May 2024 – Apr 2025 · 11 mos

• Led threat modeling for 15+ Krutrim AI Cloud Services, including GPU as a Service (GaaS), Model as a Service (MaaS), S3-compatible storage, AI pods, IAM, security group and developed risk mitigation plans.
• Conducted threat modeling and risk assessments for Krutrim B1 Silicon and B1 platform; Developed risk mitigation plans.
• Led internal and external security testing for Krutrim AI datacenter infrastructure and LLM-based applications, such as Krutrim Chat, Call Center AI, Dhristi, AI Studio, and Ola Electric AI Chat.
• Collaborated with Legal, Governance, Data Science, Platform Engineering, and Operations teams to implement regulatory and compliance requirements across OLA Krutrim platforms.
• Led security assessments and risk evaluation for the migration of OLA workloads from Azure and AWS to the in-house Ola Krutrim Cloud Datacenter.
• Conducted biweekly internal security training: “Learnings from Third-Party Data Breaches”, driving awareness and improving organizational security posture.
• Delivered weekly security metrics reporting and project updates for Krutrim Cloud to the CEO office.

Apr 2020 – Apr 2024 · 4 yrs

• Developed the Cybersecurity Management System (CSMS) policy in alignment with ISO/SAE 21434 standards.
• Led the secure design of key features for the Ola Scooter, like mTLS authentication, passcode & proximity unlock, scooter profiles, geofencing & theft alerts, OTA updates, Maps, Diagnostics.
• Led cybersecurity architecture reviews and TARA assessments (ISO 21434) for E/E systems, ECUs, Hyper Chargers, and Companion Apps; managed internal and external penetration testing.
• Led the secure design of Ola Electric’s core applications: SSO Login, Website, Order Management System, Test Ride, After-Sales Portal, Agent Dashboard, Cloud Commander, OTA Manager, Telematics.
• Spearheaded PKI setup for scooter certificate provisioning at Ola manufacturing plant.
• Conducted security architecture reviews for plant-side systems including MES, Mendix (VIN Generation), and ECOS applications.
• Integrated secure mTLS communication across critical systems: SAP, Salesforce, Ola Money Insurance, and third-party platforms.
• Led vulnerability management, bug bounty triage, and incident response for the Ola Electric scooter ecosystem.
• Managed incident response during high-severity events including the Log4j zero-day vulnerability and DDoS attacks.
• Supported telematics data packet capture and network analysis, resulting in a 40% reduction in bandwidth usage.
• Assisted in debugging production outages and network optimization at Ola Plant.
• Conducted biweekly internal training sessions: “Learnings from Third-Party Data Breaches”, to continuously improve OLA’s security posture.

Apr 2016 – Apr 2021 · 5 yrs

• Implemented Secure SDLC practices for Ola Cabs, Ola Driver, and Ola Corporate platforms.
• Supported GDPR compliance initiatives for Ola UK & ANZ, including Consent Management, Right to Access (RTA), Right to Forget (RTF) workflows, data discovery, data flow diagrams, and DPIA (Data Protection Impact Assessments).
• Conducted vulnerability assessments, penetration testing, and red teaming for Ola Pay; generated quarterly card scanning reports for PCI-DSS compliance.
• Developed a machine learning model to detect suspicious login behavior in Ola’s CIDM SSO system.
• Designed and deployed an in-house SIEM solution based on MozDef, along with tools for dark web monitoring, credential leak detection, and external attack surface scanning.
• Researched and evaluated device fingerprinting technologies to improve fraud detection and mitigation.
• Supported regulatory and security audits, including PCI-DSS, GDPR, ReBIT, and TFL (Transport for London).
• Contributed to the development of Jackhammer, Ola’s open-source vulnerability management and DevSecOps platform.