Rukender Attri, Developer in New Delhi, Delhi, India
Rukender is available for hire
Hire Rukender

Rukender Attri

Verified Expert  in Engineering

DevSecOps Engineer and Developer

Location
New Delhi, Delhi, India
Toptal Member Since
March 5, 2021

Rukender is a security specialist with over a decade of experience in information security. He’s well versed in cloud security (AWS, Azure), VAPT of web apps and networks, ELK, source code review, malware & threat analysis, cyberattack testing, DDoS prevention, internal auditing (ISO27001, PCI-DSS), and incident response. Rukender also has multiple certifications including GCIH SANS, CEH-V9, and DevSecOps from ISC2. Currently, Rukender is working as a technical leader of cloud and DevSecOps.

VAPTInformation SecurityCloud SecurityLinuxWindowsGitLabAmazon Web Services (AWS)Endpoint SecurityWeb App SecurityMicrosoft SQL ServerSplunkElasticsearchKibanaPython 3Database Security

Availability

Part-time

Preferred Environment

Security Design, IT Security, Security Analysis, Endpoint Security, Infrastructure, Database Security, Cloud Security, Vulnerability Management, Azure, Amazon Web Services (AWS)

The most amazing...

...project I worked on was establishing and building an information security team from scratch for a rapidly growing US-based healthcare startup.

Work Experience

Cloud Security Consultant

2021 - 2021
Global Financial Enterprise (Toptal Client)
  • Served as Cloud security consultant to securely migrate the applications from on-premise to Azure Cloud environment, implementing and enabling security services and tools to securely migrate and deploy the application in a Cloud environment.
  • Collaborated with one of the largest financial customers to secure their app hosted in Azure environment, providing end-to-end security and working on Azure Sentinel, Security Center, ARM, AD, Key Vault, Encryption, and Workload Security.
  • Implement and manage cloud security best practices in Azure, AWS, Integrated logging, monitoring, and automation solutions to respond to detected incidents in the cloud and hybrid environment.
  • Architect and designed the secure web application flow. So, when anyone sends a request to the application, it will route through a secure channel using Azure NGFW, Application Gateway, Azure WAF, and adding WAF policies.
  • Used Azure ARM, Azure AD, Azure Sentinel, Azure WAF, Azure security center, Azure Watcher, KeyVault, Network Firewall, Azure ATP, and Incident handling.
  • Operated DevOps tools and technologies like Docker, K8 security, and terraform and automated tasks using Python. Created, reviewed, and updated documentation, including publishing SOPs, standards, and guidelines.
  • Worked on securing the Kubernetes by ensuring that RBAC is used to provide access, protect etcd with TLS, firewall, and encryption, isolate Kubernetes Nodes and turn on Audit Logging and LockDown Kubelet.
  • Used Jira to track the progress of the work and ServiceNow as a change management tool to track the changes implemented in the environment.
Technologies: Azure, Azure Monitor, Azure Web Application Firewall, Azure Active Directory B2C (ADB2C), Azure Resource Manager (ARM), Azure Network Security Groups, Security, Incident Management, SIEM, Security Orchestration, Automation, and Response (SOAR), Kubernetes, Amazon Web Services (AWS), Cloud Security, Amazon GuardDuty

Senior Manager of Information Security

2018 - 2020
Innovaccer
  • Served as a security engineer hired at the company and established information security from scratch in one of the fast-growing US-based healthcare startups.
  • Implemented the application, cloud (AWS), infrastructure, and data security for the entire company, which helped the company obtain customer trust.
  • Worked on securing a range of projects before they got deployed in the production environment by performing security testing and scanning using Sonarqube, ensuring CI/CD build, and DAST scanning using Burp Suite.
  • Used Jira to track the progress of the work and ServiceNow as a change management tool to track the changes implemented in the environment.
  • Implemented third-party security tools to secure the cloud environment, AWS, and Azure, using the Lacework enterprise tool. Configured Wazuh for FIM and host monitoring in Azure and AWS cloud, securing the containers.
  • Worked on securing containers, Kubernetes, and Terraform build. Also gained good experience working with automation tools like SaltStack, Puppet, etc.
  • Implemented a third-party enterprise tool for AWS and Azure cloud monitoring called Lacework to identify threats in the environment and scan the workload instances like instances and containers.
Technologies: Cloud Security, Application Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), DevOps, Kubernetes, Terraform, Secure Containers

Senior Security Engineer

2016 - 2018
Adobe
  • Worked as part of Adobe on the AEM end-to-end security team, oversaw and handled all the security incidents in India and APAC region, and secured the application, which was hosted in a cloud (AWS) environment.
  • Used automation tools like SaltStack, HubbleStack (in-house open-source tool), and CloudTrail.
  • Monitored cloud environment security incidents, automated security tasks, and implemented security tools.
  • Achieved security incident visibility in the environment via automation. This helped DevOps and the development team to detect and fix security events.
Technologies: Cloud Security, SaltStack, HubbleStack, VAPT

IT Security Analyst

2015 - 2016
Ameriprise Financial
  • Worked on a global security team that covered server compliance and risk management.
  • Handled data loss prevention (DLP), deployment, configuration, and monitoring.
  • Created proofs of concept (POC) for different security tools.
  • Monitored all the servers hosted in the production environment for the compliance check and FIM (file integrity monitoring) using Tripwire Enterprise.
  • Served as an SME for Tripwire and worked for a US financial client, which helped them achieve their company compliance standards.
Technologies: Data Loss Prevention (DLP), Splunk

Security Consultant

2013 - 2014
Polaris Financials
  • Implemented an SNMP-based networking monitoring tool called CACTI, which created graphs and templates, added CAMM for the TRAP configuration, and set thresholds.
  • Worked on the puppet (master and agent) for monitoring, reporting, and troubleshooting.
  • Used ServiceNow to track and monitor the progress of the security bugs.
  • Collaborated with a World Bank client while working on the project mentioned above; that project was beneficial to monitor thousands of servers hosted in around 140 countries.
Technologies: IT Security, Vulnerability Management, Incident Management, Puppet

IT Security Engineer

2010 - 2012
Centre for Development of Advanced Computing
  • Worked in multiple operating system environments likes Windows, Linux (Red Hat, Fedora, Debian), Mac, and more.
  • Performed training, footprinting, scanning, sniffing, and other monitoring network activities with open-source and commercial tools, such as Wireshark and Nmap.
  • Trained government officials to strengthen environment security, resulting in a show of appreciation from the Indian government (the Ministry of External Affairs).
Technologies: Ethical Hacking, Endpoint Security, IT Security

Implementation of a Cloud Monitoring Tool | Wazuh

When our SaaS (software as a service) solution has to be hosted in a cloud environment (e.g., AWS), we have to strengthen the platform security where our application is hosted and monitor the events to identify any malicious activity.

To achieve this, I implemented an open-source solution called Wazuh. This tool is more or less the same as any SIEM (security incident and event management) tool.

It uses an ELK (Elasticsearch, Logstash, Kibana) stack and works as a master-and-agent model in which agents send security event information back to the master server. Via Kibana, we can see all the security logs from the agents. Once I configure the agent, I can monitor all the agent malicious activities, can perform FIM (file integrity monitoring) and Rootkit checks, and check for malicious files that the end-user may have downloaded.

Along with monitoring the compute instance, this tool helps us monitor the cloud (AWS) events, like monitoring CloudTrail events by ingesting the logs to Wazuh master. AWS WAF, AWS GuardDuty, and AWS VPC flow logs can also be ingested to Wazuh.

Securing a CI/CD Pipeline Process

If you want to grow fast then you have to deliver fast a secure solution out to your customer.

For that, we need to secure an already existing DevOps model so that we can deliver an uninterrupted secure and fast feature to a legacy application or for any new product. It's crucial that this new security implementation to the CI/CD pipeline and automated security tasks should not affect the productivity of the developers.

Then we use Git as a code repository so whenever there is a new code commit to the master repository I have a CI pipeline that checks and runs different stages, including the following:
• Scans the container image with the Anchor tool;
• Performs SAST (security code analysis) via SonarCube;
• Checks the code;
• Runs other QA checks;
• Searches for any critical, high, or medium bugs and then adds them to the GitLab security dashboard that will be reviewed by the security team;
• Performs the DAST (security dynamic testing) via OWASP ZAP before deployment (CD).

Tools

AWS CloudTrail, GitLab, Puppet, Splunk, SaltStack, Kibana, Azure Web Application Firewall, Azure Active Directory B2C (ADB2C), Azure Network Security Groups, Terraform

Platforms

Linux, Windows, Amazon Web Services (AWS), Azure, Kubernetes

Other

IT Security, Security Analysis, Infrastructure, Cloud Security, Vulnerability Management, Networking, Ethical Hacking, Linux Administration, Information Security, Incident Handling, Incident Management, VAPT, Amazon GuardDuty, Security Design, Web App Security, Endpoint Security, Data Loss Prevention (DLP), Application Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), HubbleStack, Azure Monitor, Azure Resource Manager (ARM), SIEM, Security Orchestration, Automation, and Response (SOAR), Secure Containers, Security

Languages

Python 3

Storage

Database Security, Elasticsearch, Microsoft SQL Server

Paradigms

DevOps

2010 - 2010

PG-Diploma in Cybersecurity

ACTS at C-DAC - Pune, India

2005 - 2009

Bachelor's Degree in Computer Science

Punjab Technical University - Punjab, India

NOVEMBER 2020 - PRESENT

AWS Certified Security Specialty

Udemy

JANUARY 2020 - PRESENT

Certified Information Security Manager (CISM)

ISACA

SEPTEMBER 2018 - PRESENT

Certified Information Systems Security Professional (CISSP)

(ISC)2

JULY 2017 - PRESENT

GIAC Certified Incident Handler (GCIH)

SANS

JUNE 2017 - PRESENT

Certified Ethical Hacker (CEH)

EC-Council