Verified Expert in Engineering
Security Specialist and DevOps Developer
Rohit is a technology geek who loves to explore anything that runs and understands binary. As a security engineer, he is passionate about learning technology's length, breadth, and depth. Being more on the defensive side, he has evangelized secure software development at various organizations for over a decade. He is driven by the "everything as code" mantra and firmly believes that the security team must strive towards making themselves irrelevant.
Ubuntu, Slack, Burp Suite, Security, MacOS, Amazon Web Services (AWS), Amazon EKS, Kubernetes
The most amazing...
...project I've delivered entailed moving 100+ Linux-based VMs to AWS EKS and allowing access to the bash terminal on the browser through Apache Guacamole.
- Developed OKRs for the complete platform, infrastructure, and product security. Aligned Sprints with the OKRs for the entire team.
- Worked on multiple engagements that impacted the entire organization's security, like solving secret management.
- Worked with a team to solve real-world security problems like perimeter security.
Claranet Cyber Security
- Worked as a security architect for one of Claranet's premier clients, helping them to set up a product security team riding on the "Shift Left" paradigm.
- Developed a broad and deep technical understanding of the client's application organization's applications, services, and architectures.
- Supported and provided consultancy to development teams in DevSecOps and application, security, and mobile security.
- Moved 100+ VMs running on an ESX server to AWS EKS by dockerizing the underlying OS and its dependencies. The Bash shell was also exposed over the browser using Apache Guacamole. This helped save time and money, increasing flexibility.
- Led the team in the development of a training called DevSecOps and taught people how to inject security into their DevOps pipelines. Created hands-on labs accessible right from the browser.
- Led a team of specialists in performing threat modeling and secure architecture reviews for our clients.
IT Security Specialist
- Served as an internal information security consultant to the organization ensuring proper information security clearance amidst a constantly changing environment at the bank and ensure its compliance.
- Oversaw risk assessment of new business initiatives (products, channels, solutions) across the bank from an information security and architecture perspective ensuring involvement at every stage of the project/imitative lifecycle.
- Performed third-party (vendor) assessments through RFP sessions helping to select the best vendor from a security and architecture perspective.
IT Risk Advisory Consultant
- Performed vulnerability assessments and penetration testing for EYs clients in the telecommunications, media and entertainment, and technology domains.
- Performed IT audits to ensure compliance with various regulatory standards and policies including SOX and TRAI.
- Developed and reviewed the minimum baseline security standards for various technologies.
- Performed VAPT on web/mobile applications and servers for clients in the banking industry and advised them on security issues.
- Conducted CSJD (certified secure Java development) trainings for NII’s and IIS’s premier clients and CSI (Computer Society of India) Mumbai Chapter.
- Delivered security awareness training to the senior management of a major oil and gas corporation in India.
- Managed single-handedly a 3-month engagement for a leading insurance company to perform secure code reviews and developed security guidelines for developers in J2EE technology.
- Served as a full-stack developer in J2EE-Oracle technology with expertise in Spring, Apache Struts, JPA, Hibernate, MySQL, and Oracle.
- Developed a suite of applications for the MHADA Lottery 2012 following secure coding best practices as advised by the security team over a period of 15 months.
- Developed J2ME mobile applications for bus-tracking as part of a hackathon.
Practical DevOps - The Labhttps://github.com/salecharohit/devops
DigitalOcean Pentest Environmenthttps://github.com/salecharohit/do-pentest
GitOps with Terraform, GitHub Actions, and AWS EKS
Vagrant, GitHub, Amazon EKS, Terraform, Ansible, Jenkins, ELK (Elastic Stack), OWASP Zed Attack Proxy (ZAP), AWS IAM, NMap, NGINX, AWS ELB, Jira
DevSecOps, DevOps, Penetration Testing, Continuous Delivery (CD), Continuous Integration (CI), Objectives & Key Results (OKRs)
Windows, Kali Linux, Burp Suite, Ubuntu, Kubernetes, Docker, Amazon Web Services (AWS), AWS Lambda, Android, DigitalOcean, Azure, MacOS
VAPT, Web Security, IT Security, Security, Dynamic Application Security Testing (DAST), OWASP, OWASP Top 10, Threat Modeling, Windows Subsystem for Linux (WSL), Team Management, Static Application Security Testing (SAST), Secure Containers, Vendor Audit, Mobile Security, CI/CD Pipelines, Cloud, DevOps Engineer, GitHub Actions, AWS Certified DevOps Engineer, AWS DevOps, SOX Compliance, Cloud Security, GitOps, Planning
Java, Bash, Python
Apache Struts, JPA
Bachelor Of Engineering Degree in Electronics
University of Mumbai - Mumbai, India
AWS Certified DevOps Engineer – Professional
Amazon Web Services
AWS Certified Developer Associate
Certified Kubernetes Administrator
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.Start hiring