Ranjan Kathuria

DevOps Manager

San Francisco, California, United States9 yrs 7 mos experience

Most Likely To SwitchHighly Stable

Key Highlights

Top 100 Bugcrowd hacker.
Expert in cloud security architecture.
Led multiple successful security initiatives.

Stackforce AI infers this person is a Cloud Security Architect with extensive experience in SaaS and Infrastructure Security.

Contact

Skills

Core Skills

Cloud SecuritySecurity LeadershipSecurity EngineeringInfrastructure As Code (iac)Security Architecture Design

Other Skills

AWS CloudHSMAmazon Web Services (AWS)Bug Bounty ManagementCSPM toolsCSRFComputer SecurityContainer SecurityCybersecurityDDoSDevSecOpsFirewallsGitGitHub ActionsGoogle Cloud Platform (GCP)HTML

About

Seasoned Staff Security Engineer with 10+ years in architecting robust public cloud and infrastructure security solutions. Proven expertise in conducting security reviews and risk mitigation. Skilled in leading teams of security engineers and InfoSec SREs, driving collaborative and innovative strategies. Strong background in implementing advanced security protocols, ensuring resilience and compliance with evolving threats and business goals. Outside of work, I'm a top 100 Bugcrowd hacker and a leading contributor to bug bounty programs for Hubspot and Quora. I am passionate about writing and speaking on security topics, including automating secops. Articles and talks available: - https://medium.com/nestaway-engineering/automating-security-operations-detecting-and-permanently-blocking-abusive-clients-85154c828575 - https://blog.sqreen.com/from-nestaway-automating-security-operations - https://www.youtube.com/watch?v=Bd4pTqAuvBQ&t=1974s - https://resources.awscloud.com/india-on-demand-webinars/detecting-and-remediating-threats-to-your-aws-accounts-and-workloads-with-amazon-guardduty

Experience

Rubrik, inc.

2 roles

Staff Security Engineer

Promoted

Apr 2022 – Present · 3 yrs 11 mos

1. Cloud Security Architect Leadership:
Regularly meet with AWS, GCP, and Azure security teams to stay updated on new security services and pilot these at Rubrik, enhancing security policies.
2. Blessed Golden Images:
Architected a GitHub Actions pipeline for CIS 1.0 hardened Golden Images for VMs and containers, deployed across 1,500+ cloud accounts (AWS, Azure, GCP), reducing vulnerabilities by 80%.
3. Internal PKI Solution:
Developed a PKI solution using AWS CloudHSM and HashiCorp Vault, cutting procurement costs by 65% by eliminating the need for public certificates internally.
4. IaC Journey with Terraform:
Deployed Terraform Enterprise for secure cloud workloads, handling 1,500+ runs daily.
Led the InfoSec SRE team in creating secure deployment modules (e.g., private GKE clusters, bastion hosts).
Initiated a Terraform learning series, aiding engineers in workload transitions, enforcing security standards with Terraform Sentinel, including golden images and preventing public exposures.
5. Incident Management:
Supported the SOC team as the primary Security Architecture contact for cloud and infrastructure incidents.
Developed a forensic lab for investigations and trained the team for better containment.
6. Security Log Ingestion System:
Designed a log collector to transmit security logs to SIEM from cloud log explorers, managing gigabytes of logs daily.
7. Security Review Requests:
Evaluated security review requests for over 5,000 public cloud accounts.
8. Quarterly Service Reviews:
Led quarterly reviews for cloud and infrastructure security, updating Security Leadership on initiatives and progress.

Cloud SecuritySecurity LeadershipInfrastructure SecurityDevSecOpsProduct SecurityWeb Application Security+10

Founding/Senior Security Engineer

Nov 2019 – Mar 2022 · 2 yrs 4 mos

#9 hire overall in InfoSec.
1. Cloud Security Posture Management: Led the PoC for CSPM tools, analyzing features to select the best fit. Developed a Terraform template to onboard 1,500+ cloud accounts, ensuring 100% security visibility. Trained the vulnerability management team on tool operationalization.
2. Bug Bounty Program: Formulated comprehensive program policies for Rubrik's public bug bounty initiative. Established guidelines, defined critical security areas, and designed reward structures to incentivize ethical hacking.
3. External Attack Surface Management: Developed and implemented a comprehensive tool for mapping and monitoring vulnerabilities in Rubrik's digital assets, ensuring enhanced security and proactive threat protection.
4. MRT (Monitoring, Reporting, Triaging): Created Lambda functions for continuous monitoring, reporting, and triaging. Integrated vulnerability scanner with AWS, GCP, Azure, and data centers to auto-discover assets, initiate scans, and generate Jira tickets for triaged issues.
5. Streamlined Rubrik's security review process with a Jira helpdesk and a Python tool for monthly reports. Ensured efficient ticket assignment and improved tracking of review hours by security architects.

Ruby on RailsPythonSecurity Architecture DesignProduct SecurityCloud SecurityInfrastructure as code (IaC)+7

Nestaway technologies pvt ltd

2 roles

Senior Security Engineer

Feb 2018 – Nov 2019 · 1 yr 9 mos

Built Infosec team for scratch. Hired Security Engineers and was responsible for scaling of Infosec Team. Developed and led Product & Cloud Security Strategies.
SecOps:-
Vulnerability management.
Attacks alerting.
Bug bounty management (https://www.nestaway.com/whitehat)
Code Review.
Application Firewall management. (We're using Sqreen(one of the finest application firewall so far) - https://www.sqreen.io/)
Firewall sdk integration with application to get insights of attacks like IDOR, CSRF, Command injections etc.
Application Security:-
Web/Mobile Security pentesting.
Inhouse WAF and honeypot platform.
Developing inhouse security tools.
Middleware's to deploy blanket fixes for server side attacks such as CSRF etc.
Microservices authentication/session management.
Infra:- (AWS & GCP)
Developed an in-house tool which uses aws-sdk to send daily alerts about publicly exposed security groups, RDS security settings and many other things.
Using products like AWS GuardDuty, AWS Macie, AWS Inspector with Lambda and Cloudwatch to automate blocking action.
AWS WAF for Application load balancers and API gateways.
IAM management.
GCP Security.
Other:-
Regular sessions to developers about latest attacks etc.
Setting up Security team quarterly goals.
Timely updates to tech leadership team.

Founding Security Engineer

Jun 2016 – Jan 2018 · 1 yr 7 mos

I was the first hire in Security Team and was responsible for defining, prioritizing and implementing a strategy to ensure that the security team is meeting technical and engineering security needs of the company.
1. Implemented Security Testing in existing SDLC.
2. Designed and implemented in-house waf.
3. Designed a honeypot to block bad-bots on NestAway Platform.
4. Worked with developers to implement secure coding practices. (OWASP secure coding practices)
5. Designed and Implemented Bug Bounty Program for NestAway (http://engineering.nestaway.com/security/2017/09/13/hall-of-fame.html)
6. Prioritize the vulnerabilities reported via BBP.
7. Designed and developed inhouse DDOS solution using aws-waf and aws-shield.
8. Automated infra security operations using aws guardduty and aws macie.
9. Developed centralized fix for various server-side attacks.
10. Working Closely with DevOps team to deploy infrastructure level security fixes.
Visit https://www.nestaway.com/whitehat to report any security issue.

Zoomcar

Security Engineer Intern

Jan 2016 – Jun 2016 · 5 mos · Bangalore

[End Semester Internship]
1. Worked on web app security, mobile app security & source code review (RoR & Angular JS)
2. Developed and managed in-house BBP.
3. Implemented centralized fixes for CSRF, XSS attacks.
4. Worked on fixing known CVE's for Rails.

Deebowl

Security Engineer Intern

May 2015 – Jul 2015 · 2 mos

[Summer Internship] - Focused on Application and Infra Security. Was responsible for finding vulnerabilities in web application, mobile apps. Managed security over AWS as well.