Rohit Salecha, Security Specialist and DevOps Developer in Mumbai, Maharashtra, India
Rohit Salecha

Security Specialist and DevOps Developer in Mumbai, Maharashtra, India

Member since May 9, 2021
Rohit is a technology enthusiast and an expert in IT security and security automation such as SAST, SCA, DAST, container, Kubernetes, and cloud security. He performed extensive vulnerability assessments and penetration testing for EYs clients in the telecommunications, media and entertainment, and technology domains. He loves to reverse engineer binaries and mobile applications to discover and exploit their vulnerabilities to ensure robust and reliable products.
Rohit is now available for hire

Portfolio

  • NotSoSecure
    Kubernetes, Amazon EKS, Burp Suite, Bash, Python, Java, Team Management...
  • Emirates NBD
    Pentesting, Security, Web Security, Burp Suite, OWASP, OWASP Top 10...
  • EY
    SOX Compliance, Vendor Audit, Pentesting, Security, Web Security, OWASP...

Experience

  • Pentesting 10 years
  • Penetration Testing 8 years
  • Static Application Security Testing (SAST) 4 years
  • DevSecOps 4 years
  • Amazon EKS 2 years
  • AWS 2 years
  • Cloud Security 2 years
  • Kubernetes 1 year

Location

Mumbai, Maharashtra, India

Availability

Part-time

Preferred Environment

Windows, Ubuntu, Windows Subsystem for Linux (WSL), Kali Linux, Slack, Burp Suite, Security

The most amazing...

...project I've delivered entailed moving Linux-based VMs (100+) to AWS EKS and allowing access to the Bash terminal on the browser through Apache Guacamole.

Employment

  • Assosciate Director

    2016 - PRESENT
    NotSoSecure
    • Moved 100+ VMs running on an ESX server to AWS EKS by dockerizing the underlying OS and its dependencies. The Bash shell was also exposed over the browser using Apache Guacamole. This helped save time and money increasing flexibility.
    • Led the team to develop a training called DevSecOps and taught people on how to inject security into their DevOps pipelines. Created hands-on labs accessible right from the browser.
    • Led of team of specialists in performing threat modeling and secure architecture review for our clients.
    Technologies: Kubernetes, Amazon EKS, Burp Suite, Bash, Python, Java, Team Management, Inspec, Ansible, AWS, DevSecOps, AWS Lambda, ELK (Elastic Stack), Jenkins, Pentesting, Secure Containers, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Continuous Integration (CI), Cloud Security, Continuous Delivery (CD), Jenkins Pipeline, Security, Web Security, Vagrant, Cloud, OWASP, OWASP Zed Attack Proxy (ZAP), OWASP Top 10, Kali Linux, Docker, CI/CD Pipelines, Threat Modeling, Cybersecurity, Amazon Web Services (AWS), DevOps Engineer, DevOps, GitHub
  • IT Security Specialist

    2015 - 2016
    Emirates NBD
    • Served as an internal information security consultant to the organization ensuring proper information security clearance amidst a constantly changing environment at the bank and ensure its compliance.
    • Oversaw risk assessment of new business initiatives (products, channels, solutions) across the bank from an information security and architecture perspective ensuring involvement at every stage of the project/imitative lifecycle.
    • Performed third-party (vendor) assessments through RFP sessions helping to select the best vendor from a security and architecture perspective.
    Technologies: Pentesting, Security, Web Security, Burp Suite, OWASP, OWASP Top 10, Kali Linux, Threat Modeling, Cybersecurity
  • IT Risk Advisory Consultant

    2014 - 2015
    EY
    • Performed vulnerability assessments and penetration testing for EYs clients in the telecommunications, media and entertainment, and technology domains.
    • Performed IT audits to ensure compliance with various regulatory standards and policies including SOX and TRAI.
    • Developed and reviewed the minimum baseline security standards for various technologies.
    Technologies: SOX Compliance, Vendor Audit, Pentesting, Security, Web Security, OWASP, OWASP Top 10, Kali Linux, Burp Suite, Cybersecurity
  • Security Analyst

    2012 - 2014
    NII Consulting
    • Performed VAPT on web/mobile applications and servers for clients in the banking industry and advised them on security issues.
    • Conducted CSJD (certified secure Java development) trainings for NII’s and IIS’s premier clients and CSI (Computer Society of India) Mumbai Chapter.
    • Delivered security awareness training to the senior management of a major oil and gas corporation in India.
    • Managed single-handedly a 3-month engagement for a leading insurance company to perform secure code reviews and developed security guidelines for developers in J2EE technology.
    Technologies: VAPT, Pentesting, Mobile Application Security, Web Security, Security, OWASP, OWASP Top 10, Kali Linux, Burp Suite, Cybersecurity
  • Software Engineer

    2010 - 2012
    Mastek
    • Served as a full-stack developer in J2EE-Oracle technology with expertise in Spring, Apache Struts, JPA, Hibernate, MySQL, and Oracle.
    • Developed a suite of applications for the MHADA Lottery 2012 following secure coding best practices as advised by the security team over a period of 15 months.
    • Developed J2ME mobile applications for bus-tracking as part of a hackathon.
    Technologies: Java, Android, Apache Struts, JPA, Security

Experience

  • Practical DevOps - The Lab
    https://github.com/salecharohit/devops

    This is a lab for practicing your DevOps skills by tieing up DevOps tools such as Jenkins, Docker, Ansible, Vagrant, and the ELK stack. The entire environment was built using Vagrant and Virtualbox and provisioned with Ansible as a completely automated setup. Local Git was used as the SCM and Jenkins as the CI/CD server for pulling changes from the SCM, building and packaging the code, and then deploying it onto the staging and production servers. Staging and production servers run Docker and Jenkins runs the Docker images of our application. Filebeats was deployed on staging as well as production API servers to feed the logs to Logstash. Logstash ships them to Elasticsearch, and Kibana used to view them in real-time. We used a simple Ubuntu machine to store the API and front-end build files for archiving our builds.

  • DigitalOcean Pentest Environment
    https://github.com/salecharohit/do-pentest

    Many times during a pentest, we needed a server on the cloud that would assist in scanning with tools such as NMAP or simply a reverse look-up on Nginx. For that reason, I created this project that spins up a Droplet on DigitalOcean to install our custom tools, do the pentest, and destroy the environment!

  • GitOps with Terraform, GitHub Actions, and AWS EKS

    Wrote Terraform scripts to set up the entire AWS infrastructure, including RDS, EFS, and AWS EKS. The Terraform state was stored in Terraform Cloud and a GitOps pipeline was created using GitHub Actions. Every time a new Kubernetes resource needs to be created, it would be deployed through this pipeline which had multiple checks.

Skills

  • Tools

    Vagrant, GitHub, Amazon EKS, Terraform, Ansible, Jenkins, ELK (Elastic Stack), OWASP Zed Attack Proxy (ZAP), AWS IAM, NMap, Nginx, AWS ELB
  • Paradigms

    DevSecOps, DevOps, Penetration Testing, Continuous Delivery (CD), Continuous Integration (CI)
  • Platforms

    Windows, Kali Linux, Burp Suite, Ubuntu, Kubernetes, Docker, Amazon Web Services (AWS), AWS Lambda, Android, DigitalOcean
  • Industry Expertise

    IT Security, Security, Cybersecurity
  • Other

    Pentesting, VAPT, Web Security, Dynamic Application Security Testing (DAST), OWASP, OWASP Top 10, Threat Modeling, Windows Subsystem for Linux (WSL), Team Management, AWS, Static Application Security Testing (SAST), Secure Containers, Vendor Audit, Mobile Application Security, CI/CD Pipelines, Cloud, DevOps Engineer, GitHub Actions, AWS Certified DevOps Engineer, AWS DevOps, SOX Compliance, Cloud Security, Pentest, GitOps
  • Languages

    Java, Bash, Python
  • Libraries/APIs

    Jenkins Pipeline
  • Storage

    Inspec
  • Frameworks

    Apache Struts, JPA

Education

  • Bachelor Of Engineering Degree in Electronics
    2005 - 2009
    University of Mumbai - Mumbai, India

Certifications

  • AWS Certified DevOps Engineer – Professional
    JUNE 2021 - JUNE 2024
    Amazon Web Services
  • AWS Certified Developer Associate
    MAY 2021 - MAY 2024
    AWS
  • Certified Kubernetes Administrator
    DECEMBER 2020 - DECEMBER 2022
    CNCF
  • CISSP
    JULY 2016 - PRESENT
    ISC2
  • OSCP
    OCTOBER 2014 - PRESENT
    Offensive Security

To view more profiles

Join Toptal
Share it with others