Nov 2022 – Oct 2023 · 11 mos

• Led security initiatives for production systems supporting a large, high-traffic consumer platform operating under IPO-level scrutiny.
• 1) What I worked on
• Owned security strategy across application and infrastructure layers
• Partnered with engineering teams to embed security into development workflows
• Reviewed architecture changes, vendor integrations, and access patterns at scale
• Acted as a point of escalation during security incidents and risk assessments
• 2) Key contributions
• Secured systems supporting 80Million MAU users
• Led remediation of 50+ critical / high-risk vulnerabilities across Application/Infra
• Introduced Processes/Systems/Automations that reduced recurring security issues
• 3) What this taught me: How security expectations change when public scrutiny, audits, and scale collide.

Dec 2020 – Nov 2022 · 1 yr 11 mos

• Hands-on security engineering across application, infrastructure, and internal tooling.
• 10 What I worked on
• Conducted application security testing and code reviews
• Identified vulnerabilities in APIs, backend services, and internal tools
• Collaborated with engineers to fix issues without blocking releases
• Supported incident response and post-mortem analysis
• 2) Impact
• Discovered and helped fix 100+ vulnerabilities, including Account Takeovers, PII Data leak.
• Improved security coverage for SERVICE COUNT / AREA
• Reduced repeat vulnerabilities by 70%

Dec 2019 – Dec 2020 · 1 yr · Bengaluru, Karnataka, India

• Early-stage security work during rapid product and team growth.
• 1) What I worked on
• Application security testing for fast-moving product teams
• Identified gaps caused by rapid feature releases and architectural changes
• Worked closely with developers to prioritize fixes under tight timelines
• 2) Key contributions
• Found 100+ security issues across [WEB / API / MOBILE] surfaces
• Helped establish early security processes for a growing engineering org
• Reduced risk in critical flows like PAYMENTS / AUTH / PII DATA
• What this taught me: Why security breaks first when growth outpaces process.

Oct 2018 – Nov 2019 · 1 yr 1 mo · Bengaluru, Karnataka, India

• Part of ARChitecture team (SG|PaaS) with expertise on Enterprise Docker Engine, Kubernetes & Serverless solutions.
• Architecture review and redesigning to migrate monolithic applications into microservices on PaaS platform keeping in mind the functionalities of application & infra cost saving.
• Language stack includes Java springboot, Node Angular & React JS based applications.
• Supporting & managing docker platform including UCP, Swarm cluster, docker engine, volumes, networks, HRM & registry.
• Creating stack compose files & writing Dockerfiles to create images for application for resusability in order to deploy an application to Docker platform.
• Securing the container deployment environment(s), container pipeline & infrastructure.
• Writing pipeline script for application provisioning on different platform with CI-CD process, single-click deployment (Jenkins-git-sonarqube-maven-nexus-checkmark-docker).
• Development, writing Unit & integration tests of Docker-Vault-Secret Plugin based on Go-Lang for secrets stored in the Vault server being invoked by our microservice.
• Comprehensive deep dive study of Kubernetes Production-grade Container Orchestrator over Docker analyzing key parameters HA, Scalability, rolling updates & auto-rollbacks.
• Development of serverless framework solution (node-JS) for SG|Lambda on-premise implementing FaaS (Function as a Service) & BaaS (Backend as a Service).
• Designing and integration of Kubeless, Fn & OpenWhisk distributed serverless platform within private cloud that executes functions f(x) in response to events at any scale.
• Public Cloud Building Trust & Control with Azure Kubernetes Services (aks cluster).
• Automating public cloud transformation for onboarding application teams with ad-hoc pre-configured & ready-to-use aks cluster with help of Terraform Infrastructure as Code Technology.
• Secured position in Top 5 in Cyber Security Brainwaves Hackathon organized by SocGen Globally.

Jun 2017 – Sep 2018 · 1 yr 3 mos · Bengaluru, Karnataka, India

Jan 2016 – May 2017 · 1 yr 4 mos · Open Source

• Development of Sandboxed CTF type challenges, Implementing Security of Web applications, Real world Vulnerabilities in safe and controllable environment, represented by the Mentor in the AppSec Conference 2016, Rome.
• Making the Application platform-independent for better Deployment used Vagrant Boxes, Vagrantfiles and Docker containers for challenges and the CMS.
• Technologies Used : PHP CMS, Vagrant & Docker, WebApp Security.

May 2015 – Jul 2015 · 2 mos · Mumbai Metropolitan Region

• Security of Wireless Networks, security of AODV routing protocol of Wireless Sensor Networks (WSN) by mitigating Black Hole Attack by Implemting SRD-AODV and GAODV algorithms on Network Simulator EXata by running Live scenarios.
• LAN Monitoring, Web filtering modification in Squid proxy server ACL and Pentesting to test Vulnerabilities on LAN, WLAN and Routers.
• Technologies Used : C++, OOPs concepts, EXata, Wireshark, aircrack-ng, Nmap.