Gurugram, Haryana, India
๐ I help organizations secure their cloud infrastructure and applications. With 9+ years in cybersecurity, I specialize in securing products from code to cloud. My expertise spans Cloud Security, Penetration Testing, Web, API & Mobile Application Security, Threat Modelling, DevSecOps, and AI Security. I'm passionate about securing AWS environments and building resilient, scalable cloud infrastructures. ๐ Key Highlights & Achievements: โ๏ธ ML-based WAF achieved 97% malicious detection rate; CSPM scores elevated to near-perfect via NIST/CIS remediation. โ๏ธShift-left DevSecOps: Semgrep, SonarQube & OWASP ZAP integrated across CI/CD; end-to-end GenAI product security delivered. โ๏ธ30+ VAPT engagements (JP Morgan Chase & others); AWS pen testing covering IAM, S3 misconfigs, EC2 SSRF exploits. ๐ My Expertise: Securing Web, API & Mobile Applications through Penetration Testing Designing Secure Systems & Threat Modelling Implementing DevSecOps & Shift Left Security practices Implementing SAST, DAST, and SCA Cloud Security (AWS/Azure/GCP) and Penetration Testing AI Security 1. Web, API & Mobile Application Penetration Testing 2. Secure Design & Threat Modelling 3. DevSecOps & Shift-Left Security 4. SAST, DAST, and SCA Implementation 5. Cloud Security (AWS/Azure/GCP) 6. Cloud Penetration Testing 7. AI Security ๐ CERTIFICATIONS โ AWS Certified Solutions Architect โ Associate โ AWS Certified Security โ Specialist โ AI Tools and Mastery Workshop โ Clapingo โ AI Growth and Automation Program โ Clapingo โ Certification GenAI in Penetration Testing โ Udemy โ AWS Cloud Security: Protect & Defend Certification โ DevOps Continuous Deployment Architecture โ TrainWithShubham โ Certified Ethical Hacker ( CEH ) โ OSCP
Application Security Engineer | Cloud Security | AI/LLM Security 1. Application & API Security Delivered end-to-end application penetration testing and social engineering assessments for global enterprise clients, identifying OWASP Top 10 vulnerabilities aligned to business risk and impact. Designed and deployed a proxy-based ML-powered WAF achieving a 97% malicious request detection rate, materially reducing attack surface exposure. Conducted security assessments across Web (OWASP Top 10) and Mobile (Android MASVS/MSTG) using MobSF, Frida, Objection, and jadx. Integrated Semgrep, SonarQube, and OWASP ZAP into CI/CD pipelines, enabling shift-left security 2. AI / GenAI Security Conducted LLM penetration testing and security assessments of AI-powered applications, including integrations with ChatGPT, Claude, and Gemini. Performed API security reviews for AI applications and delivered secure AI integration assessments across production environments. Specialised in securing GenAI-based applications with deep understanding of the unique LLM threat landscape โ prompt injection, model abuse, data leakage, and supply chain risks. 3. AWS Cloud Security Elevated AWS Security Hub scores to full compliance by remediating against NIST SP 800-53 Rev 5, CIS AWS Foundations v1.4.0, and AWS Foundational Security Best Practices across multi-account environments. Deployed GuardDuty, Inspector, and AWS Config at scale for ML-based threat detection, automated vulnerability assessment, and continuous compliance monitoring. Implemented least-privilege IAM and IAM Identity Provider for SSO-based centralised access management via AWS Organizations. Performed AWS Penetration Testing targeting IAM privilege escalation, S3 misconfigurations, insecure Lambda functions, EC2 SSRF/IMDSv1 attacks, and VPC security group weaknesses. Conducted security configuration reviews across AWS environments and firewalls; produced CVSS-rated remediation reports with actionable findings.
Managed Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) to achieve the highest security posture scores across AWS and Azure environments. Improved AWS Security Hub scores by enabling and remediating findings against NIST SP 800-53 Rev 5, CIS AWS Foundations Benchmark v1.4.0, and AWS Foundational Security Best Practices v1.0.0. Enhanced Microsoft Defender for Cloud posture by addressing findings under CIS Microsoft Azure Foundations Benchmark v2.0.0 and the Microsoft Cloud Security Benchmark. Enforced the Least Privilege Principle by implementing granular AWS IAM policies and permission boundaries to minimise the attack surface. Deployed and managed AWS GuardDuty for ML-driven, real-time threat detection covering compromised credentials, unauthorised access, and malicious IP traffic. Automated vulnerability assessments using AWS Inspector and implemented AWS Config rules for continuous compliance monitoring and drift detection. Administered AWS Organizations to streamline billing, service control policies (SCPs), and cross-account access management. Designed and maintained CI/CD pipeline security using GitLab, Terraform, AWS, and Azure. Deployed Terraform modules to provision AWS infrastructure securely; implemented MDVM and SSO IAM federation in Azure.
POC: Enterprise Cloud Security Architecture โช Architected end-to-end Cloud Security for enterprise clients; automated EC2 provisioning using CloudFormation and authored IaC for EC2, ELB and S3 with security guardrails. โช Deployed and managed Macie, GuardDuty, Inspector, WAF & IAM Access Analyzer; configured CloudTrail for governance and operational auditing. โช Performed AWS Penetration Testing: discovered IAM privilege escalation, S3 public access issues and unencrypted-data-at-rest vulnerabilities. โช Enforced NIST, CIS & PCI-DSS compliance; managed S3 lifecycle policies and secure Docker container deployments.
POC: GenAI Product Security Pipeline โช Executed SAST (Checkmarx, Semgrep) and DAST (Netsparker, OWASP ZAP) across crypto exchange web and transaction platforms. โช Performed manual Android & Web offensive assessments targeting wallet and transaction flow vulnerabilities using advanced techniques. โช Conducted GenAI product security assessments covering Threat Modelling, SAST, SCA, DAST, Cloud Security & Secrets Detection. โช Collaborated with development teams to embed secure coding standards and penetration testing throughout the SDLC; prioritized remediation via CVSS scoring.
Performed Static Application Security Testing (SAST) using Checkmarx and Semgrep to identify code-level vulnerabilities before deployment. Conducted Dynamic Application Security Testing (DAST) using Netsparker and OWASP ZAP to detect vulnerabilities in running applications. Analysed scan results, prioritised remediation by severity and business impact, and tracked all fixes through to closure. Conducted mobile application security testing for Android and iOS platforms using OWASP ZAP and MobSF. Implemented SAST tooling for blockchain applications, crypto wallets, and exchange platforms. Partnered with development teams to embed secure coding standards and vulnerability remediation processes into the SDLC.
Executed comprehensive penetration testing on 20+ web applications and APIs using both manual and automated techniques, significantly enhancing application security and compliance posture. Led Generative AI Product Security engagements covering Threat Modelling, SAST, SCA, DAST, Cloud Security, and Secrets Detection. Collaborated with development teams to integrate security best practices into the software development lifecycle and DevSecOps pipelines.