Projects
25 projects organized across six security pillars. Vendor-anonymous capability categories. Every entry traces to the resume or the detailed technical profile.
01 / 06 — AI / AGENTIC SECURITY
Evaluated AI security platforms for prompt injection, RAG poisoning, and agentic risk coverage. Onboarded selected platform into CI workflows for continuous AI security validation against AI application instances.
Source: TP §3.3, TP §4.4, TP §5.6
Built a structured library of proof-of-concept exploits validating prompt injection, indirect injection, RAG pipeline weaknesses, model abuse, and agentic risks. Used to validate AI features prior to production deployment.
Source: R
Continuous posture validation for AI-powered application components. AI security checks triggered on changes to AI-related codepaths and instances.
Source: TP §3.3, TP §5.6
02 / 06 — DEVSECOPS + INFRASTRUCTURE AS CODE
Integrated source-code, dependency, and secret scanning into CI/CD pipelines. Established security gates and feedback loops for engineering teams.
Source: R, TP §3.2, TP §4.2, TP §5.4
Built and onboarded multiple security GitHub Actions to run automatically on push/PR — SAST, SCA, secret scanning, AI security checks, and additional open-source security tools.
Source: R, TP §3.2, TP §5.5
Defined and rolled out paved security standards across feature delivery workflows. Security gates that ship without slowing sprint velocity.
Source: R, TP §3.2
Built Python and Bash automation for SAST triage, vulnerability reporting pipelines, and CI/CD security checks. Reduced manual effort and improved tracking accuracy.
Source: R
03 / 06 — APPLICATION SECURITY
Delivered Web, Mobile, and API security assessments across Banking, E-commerce, Healthcare, and Enterprise verticals — approximately 40% reduction in client security incidents.
Source: R
Reviewed source code across Java, Python, JavaScript, and Ruby stacks. Identified OWASP Top 10 issues, authentication flaws, race conditions, and business logic weaknesses with developer-actionable remediation.
Source: R
Internal vulnerability assessments and penetration testing across applications and APIs — manual validation, PoC evidence, structured remediation guidance.
Source: R, TP §3.1, TP §5.8
Reviewed product architecture and FSD documents for new features. Enforced defense-in-depth design, secure data handling, and cryptographic standards — preventing high-severity issues from reaching production.
Source: R
Critical-severity findings on Bugcrowd, HackerOne, and Intigriti for Dell Technologies and the Government of India.
Source: R
Built Python tools to automate session token identification, dynamic token generation for regression testing, and reporting workflows — reducing assessment cycle time across client engagements.
Source: R
04 / 06 — CLOUD SECURITY
Led a four-vendor Web Application Firewall evaluation. Built application-context-driven evaluation criteria. Conducted hands-on PoCs. Helped finalize WAF platform.
Source: R, TP §4.3, TP §5.1
Evaluated 5+ CNAPP platforms. Manually validated findings rather than relying on scanner output alone. Operationalized selected platform and integrated it into CI workflows.
Source: R, TP §4.1, TP §5.3
Built a toolkit to streamline onboarding into the WAF platform — analyzing application behavior, Kubernetes ingress configuration, certificate mappings, application flows, and anomaly patterns. Bash + Python + Kubernetes.
Source: TP §5.2
Reviewed AWS-native security findings, threat-detection alerts, and CNAPP findings. Validated high-risk findings, identified false positives, and supported remediation.
Source: R, TP §3.4, TP §5.7
AWS EKS-based security testing setup using namespace separation and bastion-based access for Kubernetes security validation.
Source: TP §5.11
Practical checklist combining offensive cloud testing methods with defensive best practices for IAM, logging, monitoring, EKS, and cloud posture review.
Source: TP §5.10
SRE-focused migration documentation covering pre-migration preparation, migration handling, operational checks, and post-migration validation.
Source: TP §5.12
05 / 06 — VULNERABILITY MANAGEMENT + RISK
Vulnerability management lifecycle across SAST, SCA, secrets, CNAPP, cloud-native security signals, WAF observations, AI security scans, and manual VAPT. Manual validation, CVSS prioritization, remediation tracking.
Source: TP §3.6, TP §10
Enhanced SCA workflows with CVSS-based prioritization, reducing false positives by approximately 15% and accelerating developer triage velocity.
Source: R
Supported SOC 2, ISO 27001, HIPAA, and HITRUST evidence collection. Validated technical controls, provided audit evidence, supported customer assurance and vendor security questionnaires.
Source: R, TP §3.7, TP §9
06 / 06 — THREAT MODELING
Threat modeling on product architecture and FSD documents pre-release using STRIDE. Catches defense-in-depth, secure data handling, and cryptographic issues before they ship.
Source: R
Applied MAESTRO to LLM and agentic systems for tool-use risk, confused-deputy patterns, and indirect injection. Output: per-feature threat-model deliverable.
Source: R, TP §3.3