Nov 2023 – Nov 2024 · 1 yr · Remote

• Working alongside engineering teams to promote shift-left culture and improve company’s security posture.
• Conducted architecture reviews and threat modeling to proactively implement security best practices.
• Developed and launched ”Hourglass,” a security gamification platform at Tide to reward positive security behavior, encouraging proactive issue reporting and reducing potential security risks.
• Worked with the cloud engineering team to incorporate security in the AWS infrastructure.
• Developed detections using logs from SaaS products like Okta and Google Workspaces with SIEM & SOAR, focusing on PCI, PII, and DLP compliance.
• Performed automated code reviews by creating custom DAST rules in Semgrep to enforce security practices, complemented by manual code reviews for thorough coverage.
• Implemented data security by analyzing lineage, reviewing tool config., and managing controls and classification.
• Detected and resolved misconfigurations in CI/CD pipelines, collaborating with teams to enhance security and mitigate supply chain risks.
• Automated the metrics collection from various sources to generate actionable security insights and informed decision-making.

Feb 2023 – Sep 2023 · 7 mos · Bengaluru, Karnataka, India · On-site

• Implement and enforce security practices throughout the entire organization.
• Implemented security tooling such as Trivy, Trufflehog, and others, and ensured the integration of GitHub security features into the DevOps pipeline. Collaborated cross-functionally to drive widespread adoption of these security measures.
• Research on different exploits reported by tool to determine it’s impact and exploitability using frameworks like EPSS.
• Conducted penetration tests on feature releases and managed annual third-party security assessments to ensure software security and compliance.
• Implemented a centralized vulnerability management solution to efficiently manage and triage security issues reported by tools like Trivy and ScoutSuite-powered makeshift CSPM.
• Conducted routine access audits, enforced the least privilege principle, restricted access to sensitive components and data to only when necessary, and maintained comprehensive access logs for these instances.
• Played a pivotal role in working towards attaining SOC2 and ISO27001 compliance certifications, demonstrating a commitment to industry- leading security standards.
• Used Terraform for automated resource provisioning via pull requests, enhancing security and consistency while reducing operational risks.
• Actively led the codebase and GitHub organization migration process, including restructuring and access control, to ensure a secure and organized transition.
• Collaborated on enhancing deployment security with ArgoCD, optimizing the management of GitOps-driven infrastructure and ensuring secure, automated deployments.
• Efficiently triaged reports from our open bug bounty program, prioritizing and addressing security vulnerabilities to enhance overall system resilience.
• Conducted phishing drills to educate and raise awareness among team members about security threats and phishing attack vigilance.

Apr 2022 – Feb 2023 · 10 mos

• Managed entire delivery process of all the projects in the company ensuring the quality of work is being delivered to the customer.
• Coordinating with different departments like HR, Marketing, Finance to get the best for the consultants and customers.

Jul 2021 – Apr 2022 · 9 mos

• Performed penetration testing on a wide range of web technologies to identify critical vulnerabilities affecting the business.
• Experienced in working with automated and manual penetration testing methodology to deliver quality results.
• Performed cloud configuration review and penetration testing to find critical misconfiguration in the client’s infrastructure.
• Automated workflows, created DevSecOps pipelines and performed penetration testing on CI/CD pipelines to find vulnerabilities.
• Worked on in-house open-source projects like https://securecode.wiki and https://cybersecwiki.com to contribute to the infosec community.
• Hosted and managed Payatu Hiring CTF, contributed to creating challenges, hosting and maintaining infrastructure, moderating Discord, etc. post that taking interviews of the top candidates to hire them.

Jan 2021 – Jun 2021 · 5 mos

May 2020 – Aug 2020 · 3 mos · Bengaluru, Karnataka, India

• Worked with NodeJS, Firebase and MongoDB and basic front end web development to
• develop an admin panel to monitor and manage data and requests from the mobile
• application.

Dec 2019 – May 2020 · 5 mos · Pune

• Working in NAAC accredition project for Symbiosis in which I developed automation tools using Python and Shell Scripting that helped in data cleaning, data migration and data integration.