Mohan Krushna Kallepalli
Bengaluru
Summary
Security Leader with 13 years of experience in designing and implementing security programs for large technology organizations. Proven expertise in enterprise security strategy, secure architecture for microservices, and cloud security. Delivered effective security frameworks and built high-performing security teams, enhancing developer security practices. Skilled in aligning security initiatives with business goals to achieve risk reduction and compliance.
Overview
13
13
years of professional experience
1
1
Certificate
Work History
Principal SecurityEngineer | Head Product Security
Swiggy Inc
Bangalore
08.2024 - Current
- Defined and executed product security strategy and roadmap.
- Built and scaled secure SDLC practices, including threat modeling and secure design reviews.
- Led application security initiatives for web, mobile, API, and backend systems.
- Designed internal security tooling and automation to enhance consistency and reduce manual efforts.
- Collaborated with Engineering and DevOps to integrate security into CI/CD pipelines.
- Established security baselines for new product features and services.
- Advised leadership on risk trade-offs and secure architecture decisions.
- Mentored a high-performing product security team, fostering technical depth and business alignment.
Security Architect
Flipkart Internet Pvt Ltd
Bengaluru
05.2023 - 08.2024
- Designed strategic roadmap for security function and annual operating plan, covering resource hiring and security tools.
- Enhanced senior leadership visibility into organizational security posture through dashboards and metrics from various programs.
- Collaborated with IT, engineering, and business teams to integrate security into system designs and processes; mentored security team.
- Led and participated in complex security investigations into fraud incidents, large-scale account takeover attempts, and coordinated abuse campaigns targeting Flipkart platform.
- Collaborated cross-functionally with trust & safety, fraud risk, data science, and engineering teams to analyze attack vectors, transactional anomalies, and abuse patterns.
- Performed root cause analysis by reviewing system logs, authentication flows, and user activity to identify gaps exploited by attackers.
- Contributed to post-incident reviews and process improvements that strengthened Flipkart’s fraud prevention strategy and reduced similar recurrence.
- Implemented semi-automated vulnerability management process to prioritize patching based on exploitability and accessibility.
- Implemented Microsoft Sentinel SIEM system for proactive threat detection and incident management alongside Palo Alto Cortex XDR.
- Secured generative AI projects through multi-layered security measures.
Senior Manager - Security Assurance
Myntra Designs Pvt Ltd
Bengaluru
03.2021 - 09.2023
- Directed and managed team of security professionals, delivering guidance and performance evaluations for high standards.
- Developed long-term security strategies to protect organizational assets, aligning initiatives with business goals.
- Managed security department budget, optimizing resource allocation for cost-effective operations.
- Designed architecture for secure data sharing across private and public cloud environments.
- Created and enforced security policies for public cloud platforms, ensuring consistent practices organization-wide.
- Implemented Archsight SIEM system for proactive threat detection and incident management.
- Executed Crowdstrike EDR solution to enhance endpoint protection against threats.
- Coordinated internal and external security audits, ensuring timely remediation and continuous improvement of security posture.
Security Engineering Lead
MoEngage Inc
Bengaluru
01.2020 - 02.2021
- Developed security charter to address organizational needs in production security and compliance.
- Coordinated external SOC2 Type 1 and Type 2 audits for secure data handling practices.
- Established and enforced security policies to enhance customer data protection across the organization.
- Implemented vulnerability management program with Qualys, providing automated dashboards for leadership visibility.
- Automated security processes using TruffleHog and Terraform to prevent hardcoded secrets in production code.
Senior Security Analyst
Flipkart Internet Pvt Ltd
Bengaluru
01.2017 - 01.2020
- Established security team of over 15 professionals, implementing rigorous hiring processes for optimal standards.
- Conducted security assessments and participated in PCI and ISO audits, facilitating successful completion through gap analysis action items.
- Designed and delivered theoretical and hands-on security training programs for engineering teams, fostering a culture of security awareness.
- Developed and open-sourced multiple security tools, enhancing industry-wide practices, including MAFIA, WatchDog, WatchTower, ASTRA, and Kurukshetra.
- Showcased innovative tools at Blackhat Arsenal events across US, UK, and Asia; presented Kurukshetra at Offzone Russia conference.
- Automated generation of security posture metrics for senior leadership, incorporating timely follow-ups and escalation protocols for unresolved issues.
- Implemented process automation to ensure availability and responsiveness to security concerns based on defined SLAs.
- Generated comprehensive dashboards for stakeholders, providing insights at both functional and organizational levels.
Security Engineer
Ola (ANI Technologies Pvt. Ltd)
Bangalore
07.2015 - 01.2017
- Conducted security assessments based on aggressive release cycles, ensuring approvals before production deployment.
- Established a security team of seven members from inception to enhance organizational capabilities.
- Designed security challenges for hands-on hiring rounds, securing highly skilled professionals.
- Developed and delivered quarterly security training sessions for engineering teams to improve awareness.
Associate Security Consultant
iViz Techno Solutions Private Limited
08.2013 - 07.2015
- Assessed 500+ applications with different domain clients such as fintech, government, e-commerce, banking, big-data and analytics etc.
- Performed source code review with semi-automated tools in Java, php and Python techstacks
- Performed SAST tool benchmarking and custom rule creation
- Part of the team that developed internal TORT tool for custom security report generation based on evidences and process details
Penetration Tester
Eagle Claw Consulting India Pvt Ltd
Hyderabad
05.2012 - 08.2013
- Performed multiple security penetration testing (PT) assessments on networks and wifi access points for clients.
- Delivered trainings for corporate and internal engagements
Education
Offensive Security Certified Professional - Information Security
OSCP
Offensive Security01.2022
Master of Science - Computer Science
Andhra University College of Engineering
Vishakapatnam01.2012
Skills
- Product security
- Team leadership
- Security architecture
- Vulnerability management
- Cloud security
- Insider Threat Assessments
- Incident management
- Data Security
- Threat detection
- Risk assessment
- Policy development
- Security auditing
- Security training
- Security automation
- Security processes
Accomplishments
- Helped Google, Facebook, Apple, Barracuda Network etc with security issues identification as part of Responsible Disclosure Programs
- Found bugs in multiple website's hall of fames & bounties & swags
Certification
Offensive Security Certified Professional | 2022
A highly respected and hands-on penetration testing certification offered by Offensive Security. It demonstrates a candidate's ability to identify, exploit, and remediate real-world vulnerabilities across diverse systems under time-constrained, adversarial scenarios The certification emphasizes practical, manual exploitation techniques over automated tools, covering areas such as buffer overflows, privilege escalation, post-exploitation, and network pivoting.
Timeline
Principal SecurityEngineer | Head Product Security
Swiggy Inc
08.2024 - Current
Security Architect
Flipkart Internet Pvt Ltd
05.2023 - 08.2024
Senior Manager - Security Assurance
Myntra Designs Pvt Ltd
03.2021 - 09.2023
Security Engineering Lead
MoEngage Inc
01.2020 - 02.2021
Senior Security Analyst
Flipkart Internet Pvt Ltd
01.2017 - 01.2020
Security Engineer
Ola (ANI Technologies Pvt. Ltd)
07.2015 - 01.2017
Associate Security Consultant
iViz Techno Solutions Private Limited
08.2013 - 07.2015
Penetration Tester
Eagle Claw Consulting India Pvt Ltd
05.2012 - 08.2013
Offensive Security Certified Professional - Information Security
OSCP
Master of Science - Computer Science
Andhra University College of Engineering
MAJOR SECURITY INITIATIVES HANDLED
- Security Hiring Process: Built security teams for all the organizations I have worked so far, with balance between budget and security-progress in mind.
- Data Security Enhancement Program @Myntra: Lead the multi-phase program for data security with data centralization, AuthN, AuthZ, Encryption and Audit capabilities implemented
- Vulnerability Management Program @Myntra: Implemented vulnerability assessment and reporting program with engineering function level visibility
- Enforced Security development program @Moengage @Myntra @Swiggy : Developed and implemented automated end-to-end enforcement of SAST with the development lifecycle with automated code review, secret finding and config review etc.
- Insider threat assessment program @flipkart group: Created process and set guidelines for assumed breach simulation and insider threat identification program that covers end-to-end work/data flow in a microservice architecture environment
- Responsible disclosure program @Flipkart group & @OlaCabs: Successfully ran private bug bounty for Flipkart group assets with multiple group companies in scope.
- Shift-left Security @Flipkart: Lead multiple security automation and engineering projects to Monitor/Detect, Prevent and Mitigate security issues within development life cycle. This includes MAFIA, ASTRA, WATCHDOG, WATCHTOWER, KRUKSHETRA and SECOPS open-source frameworks developments.
- Cloud Security enhancement @Myntra: Lead the end-to-end efforts for proactive identification (manually run automated security scanning scripts) of cloud security gaps to automating the gap identification with CSPM solution implementation.
Conferences
BLACKHAT
- Developed and presented a mobile security analysis tool (MAFIA Vo) on BH Arsenal USA in 2018, Las Vegas
- Developed and presented a mobile security analysis tool (MAFIA V1) at BH Arsenal EU 2018, London
- Developed and presented a developer security training framework (Kurukshetra) on BH Arsenal EU, 2018, London
- Developed and presented a developer security training framework (Kurukshetra) on BH Arsenal Asia, 2019, Singapore
OffZone
- Developed and presented a developer security training framework (Kurukshetra) on Offzone in 2018, Moscow
NullCon
- Conducted the Capture the Flag event (BattleUnderGround) for the last three years (2017-2019)
SECURITY PROGRAMS MANAGED
- Strategic Security Planning & Budget Management
- Vulnerability Management
- Data Security Enhancement
- Threat Intelligence and Attack Surface Monitoring
- Security Awareness/Developer Trainings
- Insider Threat / Assumed Breach Assessments
- Red Team Assessments & External VAPT
- Cloud Infrastructure Security Assessments (public & private clouds)
- Responsible Disclosure Program/Bug Bounty (Public & Private)
- Security Engineering & Automation (Shift-left Security)
- Security Audits and Assessment Coordination (PCI, NIST, ISO27001)
MAJOR SECURITY INITIATIVES HANDLED
- Security Hiring Process: Built security teams for all the organizations I have worked so far, with balance between budget and security-progress in mind.
- Data Security Enhancement Program @Myntra: Lead the multi-phase program for data security with data centralization, AuthN, AuthZ, Encryption and Audit capabilities implemented
- Vulnerability Management Program @Myntra: Implemented vulnerability assessment and reporting program with engineering function level visibility
- Enforced Security development program @Moengage @Myntra @Swiggy : Developed and implemented automated end-to-end enforcement of SAST with the development lifecycle with automated code review, secret finding and config review etc.
- Insider threat assessment program @flipkart group: Created process and set guidelines for assumed breach simulation and insider threat identification program that covers end-to-end work/data flow in a microservice architecture environment
- Responsible disclosure program @Flipkart group & @OlaCabs: Successfully ran private bug bounty for Flipkart group assets with multiple group companies in scope.
- Shift-left Security @Flipkart: Lead multiple security automation and engineering projects to Monitor/Detect, Prevent and Mitigate security issues within development life cycle. This includes MAFIA, ASTRA, WATCHDOG, WATCHTOWER, KRUKSHETRA and SECOPS open-source frameworks developments.
- Cloud Security enhancement @Myntra: Lead the end-to-end efforts for proactive identification (manually run automated security scanning scripts) of cloud security gaps to automating the gap identification with CSPM solution implementation.
Conferences
BLACKHAT
- Developed and presented a mobile security analysis tool (MAFIA Vo) on BH Arsenal USA in 2018, Las Vegas
- Developed and presented a mobile security analysis tool (MAFIA V1) at BH Arsenal EU 2018, London
- Developed and presented a developer security training framework (Kurukshetra) on BH Arsenal EU, 2018, London
- Developed and presented a developer security training framework (Kurukshetra) on BH Arsenal Asia, 2019, Singapore
OffZone
- Developed and presented a developer security training framework (Kurukshetra) on Offzone in 2018, Moscow
NullCon
- Conducted the Capture the Flag event (BattleUnderGround) for the last three years (2017-2019)
Similar Profiles
Shalaka SShalaka S
Key Account Manager at SwiggyKey Account Manager at Swiggy
Ekshit MadanEkshit Madan
Sales Manager at SwiggySales Manager at Swiggy
Lakhan WakodikarLakhan Wakodikar
Procurement - Team Lead at Swiggy InstamartProcurement - Team Lead at Swiggy Instamart
Madhuri KonduruMadhuri Konduru
Assistant Manager at VodafoneAssistant Manager at Vodafone
Sandhya CSandhya C
Assistant Manager – People Advisory Services at Ernst and YoungAssistant Manager – People Advisory Services at Ernst and Young