Overview
Work History
Education
Skills
Accomplishments
Certification
Work Availability
Summary
Timeline
Hi, I’m

Alwin Korah

Senior Security Engineer
Bangalore,KA
Alwin Korah

Overview

7
years of professional experience
3
years of post-secondary education
1
Certification
3
Languages

Work History

Outcomes India
Bangalore, Karnataka

Senior Engineer - Information Security and Risk
10.2024 - Current

Job overview

  • Drove security initiatives for SOC 2 Type II and HIPAA readiness, ensuring technical controls, documentation, and audit evidence aligned with requirements.
  • Engaged with every department to embed security into all team workflows, reviewing processes and correcting flows for compliance, data protection, and threat mitigation.
  • Actively participated in Disaster Recovery (DR) and Business Continuity Planning (BCP) efforts, validating RTO and RPO objectives with business units and identifying gaps through CAPs and follow-up reviews.
  • Monitored patching SLAs across environments, reporting SLA violations and ensuring timely remediation through collaboration with infrastructure teams.
  • Owned and maintained the security risk register, ensuring items were accurately tracked, assigned, and resolved within required timelines.
  • Implemented and optimized AWS Security Hub, Inspector, and GuardDuty for real-time visibility into misconfigurations, compliance drift, and vulnerabilities in cloud environments.
  • Managed SentinelOne EDR deployment and tuning to enable proactive threat detection and rapid containment.
  • Integrated security checkpoints into the CI/CD pipeline, working with engineering teams and leveraging OX Security for secure coding enforcement.
  • Coordinated User Access Reviews (UARs) by engaging stakeholders across business and IT to review entitlements and minimize over provisioning.

Shopsense Retail Technologies / FYND
Bangalore

Senior Information Security Engineer
08.2021 - 10.2024

Job overview

  • Developed, implemented, and enforced security standards, procedures, and guidelines across cloud and on-prem infrastructure, aligning with CIS benchmarks and industry best practices.
  • Led DevSecOps initiatives, embedding security controls into the CI/CD pipeline and ensuring security across the entire SDLC.
  • Maintained full ownership of cloud security for AWS and GCP, including IAM, encryption, threat detection, workload protection, and compliance hardening.
  • Spearheaded runtime security for Kubernetes (EKS) environments and deployed container security controls to prevent misconfigurations and runtime threats.
  • Led deployment and configuration of IDS/IPS solutions including WAZUH, Suricata, Snort, and integrated with Coralogix for real-time SOC visibility and threat investigation.
  • Managed VPN infrastructure, ensuring secure remote access with appropriate authentication and logging mechanisms.
  • Implemented and managed endpoint protection and anti-malware platforms, aligning coverage with enterprise risk priorities.
  • Conducted threat modeling and risk analysis for cloud-native applications and infrastructure, proactively identifying potential vulnerabilities.
  • Oversaw Cloudflare and Akamai configurations for application and DDoS protection, including WAF rules, CDN policies, and zero trust integrations.
  • Leveraged OSINT and open-source threat intelligence tools to monitor for compromised data, leaked credentials, and emerging risks.
  • Conducted internal audits, analyzed network logs and traffic to detect malicious activity, and guided the SOC team during incidents.
  • Played a key role in the company's successful attainment of SOC 2 and ISO 27001 certifications, owning technical control design, evidence collection, and remediation.
  • Conducted regular security training and awareness sessions, improving organizational adherence to security policies and reducing human-related risks.
  • Collaborated with application and infrastructure teams to enforce data access controls, monitor file usage, and secure applications at both infrastructure and code levels.
  • Designed and implemented security monitoring policies, performed incident investigations, and ensured rapid containment of unauthorized access events.

Promatas Technologies
Aleppey

Information Security Engineer
01.2021 - 08.2021

Job overview

  • Applied leading theories and concepts to development, maintenance and implementation of information security standards, procedures and guidelines.
  • Recommend improvements in security systems and procedures.
  • Encrypted data and erected firewalls to protect confidential information.
  • Implemented security measures to reduce threats and damage related to cyber attacks.
  • Delivered network system upgrade on time, under budget and with minimal service interruption.
  • Analyzed network traffic and system logs to detect malicious activities.
  • Developed plans to safeguard computer files against modification, destruction, or disclosure.

SRV Media
Pune

System Engineer
10.2020 - 12.2020

Job overview

  • Efficiently resolved myriad of technical issues concerning software installation and network connectivity.
  • Tracked problematic system errors by implementing various user support tracking metrics.
  • Worked effectively in both independent and team environments to exceed IT goals.
  • Maintained computer systems, installed and upgraded new systems.
  • Monitored, tracked and prioritized new work requests at Help Desk within set response times.
  • Designed and implemented system security and data assurance.
  • Collaborated with third-party payment card industry (PCI) compliance partners.
  • Authored security incident reports, highlighting breaches, vulnerabilities and remedial measures.
  • Manages client server, web servers, mail servers and DNS servers

SC Soft Technologies
TechnoPark, Trivandrum

System Support Engineer
09.2018 - 10.2020

Job overview

  • Resolved a wide range of technical support issues, including software installations, network connectivity, and system performance troubleshooting.
  • Monitored and prioritized Help Desk requests, ensuring adherence to defined SLAs and maintaining high user satisfaction.
  • Implemented user support tracking metrics to identify recurring issues and streamline support workflows.
  • Installed, maintained, and upgraded workstations and server systems, supporting ongoing IT infrastructure needs.
  • Designed and implemented basic system security controls and data assurance protocols, contributing to a more secure IT environment.
  • Managed and maintained client-server infrastructure, including web servers, mail servers, and DNS servers, ensuring uptime and availability.
  • Collaborated with PCI compliance partners to ensure alignment with Payment Card Industry Data Security Standards (PCI DSS).
  • Authored detailed security incident reports, documenting breaches, vulnerabilities, and corresponding remediation efforts.
  • Worked cross-functionally in both independent and team settings to deliver on strategic IT and security initiatives.

Education

SERT IT Campus
Chengannur

BBA from BBA
01.2017 - 03.2020

CMS IT Institute
Cochin

Diploma from Diploma in Hardware And Networking

Skills

Cloud Security implementation

Security regulations compliance

Anti-Malware

Security consultation

AWS Security

Security infrastructure architecture

Cyber Forensic

Security vulnerability assessment

Data security

GCP Compliance

Developing security plans

Threat Modeling

SOC technical and process implementation

Incident Response Management

Implementing security programs

Risk Assessment

Endpoint Protection

Firewall Configuration and Management

Network Security Management

ISO 27001

SOC2

PCI

Accomplishments

  • Fynd Annual Awards :- Innovator Of the Year 2022
  • Fynd Star Performer in the first Quarter 2022 :- T1 2022
  • Fynd Star Performer in the first Quarter 2023:- T1 2023
  • Fynd Star Performer in the second Quarter 2023:- T2 2023
  • Fynd Star Performer in the first Quarter 2024 :- T1 2024

Certification

RedHat Certified Engineer

Availability
See my work availability
Not Available
Available
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse

Summary

Results-driven Senior Cybersecurity Engineer with 7+ years of hands-on experience securing complex enterprise environments across on-prem, cloud, and hybrid infrastructures. Specialized in cloud-native security (AWS, GCP), infrastructure hardening, and DevSecOps practices, with deep expertise in aligning security architecture to frameworks like ISO 27001, SOC 2 Type II, HIPAA, and PCI-DSS. Proven ability to drive security engineering initiatives, including threat modeling, secure SDLC validation, and runtime protection for Kubernetes (EKS). Adept at deploying and tuning SIEM, EDR, WAF, DLP, and identity governance tools, while also leading risk assessments, patch SLA compliance, internal audits and Corrective Action Plans (CAPs). Strong track record of enhancing incident detection and response by integrating modern security stacks (e.g., GuardDuty, SentinelOne, Coralogix, OX Security). Known for bridging technical and business requirements, coordinating with cross-functional teams, and building scalable security programs that are audit-ready, threat-resilient, and cloud-optimized.

Timeline

Senior Engineer - Information Security and Risk

Outcomes India
10.2024 - Current

Senior Information Security Engineer

Shopsense Retail Technologies / FYND
08.2021 - 10.2024

Information Security Engineer

Promatas Technologies
01.2021 - 08.2021

System Engineer

SRV Media
10.2020 - 12.2020

System Support Engineer

SC Soft Technologies
09.2018 - 10.2020

SERT IT Campus

BBA from BBA
01.2017 - 03.2020

CMS IT Institute

Diploma from Diploma in Hardware And Networking

Similar Profiles

CREATE PROFILE
Alwin KorahSenior Security Engineer