Rohit Salecha, Developer in Mumbai, Maharashtra, India
Rohit is available for hire
Hire Rohit

Rohit Salecha

Verified Expert  in Engineering

Security Specialist and DevOps Developer

Location
Mumbai, Maharashtra, India
Toptal Member Since
May 14, 2021

Rohit is a technology geek who loves to explore anything that runs and understands binary. As a security engineer, he is passionate about learning technology's length, breadth, and depth. Being more on the defensive side, he has evangelized secure software development at various organizations for over a decade. He is driven by the "everything as code" mantra and firmly believes that the security team must strive towards making themselves irrelevant.

Portfolio

Hotstar
Team Management, Objectives & Key Results (OKRs), Jira, Planning...
Claranet Cyber Security
Amazon EKS, Threat Modeling, Amazon Web Services (AWS), Azure
NotSoSecure
Kubernetes, Amazon EKS, Burp Suite, Bash, Python, Java, Team Management, Inspec...

Experience

Availability

Part-time

Preferred Environment

Ubuntu, Slack, Burp Suite, Security, MacOS, Amazon Web Services (AWS), Amazon EKS, Kubernetes

The most amazing...

...project I've delivered entailed moving 100+ Linux-based VMs to AWS EKS and allowing access to the bash terminal on the browser through Apache Guacamole.

Work Experience

Engineering Manager

2022 - PRESENT
Hotstar
  • Developed OKRs for the complete platform, infrastructure, and product security. Aligned Sprints with the OKRs for the entire team.
  • Worked on multiple engagements that impacted the entire organization's security, like solving secret management.
  • Worked with a team to solve real-world security problems like perimeter security.
Technologies: Team Management, Objectives & Key Results (OKRs), Jira, Planning, Amazon Web Services (AWS), Amazon EKS

Security Architect

2021 - 2022
Claranet Cyber Security
  • Worked as a security architect for one of Claranet's premier clients, helping them to set up a product security team riding on the "Shift Left" paradigm.
  • Developed a broad and deep technical understanding of the client's application organization's applications, services, and architectures.
  • Supported and provided consultancy to development teams in DevSecOps and application, security, and mobile security.
Technologies: Amazon EKS, Threat Modeling, Amazon Web Services (AWS), Azure

Assosciate Director

2016 - 2021
NotSoSecure
  • Moved 100+ VMs running on an ESX server to AWS EKS by dockerizing the underlying OS and its dependencies. The Bash shell was also exposed over the browser using Apache Guacamole. This helped save time and money, increasing flexibility.
  • Led the team in the development of a training called DevSecOps and taught people how to inject security into their DevOps pipelines. Created hands-on labs accessible right from the browser.
  • Led a team of specialists in performing threat modeling and secure architecture reviews for our clients.
Technologies: Kubernetes, Amazon EKS, Burp Suite, Bash, Python, Java, Team Management, Inspec, Ansible, DevSecOps, AWS Lambda, ELK (Elastic Stack), Jenkins, Penetration Testing, Secure Containers, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Continuous Integration (CI), Cloud Security, Continuous Delivery (CD), Jenkins Pipeline, Security, Web Security, Vagrant, Cloud, OWASP, OWASP Zed Attack Proxy (ZAP), OWASP Top 10, Kali Linux, Docker, CI/CD Pipelines, Threat Modeling, Cybersecurity, Amazon Web Services (AWS), DevOps Engineer, DevOps, GitHub

IT Security Specialist

2015 - 2016
Emirates NBD
  • Served as an internal information security consultant to the organization ensuring proper information security clearance amidst a constantly changing environment at the bank and ensure its compliance.
  • Oversaw risk assessment of new business initiatives (products, channels, solutions) across the bank from an information security and architecture perspective ensuring involvement at every stage of the project/imitative lifecycle.
  • Performed third-party (vendor) assessments through RFP sessions helping to select the best vendor from a security and architecture perspective.
Technologies: Penetration Testing, Security, Web Security, Burp Suite, OWASP, OWASP Top 10, Kali Linux, Threat Modeling, Cybersecurity

IT Risk Advisory Consultant

2014 - 2015
EY
  • Performed vulnerability assessments and penetration testing for EYs clients in the telecommunications, media and entertainment, and technology domains.
  • Performed IT audits to ensure compliance with various regulatory standards and policies including SOX and TRAI.
  • Developed and reviewed the minimum baseline security standards for various technologies.
Technologies: SOX Compliance, Vendor Audit, Penetration Testing, Security, Web Security, OWASP, OWASP Top 10, Kali Linux, Burp Suite, Cybersecurity

Security Analyst

2012 - 2014
NII Consulting
  • Performed VAPT on web/mobile applications and servers for clients in the banking industry and advised them on security issues.
  • Conducted CSJD (certified secure Java development) trainings for NII’s and IIS’s premier clients and CSI (Computer Society of India) Mumbai Chapter.
  • Delivered security awareness training to the senior management of a major oil and gas corporation in India.
  • Managed single-handedly a 3-month engagement for a leading insurance company to perform secure code reviews and developed security guidelines for developers in J2EE technology.
Technologies: VAPT, Penetration Testing, Mobile Security, Web Security, Security, OWASP, OWASP Top 10, Kali Linux, Burp Suite, Cybersecurity

Software Engineer

2010 - 2012
Mastek
  • Served as a full-stack developer in J2EE-Oracle technology with expertise in Spring, Apache Struts, JPA, Hibernate, MySQL, and Oracle.
  • Developed a suite of applications for the MHADA Lottery 2012 following secure coding best practices as advised by the security team over a period of 15 months.
  • Developed J2ME mobile applications for bus-tracking as part of a hackathon.
Technologies: Java, Android, Apache Struts, JPA, Security

Practical DevOps - The Lab

https://github.com/salecharohit/devops
This is a lab for practicing your DevOps skills by tieing up DevOps tools such as Jenkins, Docker, Ansible, Vagrant, and the ELK stack. The entire environment was built using Vagrant and Virtualbox and provisioned with Ansible as a completely automated setup. Local Git was used as the SCM and Jenkins as the CI/CD server for pulling changes from the SCM, building and packaging the code, and then deploying it onto the staging and production servers. Staging and production servers run Docker and Jenkins runs the Docker images of our application. Filebeats was deployed on staging as well as production API servers to feed the logs to Logstash. Logstash ships them to Elasticsearch, and Kibana used to view them in real-time. We used a simple Ubuntu machine to store the API and front-end build files for archiving our builds.

DigitalOcean Pentest Environment

https://github.com/salecharohit/do-pentest
Many times during a pentest, we needed a server on the cloud that would assist in scanning with tools such as NMAP or simply a reverse look-up on Nginx. For that reason, I created this project that spins up a Droplet on DigitalOcean to install our custom tools, do the pentest, and destroy the environment!

GitOps with Terraform, GitHub Actions, and AWS EKS

Wrote Terraform scripts to set up the entire AWS infrastructure, including RDS, EFS, and AWS EKS. The Terraform state was stored in Terraform Cloud and a GitOps pipeline was created using GitHub Actions. Every time a new Kubernetes resource needs to be created, it would be deployed through this pipeline which had multiple checks.

Tools

Vagrant, GitHub, Amazon EKS, Terraform, Ansible, Jenkins, ELK (Elastic Stack), OWASP Zed Attack Proxy (ZAP), AWS IAM, NMap, NGINX, AWS ELB, Jira

Paradigms

DevSecOps, DevOps, Penetration Testing, Continuous Delivery (CD), Continuous Integration (CI), Objectives & Key Results (OKRs)

Platforms

Windows, Kali Linux, Burp Suite, Ubuntu, Kubernetes, Docker, Amazon Web Services (AWS), AWS Lambda, Android, DigitalOcean, Azure, MacOS

Industry Expertise

Cybersecurity

Other

VAPT, Web Security, IT Security, Security, Dynamic Application Security Testing (DAST), OWASP, OWASP Top 10, Threat Modeling, Windows Subsystem for Linux (WSL), Team Management, Static Application Security Testing (SAST), Secure Containers, Vendor Audit, Mobile Security, CI/CD Pipelines, Cloud, DevOps Engineer, GitHub Actions, AWS Certified DevOps Engineer, AWS DevOps, SOX Compliance, Cloud Security, GitOps, Planning

Languages

Java, Bash, Python

Libraries/APIs

Jenkins Pipeline

Storage

Inspec

Frameworks

Apache Struts, JPA

2005 - 2009

Bachelor Of Engineering Degree in Electronics

University of Mumbai - Mumbai, India

JUNE 2021 - JUNE 2024

AWS Certified DevOps Engineer – Professional

Amazon Web Services

MAY 2021 - MAY 2024

AWS Certified Developer Associate

AWS

DECEMBER 2020 - DECEMBER 2022

Certified Kubernetes Administrator

CNCF

JULY 2016 - PRESENT

CISSP

ISC2

OCTOBER 2014 - PRESENT

OSCP

Offensive Security

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring