Varun K.

DevOps Engineer

Dubai, United Arab Emirates12 yrs 9 mos experience

Most Likely To SwitchAI Enabled

Key Highlights

12+ years of experience in security engineering
Recognized in 10+ global security halls of fame
Expert in building scalable security ecosystems

Stackforce AI infers this person is a Security Engineer specializing in Application and Product Security within the Tech industry.

Contact

Skills

Core Skills

Application SecurityCloud SecuritySecurity EngineeringSecurity AutomationSecurity Architecture DesignDevsecopsVulnerability ManagementMalware AnalysisChrome ExtensionsSecurity OperationsInformation SecurityPenetration Testing

Other Skills

Amazon Web Services (AWS)Artificial IntelligenceComputer SecurityCryptographyCyber-securityCybersecurityDASTData PrivacyDynamic AnalysisEthical HackingHackingLeadershipNetworkingOWASPObjectives and Key Results (OKRs)

About

I’m a security engineer with 12+ years of experience working from startups (N26, Gojek, Swiggy) to big tech companies (Amazon, Google) building and scaling Application and Product Security programs that protect products from code to cloud. My work spans threat modeling, secure SDLC, SAST/DAST/SCA/IAST orchestration, ASPM, CSPM, vulnerability management, Zero Trust architecture, and CI/CD security automation.I design DevSecOps frameworks that integrate seamlessly with developer workflows; embedding runtime protection, container/Kubernetes security, secrets management, and API hardening into delivery pipelines. On the product side, I focus on identity and access control, data protection, and security telemetry, ensuring that security enables, not slows, innovation.Recognized in 10+ global security halls of fame, I’ve helped teams operationalize AppSec and ProdSec maturity programs, automate risk scoring, and use AI for intelligent triage and policy enforcement. My mission: build scalable, developer-friendly security ecosystems that deliver measurable resilience and trust.

Experience

Talabat

Senior Security Engineer

May 2024 – Present · 1 yr 10 mos · Dubai, United Arab Emirates · On-site

Developed end-to-end automated solution (detect, alert and remediate) to prevent hard-coded secrets in source code.
Built an autonomous agent to review tech docs (RFC/Incident/Design) for security issues using Artificial Intelligence
Enhanced CI pipelines by integrating a security stage that ensures only compliant services proceed through build.
Built a Cloudflare MCP server and AI agents to automate incident analysis and find security gaps in Firewall and IP access rules
Threat modeling and architecture review as part of Secure Software Development Lifecycle (SSDLC).
Isolated CI/CD deployments per namespace, restricting secrets access, minimizing breach impact.
Developed in-house DAST to detect broken access control vulnerabilities that are specific to Talabat.

Python (Programming Language)Product SecurityApplication SecurityCloud SecuritySecurity Engineering

Tractable

Staff Security Engineer

Dec 2022 – May 2024 · 1 yr 5 mos · London, England, United Kingdom

Led the alignment of Secure Development Lifecycle with organizational objectives
Developed a custom Software Composition Analysis (SCA) tool for enhanced software supply chain security
Established a comprehensive security metrics dashboard for executive leadership utilization

Security AutomationSecurity Architecture Design

Goto group

Lead - Product Security

Jan 2021 – Jan 2023 · 2 yrs · Bengaluru, Karnataka, India

Led a high performing DevSecOps team developing scalable security automation using engineering
Architected a custom DAST framework for 500+ products, enhancing security measures
Spearheaded integration of security in product development, ensuring robust solutions
Implemented scalable SAST solutions for 45,000 repositories, optimizing code security

Application SecurityProduct SecurityDevSecOpsSecurity AutomationTeam Leadership

N26

Senior Security Engineer

Jan 2020 – Dec 2020 · 11 mos · Berlin, Germany · On-site

Security AutomationRed TeamingVulnerability ManagementPenetration TestingApplication SecurityAmazon Web Services (AWS)+3

Google

Senior Security Strategist

Feb 2019 – Jan 2020 · 11 mos · Hyderabad Area, India

Led security efforts at Google, securing 70 million users from malicious chrome extensions
Developed code review process for chrome extensions, enhancing security measures
Trained 30+ vendor engineers on reverse engineering JavaScript techniques

Malware AnalysisChrome ExtensionsReverse Engineering

Amazon

Security Engineer

Sep 2017 – Feb 2019 · 1 yr 5 mos · Bengaluru Area, India

Accomplish my tasks by using tools and expert level knowledge to understand not only what a particular piece of Malware/ Ad Bot can do but also how
Designed and proposed a honeypot to lure live malwares and botnets committing advertising fraud, analyze it's behavior strategically and deploy a signature/ solution to protect the Amazon’s ad exchange getting affected from it
Have proposed an IP Intelligence platform that shall recognize an incoming Inventory Bid source and determine the quality of audience that shall be creating an impression
Using VirusTotal data, developed an algorithm to reduce ad requests from malicious Android apps

Security AutomationCryptographyComputer SecurityInformation SecuritySecurity OperationsProgramming+6

Swiggy

Security Engineer - 2

Sep 2016 – Sep 2017 · 1 yr · Bengaluru Area, India

Application threat modelling and Applications risk exposure
Perform penetration testing & vulnerability assessment for WebApplications (Manually).
Perform penetration testing & Vulnerability assessment for Mobile Applications.
Using tools like Burp Suite and Metasploit.
Create standards and guidelines for Ethical Hacking.
Developed scripts to improve penetration testing process and automated security.
Research and Reporting on security vulnerabilities and popular technology products.
Train developers on secure coding practices and standards.
Source Code review and Auditing using industry standard methodology, framework and tools.
In-depth technical implementation of security engineering, computer Science, network security, security protocols and cryptography concepts.

Security AutomationDynamic AnalysisVulnerability ManagementCryptographyComputer SecurityPenetration Testing+26

Internshala

Web Developer and Security Engineer

May 2013 – Aug 2016 · 3 yrs 3 mos · Gurgaon, India

Developed internshala.com product from the scratch using MVC framework
Introduced Security information and event management system to monitor attacks in real time
Used PHP Doctrine for database storage and object mapping
Automated Security using manual scripts written in bash and PHP
Migrated complete framework monolith architecture to micro service architecture
Created custom framework for the company using CodeIgniter framework
Led the team of 5 interns on web development and security engineering
Created attack signatures based on payload patterns