Rohit Salecha
Verified Expert in Engineering
Security Specialist and DevOps Developer
Mumbai, Maharashtra, India
Toptal member since May 14, 2021
Rohit is a technology geek who loves to explore anything that runs and understands binary. As a security engineer, he is passionate about learning technology's length, breadth, and depth. Being more on the defensive side, he has evangelized secure software development at various organizations for over a decade. He is driven by the "everything as code" mantra and firmly believes that the security team must strive towards making themselves irrelevant.
Portfolio
Experience
Availability
Preferred Environment
Ubuntu, Slack, Burp Suite, Security, MacOS, Amazon Web Services (AWS), Amazon EKS, Kubernetes
The most amazing...
...project I've delivered entailed moving 100+ Linux-based VMs to AWS EKS and allowing access to the bash terminal on the browser through Apache Guacamole.
Work Experience
Engineering Manager
Hotstar
- Handled a company-wide project to clean and secure a secrets management solution (Hashicorp Vault).
- Developed OKRs for the complete platform, infrastructure, and product security. Aligned sprints with the OKRs for the entire team.
- Contributed to multiple engagements that impacted the entire organization's security, like solving secret management.
- Worked with a team to solve real-world security problems like perimeter security.
Senior Engineering Manager
Zynga
- Handled threat modeling for critical applications and identified cheat scenarios for games.
- Managed a team of 5+ pen testers and groomed them to conduct penetration testing on games with high efficiency and coverage.
- Performed red teaming on critical assets within Zynga to test the security controls.
Security Architect
Claranet Cyber Security
- Worked as a security architect for one of Claranet's premier clients, helping them to set up a product security team riding on the "Shift Left" paradigm.
- Developed a broad and deep technical understanding of the client's application organization's applications, services, and architectures.
- Supported and provided consultancy to development teams in DevSecOps and application, security, and mobile security.
Associate Director
NotSoSecure
- Moved 100+ VMs running on an ESX server to AWS EKS by dockerizing the underlying OS and its dependencies. The Bash shell was also exposed over the browser using Apache Guacamole. This helped save time and money, increasing flexibility.
- Led the team in the development of a training called DevSecOps and taught people how to inject security into their DevOps pipelines. Created hands-on labs accessible right from the browser.
- Led a team of specialists in performing threat modeling and secure architecture reviews for our clients.
IT Security Specialist
Emirates NBD
- Served as an internal information security consultant to the organization ensuring proper information security clearance amidst a constantly changing environment at the bank and ensure its compliance.
- Oversaw risk assessment of new business initiatives (products, channels, solutions) across the bank from an information security and architecture perspective ensuring involvement at every stage of the project/imitative lifecycle.
- Performed third-party (vendor) assessments through RFP sessions helping to select the best vendor from a security and architecture perspective.
IT Risk Advisory Consultant
EY
- Performed vulnerability assessments and penetration testing for EYs clients in the telecommunications, media and entertainment, and technology domains.
- Performed IT audits to ensure compliance with various regulatory standards and policies including SOX and TRAI.
- Developed and reviewed the minimum baseline security standards for various technologies.
Security Analyst
NII Consulting
- Performed VAPT on web/mobile applications and servers for clients in the banking industry and advised them on security issues.
- Conducted CSJD (certified secure Java development) trainings for NII’s and IIS’s premier clients and CSI (Computer Society of India) Mumbai Chapter.
- Delivered security awareness training to the senior management of a major oil and gas corporation in India.
- Managed single-handedly a 3-month engagement for a leading insurance company to perform secure code reviews and developed security guidelines for developers in J2EE technology.
Software Engineer
Mastek
- Served as a full-stack developer in J2EE-Oracle technology with expertise in Spring, Apache Struts, JPA, Hibernate, MySQL, and Oracle.
- Developed a suite of applications for the MHADA Lottery 2012 following secure coding best practices as advised by the security team over a period of 15 months.
- Developed J2ME mobile applications for bus-tracking as part of a hackathon.
Experience
Practical DevOps - The Lab
https://github.com/salecharohit/devopsAuthor of "Practical GitOps: Infrastructure Management Using Terraform, AWS, and GitHub Actions"
https://www.amazon.in/Practical-GitOps-Infrastructure-Management-Terraform/dp/1484286723Training at Black Hat USA 2024
https://www.blackhat.com/us-24/training/schedule/#securing-the-four-cs-of-a-software-product-aws-edition-36609This scenario inspired the creation of 'Securing 4C's of Software Product,' a specialized training program tailored to secure the core pillars of product security: Code, Container, Cluster, and Cloud.
Education
Bachelor of Engineering Degree in Electronics
University of Mumbai - Mumbai, India
Certifications
AWS Certified DevOps Engineer – Professional
Amazon Web Services
AWS Certified Developer Associate
AWS
Certified Kubernetes Administrator
CNCF
CISSP
ISC2
OSCP
Offensive Security
Skills
Libraries/APIs
Jenkins Pipeline
Tools
Vagrant, GitHub, Amazon EKS, Terraform, Ansible, Jenkins, ELK (Elastic Stack), OWASP Zed Attack Proxy (ZAP), AWS IAM, NMap, NGINX, AWS ELB, Jira, GCP Security
Paradigms
DevSecOps, DevOps, Penetration Testing, Continuous Delivery (CD), Continuous Integration (CI), Objectives & Key Results (OKRs)
Platforms
Windows, Kali Linux, Burp Suite, Ubuntu, Kubernetes, Docker, Amazon Web Services (AWS), AWS Lambda, Android, DigitalOcean, Azure, MacOS, Amazon
Industry Expertise
Cybersecurity
Languages
Java, Bash, Python
Storage
Inspec
Frameworks
Apache Struts, JPA
Other
VAPT, Web Security, IT Security, Security, Dynamic Application Security Testing (DAST), OWASP, OWASP Top 10, Threat Modeling, Windows Subsystem for Linux (WSL), Team Management, Static Application Security Testing (SAST), Secure Containers, Audits, Mobile Security, CI/CD Pipelines, Cloud, DevOps Engineer, GitHub Actions, AWS Certified DevOps Engineer, AWS DevOps, SOX Compliance, Cloud Security, GitOps, Planning, Semgrep, Kyverno, opa
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring