Summary
Overview
Work History
Education
Skills
Certification
CORE COMPETENCIES
LINKS
Accomplishments
Timeline
Generic
Ramesh Maddheshiya

Ramesh Maddheshiya

Staff DevSecOps Engineer
Bangalore,KA

Summary

Dynamic Staff Engineer and DevSecOps Leader with over 16 years of expertise in cloud security and automation. Proven track record in modernizing CI/CD pipelines, designing secure multi-cloud architectures across AWS, GCP, and Azure, and implementing robust automation solutions using Kubernetes, Terraform, and Ansible. Proficient in cloud security posture management tools such as Wiz, GCP SCC, and Security Hub, as well as container security hardening and threat modeling to ensure compliance with SOC2, HIPAA, and CIS benchmarks. Recognized for significantly reducing vulnerabilities at scale while facilitating faster and more secure product delivery.

Overview

17
17
years of professional experience
4
4
Certifications
1
1
Language

Work History

Staff DevSecOps Engineer

Suki.AI
04.2023 - 08.2025
  • Built end-to-end CI/CD workflows with GitHub Actions, Terraform, and ArgoCD for GKE, embedding CSPM controls (Wiz, GCP SCC, GitHub Advanced Security) to continuously monitor misconfigurations and enforce SOC2/HIPAA compliance.
  • Integrated container image scanning (Trivy, Veracode, SonarCloud) into pipelines, blocking vulnerable builds before deployment and reducing exploitable container risks by ~70%.
  • Led cloud security architecture reviews and threat modeling across GKE workloads, IAM policies, and network controls, identifying and remediating critical risks pre-production.
  • Automated IAM remediation with Python-based bots and implemented policy-as-code guardrails (OPA/Conftest, Checkov) to prevent insecure Terraform changes (e.g., public buckets, missing encryption).
  • Reduced GitHub vulnerabilities from ~1,000 to ~200 and GKE cluster vulnerabilities from ~10,000 to ~600, enabling faster and safer enterprise product delivery.
  • Modernized CI/CD toolchains with GitHub Actions matrix builds, caching, and reusable workflows — cutting build times by ~40% and improving reliability across 50+ microservices.
  • Built AI-powered automation: “Cost Drift PR Bot” (Terraform/GKE rightsizer) for cost optimization and “Compliance-as-Code Guardrail” to block insecure IaC PRs.
  • Developed “Compliance-as-Code Guardrail” – integrated Checkov into GitHub Actions to auto-scan Terraform PRs, generate compliance reports, and block insecure IaC changes (e.g., public S3 buckets, missing encryption), aligning with SOC2/HIPAA controls.
  • Built an AI-powered PR Security Reviewer that integrated IaC/Kubernetes/container scanners (Checkov, kube-linter, Trivy, Syft) with GitHub Actions and an LLM. Automated inline PR comments, SBOM generation, and Slack security summaries, enabling shift-left security reviews and reducing manual triage effort by ~60%.
  • Established strong working relationships with clients through exceptional communication skills, fostering trust and collaboration.

Lead DevSecOps Engineer

APT Portfolio
06.2022 - 03.2023
  • Delivered security-hardened AKS platforms using Terraform + Azure DevOps, embedding IaC scans and compliance-driven controls.
  • Integrated Veracode, BlackDuck, Polaris, and Qualys into CI pipelines for continuous vulnerability detection and AI-assisted remediation triage.
  • Implemented threat modeling and security architecture reviews for microservices and APIs, identifying and mitigating misconfigurations before production deployment.
  • Automated CI/CD pipelines with Terraform and YAML for app deployments and cluster provisioning, ensuring compliance with SOC2/HIPAA controls.
  • Built IaC-driven infrastructure modules to standardize AKS, storage, and networking components across teams, reducing manual provisioning by 60%.
  • Achieved successful project outcomes by maintaining accurate documentation and meeting strict deadlines.

Lead DevSecOps Engineer

Maersk GSC
12.2020 - 06.2022
  • Designed and automated secure infrastructure on Azure with Terraform + Ansible, provisioning AKS, Cosmos DB, and Redis with built-in IaC security scans and CSPM integration (Azure Security Center, Wiz).
  • Implemented container security hardening: PodSecurityPolicies, RBAC, workload identity federation, and network policies, reducing privilege escalation risks across AKS clusters.
  • Conducted threat modeling and security architecture reviews for microservices and APIs, remediating IAM misconfigurations, lateral movement risks, and exposed endpoints before go-live.
  • Developed real-time observability with Azure Sentinel, Prometheus, Grafana, and custom dashboards, enabling rapid detection and investigation of anomalous cloud and container activity.
  • Applied DDoS protection, Bastion host setups, and VNet firewalls to enforce zero-trust access and minimize attack surface across containerized environments.
  • Wrote Kubernetes manifests (Deployments, Services, Ingress, ConfigMaps) and built modular Terraform infra to automate VNet, firewall, Redis, and AKS provisioning.
  • Established strong working relationships with clients through exceptional communication skills, fostering trust and collaboration.

Lead DevOps Engineer

PwC
09.2018 - 11.2020
  • Enforced IAM isolation, vault integration, WAF, and secure key management.
  • Delivered CI/CD pipelines for client onboarding with Jenkins, Nexus, Veracode scanning, and custom artifact promotion.
  • Wrote Terraform and YAML-based automation to deploy microservices to Kubernetes clusters with secure access controls.
  • Implemented VPC isolation, IAM hardening, secure vault integration, and managed multi-cloud DevSecOps.
  • Architected secure pipelines for e-commerce, insurance, and banking clients using K8s, Terraform, Ansible.
  • Created secure multi-tier deployments using VNet, WAF, Bastion, IAM policies, and key vaults.
  • Improved code deployment efficiency by automating processes with CI/CD pipelines.

Lead DevOps Engineer

Coforge
09.2016 - 11.2018
  • Pivotal for directing end-to-end perfection across Continuous Integration and Delivery (CI/CD), Infrastructure provisioning Configured and monitored distributed.
  • Hands-on experience on implementing cloud solutions using various AWS services including EC2, VPC, S3, Glacier, EFS,, Directory services, RDS, DynamoDB etc.motion.
  • Build and deployment scripts according to SCM team standards and processes to QA, Performance and Production Environments.
  • Prometheus for monitoring and alerting for different metrics of the cloud environments.
  • Designed and implemented containerization strategies using Docker and Kubernetes, improving resource utilization and management.

Senior DevOps Engineer

TCS
09.2013 - 11.2016
  • Created network architecture on AWS VPC, subnets, Internet Gateway, Route Table and NAT Setup.
  • Utilized Cloud Watch to monitor resources such as EC2, CPU memory, Amazon RDS DB services, DynamoDB tables, EBS volumes to set alarms for notification or automated actions, and to monitor logs for a better understanding and operation of the system.
  • Used Ansible for the creation of playbook for orchestration of deployment process.
  • Optimized cloud resource usage by analyzing cost metrics and making recommendations for more efficient configurations.

Build and Release Engineer, PL/SQL

TCS
02.2009 - 08.2013
  • Automated CI/CD pipelines in Jenkins and managed Git-based version control, ensuring efficient build and release processes.
  • Deployed and monitored applications (EAR/WAR) on WebSphere Application Server, managing nodes, clusters, and troubleshooting deployment issues across SDLC environments.
  • Enhanced build infrastructure by automating scripts, error reporting, and JIRA integration, reducing manual intervention and improving transparency.
  • Developed and optimized PL/SQL scripts, stored procedures, functions, triggers, and database objects (tables, views, indexes, sequences) to support business applications.
  • Performed schema changes, user management, and data imports, ensuring database integrity and security.
  • Established standardized workflows for code branching and merging strategies, fostering consistent practices among developers.

Education

Ph.D. - Computer Science (Leveraging AI in Cybersecurity)

IIIT Ranchi

PGP - Cloud Computing (GCP, AWS, Azure)

Great Lakes Institute
01.2020

B.Tech - Information Technology

JSS Academy of Technical Education
01.2008

Skills

Cloud & Infrastructure – Google Cloud Platform (SCC, Cloud Armor, IAM), AWS (EKS, IAM, Security Hub), Azure (AKS, Sentinel), Kubernetes (GKE, AKS), Helm, Docker, Terraform, Infrastructure as Code (IaC), GitOps

undefined

Certification

Cybersecurity for Leaders – Indian School of Business (ISB), Executive Education

CORE COMPETENCIES

  • Developer Toolchains & Local Dev Experience – IDE configuration, debugging workflows, developer onboarding
  • Cloud Security Posture Management (CSPM) – Wiz, Security Hub, GCP SCC
  • CI/CD Governance & Standards – GitHub Actions, Jenkins, ArgoCD, Azure DevOps
  • Infrastructure as Code (IaC) – Terraform, Ansible
  • Containerization – Docker, Podman
  • Orchestration & Deployment – Kubernetes (GKE, AKS, EKS), Helm, Kustomize
  • Cloud Platforms – GCP, AWS, Azure
  • DevOps & DevSecOps Culture Enablement – Cross-team collaboration, workflow optimization, best practice adoption
  • Security Engineering – SAST, DAST, SCA, Secret Scanning, Vulnerability Triage, GCP SCC, Wiz, ArcticWolf, GKE vulnerabilities remediation
  • Compliance – SOC2, HIPAA, CIS Benchmarks, Vanta, KnowBe4
  • Developer Productivity Metrics – Measuring and improving release velocity, build success rates, onboarding efficiency

LINKS

  • ISB Executive Education
  • Great Learning Portfolio
  • Capstone Blog Article
  • GitHub:Cost-Drift-PR-Bot
  • GitHub:Compliance-as-Code-Guardrail
  • GitHub:AI-Powered-PR-Security-Reviewer

Accomplishments

  • Built AI-powered PR Security Reviewer that automated IaC/Kubernetes/container scanning with GitHub Actions + LLMs, reducing manual triage by 60% and cutting security review cycles by 40%.
  • Developed Cost Drift PR Bot (Terraform/GKE rightsizer) that saved $X in monthly cloud spend by automatically detecting and optimizing over-provisioned resources.
  • Designed and implemented Compliance-as-Code Guardrail enforcing SOC2/HIPAA policies in CI/CD pipelines, preventing insecure PR merges and achieving 100% policy compliance pre-deployment.
  • Reduced GitHub vulnerabilities from 1,000+ to ~200 and GKE cluster CVEs from 10,000+ to ~600, strengthening cloud security posture and ensuring regulatory readiness.
  • Partnered with VP Engineering & platform teams to define a company-wide CI/CD enablement strategy, accelerating deployments by 30% while minimizing operational risks.
  • Published research on Hybrid GNN + Transformer model for Intrusion Detection, enhancing real-time threat detection accuracy on CICIDS2017 dataset (Ph.D. work in progress).

Timeline

Staff DevSecOps Engineer

Suki.AI
04.2023 - 08.2025

Lead DevSecOps Engineer

APT Portfolio
06.2022 - 03.2023

Lead DevSecOps Engineer

Maersk GSC
12.2020 - 06.2022

Lead DevOps Engineer

PwC
09.2018 - 11.2020

Lead DevOps Engineer

Coforge
09.2016 - 11.2018

Senior DevOps Engineer

TCS
09.2013 - 11.2016

Build and Release Engineer, PL/SQL

TCS
02.2009 - 08.2013

PGP - Cloud Computing (GCP, AWS, Azure)

Great Lakes Institute

B.Tech - Information Technology

JSS Academy of Technical Education

Ph.D. - Computer Science (Leveraging AI in Cybersecurity)

IIIT Ranchi

Similar Profiles

CREATE PROFILE
Ramesh MaddheshiyaStaff DevSecOps Engineer