Ashutosh Surothia — Software Engineer

Cybersecurity Engineer | Software Engineer | Azure Cloud Security | DevSecOps & AppSec I am a Cybersecurity Professional at EY, specializing in securing high-stakes BFSI environments through Defense in Depth strategies. With a foundation in Software Engineering and 2.5+ years of experience across EY and TCS, I bridge the gap between secure architecture and scalable code. My focus is on hardening cloud-native applications and ensuring security is baked into the CI/CD pipeline, not added as an afterthought. 🛡️ Cloud Security & Defense: I leverage the Azure Security ecosystem to protect enterprise assets. I am experienced in implementing Microsoft Defender for Cloud to monitor posture and remediate vulnerabilities across distributed environments. My approach follows the Zero Trust model, ensuring identity-driven security via OAuth 2.0 and IAAA principles. 💻 Security Engineering (Java/DevSecOps): Because I speak "Developer," I don't just find vulnerabilities, I also provide the fix. AppSec: Expert in SAST/DAST using tools like Veracode and BurpSuite to secure Java-based Microservices. Automation: Building secure GitHub Actions and Jenkins pipelines to automate vulnerability scanning and compliance. For example In legacy system we have to do manual scanning by putting jar in Veracode but through GitHub Actions I automated scanning in pipeline itself, And it saved team from aditional work. Data Integrity: Managing secure PostgreSQL instances and optimizing performance via Redis without compromising the security perimeter. 🚀 Key Impact & Recognition: Security First: Modernized BFSI applications for global leaders (MetLife, CNA), identifying and patching critical API vulnerabilities. Performance: Improved backend response times by 17% while maintaining a 100% secure audit trail. Champion: 1st Prize Winner at the PuneVerse Hackathon and TCS Secure Coding Challenge (2025). I am driven by the challenge of designing resilient, distributed systems that can withstand the modern threat landscape. Always learning, always hardening. Technical Core: Azure Cloud Security, Microsoft Defender, Defense in Depth, Java/Spring Boot Security, OAuth 2.0, CI/CD Security, Veracode, BurpSuite, Microservices Architecture.

Stackforce AI infers this person is a Cybersecurity Engineer specializing in Fintech and Cloud Security.

Location: Pune, Maharashtra, India

Experience: 2 yrs 11 mos

Skills

Cybersecurity
Devsecops
Application Security
Java Development
Core Java

Career Highlights

Modernized BFSI applications for global leaders.
Improved backend response times by 17%.
1st Prize Winner at PuneVerse Hackathon.

Work Experience

EY

Software Engineer (3 mos)

Tata Consultancy Services

System Engineer (2 yrs 8 mos)

Java Developer (2 yrs 8 mos)

Tetra Pak

Software Engineer Intern (5 mos)

Education

bachelor's of Engineering - BE at Savitribai Phule Pune University

bachelor's of Engineering - BE at Dr. D. Y. Patil Institute of Technology, Pimpri, Pune

Agile Certification at YESI EDUCATION

Ashutosh Surothia

Software Engineer

Pune, Maharashtra, India2 yrs 11 mos experience

AI Enabled

Key Highlights

Modernized BFSI applications for global leaders.
Improved backend response times by 17%.
1st Prize Winner at PuneVerse Hackathon.

Stackforce AI infers this person is a Cybersecurity Engineer specializing in Fintech and Cloud Security.

Contact

Skills

Core Skills

CybersecurityDevsecopsApplication SecurityJava DevelopmentCore Java

Other Skills

Artificial IntelligenceBanking and Financial web applicationsMicroservicesAgile MethodologiesCloud SecurityIdentity & Access ManagementJava 8+Spring BootMySQLCyber Threat Intelligence (CTI)Artificial Intelligence (AI)Penetration TestingSecure CodingSpring FrameworkSoftware Development

About

Experience

2 yrs 11 mos

Total Experience

2 yrs 8 mos

Average Tenure

3 mos

Current Experience

Ey

Software Engineer

Feb 2026 – Present · 3 mos · Pune District, Maharashtra, India · On-site

Cybersecurity, Artificial intelligence, Banking and Financial web applications

CybersecurityArtificial IntelligenceBanking and Financial web applications

Tata consultancy services

2 roles

System Engineer

Promoted

May 2023 – Jan 2026 · 2 yrs 8 mos

System Engineer | DevSecOps & Application Security
Tata Consultancy Services (TCS) • Full-time
Modernizing highly regulated BFSI applications by bridging scalable backend engineering with enterprise cybersecurity, DevSecOps, and secure multi-cloud architecture.
Application Security (AppSec): Engineered secure Spring Boot microservices and REST APIs, actively mitigating OWASP Top 10 vulnerabilities throughout the Secure SDLC.
Multi-Cloud Security (Azure/AWS): Architected robust cloud infrastructures applying Defense in Depth strategies. Utilized Microsoft Defender for Cloud for continuous posture management and threat protection.
Identity & Access Management (IAM): Enforced Zero Trust architecture and centralized identity controls using Microsoft Entra ID alongside Azure/AWS IAM policies, securing APIs and database assets (PostgreSQL/MySQL).
DevSecOps Automation: Hardened CI/CD pipelines (GitHub Actions, Jenkins, Concourse) to automate secure deployments, accelerating release cycles and reducing Git conflicts by 30%.
Secure Backend Engineering: Improved processing speed by 20% via Java code revamps and utilized Aspect-Oriented Programming (AOP) for immutable audit logging and secure transaction management.
Tech & Security Stack: Cloud Security (Azure, AWS, GCP), Microsoft Defender for Cloud, Entra ID (IAM), Defense in Depth, DevSecOps, AppSec, OWASP, SSDLC, Java 8+, Spring Boot, Microservices, CI/CD.