writing code, building scanners, fixing vulnerable code, shift left, etc.)
Code reviewsPenetration testingInfrastructure securityDevelopment skillsProduct SecurityPenetration Testing

Traveloka

Security Engineer

Jun 2019Aug 2020 · 1 yr 2 mos

  • Responsibilities
  • Threat Modelling
  • Code Reviews - Java, Python and Javascript
  • Product Security
  • AWS and GCP security
  • Architecture Reviews
  • Vulnerability Assessment and Pen Testing
Threat modelingCode reviewsVulnerability assessmentProduct SecurityPenetration Testing

Directi

Security Engineer

Nov 2017May 2019 · 1 yr 6 mos

  • Was the only Security Engineer, worked at Zeta. Responsible for handling end to end application and Infrastructure Security.
Application securityInfrastructure securityProduct Security

Controlcase

Security Engineer

Jul 2016Nov 2017 · 1 yr 4 mos · Mumbai, Maharashtra, India

Education

International Institute of Information Technology Bangalore

Postgraduate Degree — Computer Science

Jun 2019Jun 2020

University of Allahabad

Bachelor's of Computer Application — Computer Science

Jan 2012Jan 2015

Stackforce found 100+ more professionals with Product Security & Red Teaming

Explore similar profiles based on matching skills and experience

Tushar Verma

Tushar Verma

SME - R&D Exposure Management

at NST Cyber - Your Trusted Enterprise CTEM Partner

South Mumbai, India3 yrs 9 mos exp
Application SecurityCloud Security
NIKHIL KUMAR GANDLA

NIKHIL KUMAR GANDLA

Application Security Manager

at Bajaj General Insurance

Hyderabad, India6 yrs 6 mos exp
Application SecurityCyber Risk ManagementCyber SecurityInformation SecurityRisk Assessment
Edbert S.

Edbert S.

Cyber Security Consultant (VAPT)

at Confidential.

Marikina, Philippines5 yrs 10 mos exp
Vulnerability Assessment and Penetration Testing (VAPT)
Aditya Rai

Aditya Rai

Defensive Content Engineer

at Security Blue Team

India5 yrs 9 mos exp
Threat HuntingIncident ResponseMalware Analysis
Govind Sharma

Govind Sharma

Mobile Security Engineer

at Thales

Bhilwara, India3 yrs 8 mos exp
Mobile SecurityReverse Engineering
SHAMEEM P K

SHAMEEM P K

Senior Security Consultant

at Ampcus Cyber

Dubai, United Arab Emirates3 yrs 9 mos exp
Mohammad Y.

Mohammad Y.

Associate Consultant - Offensive Security

at CLA Global Indus Value Consulting

Mumbai, India10 mos exp
Network PentestingApplication PentestingVulnerability Assessment
Suchith Narayan

Suchith Narayan

Staff Security Engineer

at Razorpay

Bengaluru, India8 yrs 2 mos exp