PIYUSH SAHAROY
Bengaluru
Summary
Seasoned cybersecurity professional with over 8 years of experience securing APIs, microservices, cloud-native platforms, and OT infrastructure for global clients in regulated industries. Specializes in threat modeling, secure SDLC practices, and integrating security in CI/CD pipelines to enable secure and resilient product development and OT security. Adept at providing consulting services aligned with industry and regulatory standards such as data privacy, financial compliance, and cyber resilience frameworks. Demonstrates a proven track record of collaborating with cross-functional teams to deliver security assessments and architecture reviews that enhance security posture and ensure regulatory compliance.
Overview
12
12
years of professional experience
1
1
Certification
Work History
Manager
KPMG
07.2021 - Current
- Delivered comprehensive security assessments, architecture reviews, and threat modeling to mitigate risks in software, cloud-native applications, and complex systems across the SDLC.
- Integrated SAST, DAST, and IAST tools into CI/CD pipelines, enabling DevSecOps practices and automating security testing to accelerate secure development lifecycles.
- Conducted secure code and application security reviews in alignment with OWASP Top 10, CWE/SANS Top 25, and NIST SSDF, providing actionable remediation guidance and secure design improvements.
- Performed in-depth assessments of IT/OT systems, including SCADA, PLCs, and ICS networks, applying layered defense strategies to protect availability, integrity, and safety of industrial operations.
- Implemented network segmentation, RBAC, anomaly detection, and secure remote access controls across OT environments; enhanced asset inventory and visibility using passive and active discovery tools.
- Ensured regulatory compliance and industry alignment with NIST SP 800-82 and IEC 62443 standards, helping clients meet operational, safety, and audit requirements.
- Evaluated AI/ML systems for risks such as adversarial attacks, model inversion, and data poisoning, applying threat modeling and privacy risk assessments.
- Advised on security practices with AI-focused standards such as ISO/IEC 23894, NIST AI RMF, and emerging EU AI Act guidelines.
- Created and maintained a centralized security knowledge base and best-practice documentation to support secure coding, architecture design, threat modeling, and secure deployment across teams.
- Collaborated with legal and compliance stakeholders to integrate GDPR and PCI DSS requirements into security reviews and architectural assessments.
- Managed and mentored a team of 10 direct reports, fostering talent development, improving team capability maturity, and ensuring successful project delivery across diverse cybersecurity initiatives.
- Built and maintained trusted client relationships, consistently delivering impactful, business-aligned security solutions on time and within budget.
Consultant
Aujas Cybersecurity
09.2018 - 07.2021
- Collaborated with the software development team to conduct threat modeling and risk assessments, identifying potential attack vectors and ensuring the implementation of security controls during the design phase.
- Contributed to process improvement by standardizing security review workflows and creating custom security templates and guidelines for developers, enhancing consistency and reducing review time.
- Performed secure code reviews and integrated SAST/DAST tools into CI/CD pipelines, reducing application vulnerabilities and strengthening the secure development lifecycle.
- Created reusable threat modeling templates and risk assessment frameworks, enabling faster adoption of secure-by-design principles across multiple development teams.
- Translated security findings into actionable recommendations for stakeholders, improving the security readiness of applications before production releases.
Senior Systems Engineer
Persistent Systems Ltd.
09.2014 - 09.2018
- Monitored and analyzed security events using SIEM tool (QRadar) to detect and respond to security incidents, reducing response time through optimized alert triaging.
- Managed and configured firewalls, IDS/IPS, VPNs, and endpoint protection solutions to safeguard network infrastructure from internal and external threats.
- Conducted threat intelligence analysis and implemented mitigation strategies, proactively identifying indicators of compromise (IOCs) and enhancing incident response capabilities.
- Performed vulnerability assessments and collaborated with teams to remediate identified security gaps, strengthening network defense and improving compliance with security frameworks (NIST, ISO/IEC 27001, CIS).
- Developed and maintained incident response playbooks and conducted root cause analysis for security breaches, improving the organization’s security posture and enhancing incident management processes.
- Managed incident lifecycle to improve uptime and reliability across corporate servers and network infrastructure, minimizing business disruption.
- Facilitated Change Management and Problem Management meetings to evaluate planned changes, analyze root causes, and implement long-term fixes to recurring issues.
- Proactively handled faults and escalations by identifying network/server issues, coordinating with relevant internal teams, and ensuring resolution within defined SLAs.
- Acted as a key interface between clients, end users, technical support teams, and external vendors, ensuring effective communication and swift resolution of infrastructure-related issues.
- Utilized BMC Remedy for tracking, escalating, and reporting incidents, adhering strictly to organizational policies and standard operating procedures.
- Contributed to operational stability through structured incident analysis, timely escalation, and rigorous adherence to ITIL-aligned processes.
Network Operations Center Engineer
GTL Ltd.
02.2014 - 09.2014
- Managed service assurance operations for enterprise customers, handling issues related to link downtime, latency, and packet loss to ensure uninterrupted service performance.
- Ensured adherence to defined Service Level Agreements (SLAs) by actively monitoring service metrics and coordinating timely resolution of faults, helping maintain strong client relationships.
- Performed Root Cause Analysis (RCA) and shared Reason for Outage (RFO) reports with customers in line with internal and client-facing communication protocols.
- Resolved network faults within committed Turnaround Time (TAT) targets on a monthly basis, contributing to service reliability and operational excellence.
- Conducted repeat fault analysis to identify recurring issues and implement preventive measures by tracking trends and collaborating with cross-functional technical teams.
- Facilitated regular service review meetings with enterprise customers, providing performance updates, addressing concerns, and reinforcing trust in service quality.
Information Retrieval Officer
JustDial Ltd.
06.2013 - 02.2014
- Handled information retrieval and ensured database integrity.
- Supported data processing and response systems.
Education
Bachelors in Engineering - Electronic Engineering
North Maharashtra University
Jalgaon, Maharashtra01-2013
Skills
- Application Security
- API and Microservice Security
- Cloud Security
- OT Security
- AI Security
- Data Privacy
- Security Risk Assessment
- Security Management
- Team Leadership
Certification
- CCSP
- CISSP
- CEH
- ISO/IEC 42001:2023 LA
- ISO/IEC 27001:2013 LA
- Certified Blockchain Security Professional
Timeline
Manager
KPMG
07.2021 - Current
Consultant
Aujas Cybersecurity
09.2018 - 07.2021
Senior Systems Engineer
Persistent Systems Ltd.
09.2014 - 09.2018
Network Operations Center Engineer
GTL Ltd.
02.2014 - 09.2014
Information Retrieval Officer
JustDial Ltd.
06.2013 - 02.2014
Bachelors in Engineering - Electronic Engineering
North Maharashtra University
Similar Profiles
Siriwimon KaewchiangwangSiriwimon Kaewchiangwang
Audit Assistant at KPMGAudit Assistant at KPMG
Nick CastorNick Castor
IT Audit Associate at KPMGIT Audit Associate at KPMG
Sachin KanwarSachin Kanwar
Associate Director at KPMGAssociate Director at KPMG
Manasa BommanaManasa Bommana
Success Guide at SalesforceSuccess Guide at Salesforce
Sravya AluruSravya Aluru
Manager-Sales & Business Development at DelixusManager-Sales & Business Development at Delixus