Ramesh Maddheshiya
Staff DevSecOps Engineer
Bangalore,KA
Summary
Dynamic Staff Engineer and DevSecOps Leader with over 16 years of expertise in cloud security and automation. Proven track record in modernizing CI/CD pipelines, designing secure multi-cloud architectures across AWS, GCP, and Azure, and implementing robust automation solutions using Kubernetes, Terraform, and Ansible. Proficient in cloud security posture management tools such as Wiz, GCP SCC, and Security Hub, as well as container security hardening and threat modeling to ensure compliance with SOC2, HIPAA, and CIS benchmarks. Recognized for significantly reducing vulnerabilities at scale while facilitating faster and more secure product delivery.
Overview
17
17
years of professional experience
4
4
Certifications
1
1
Language
Work History
Staff DevSecOps Engineer
Suki.AI
04.2023 - 08.2025
- Built end-to-end CI/CD workflows with GitHub Actions, Terraform, and ArgoCD for GKE, embedding CSPM controls (Wiz, GCP SCC, GitHub Advanced Security) to continuously monitor misconfigurations and enforce SOC2/HIPAA compliance.
- Integrated container image scanning (Trivy, Veracode, SonarCloud) into pipelines, blocking vulnerable builds before deployment and reducing exploitable container risks by ~70%.
- Led cloud security architecture reviews and threat modeling across GKE workloads, IAM policies, and network controls, identifying and remediating critical risks pre-production.
- Automated IAM remediation with Python-based bots and implemented policy-as-code guardrails (OPA/Conftest, Checkov) to prevent insecure Terraform changes (e.g., public buckets, missing encryption).
- Reduced GitHub vulnerabilities from ~1,000 to ~200 and GKE cluster vulnerabilities from ~10,000 to ~600, enabling faster and safer enterprise product delivery.
- Modernized CI/CD toolchains with GitHub Actions matrix builds, caching, and reusable workflows — cutting build times by ~40% and improving reliability across 50+ microservices.
- Built AI-powered automation: “Cost Drift PR Bot” (Terraform/GKE rightsizer) for cost optimization and “Compliance-as-Code Guardrail” to block insecure IaC PRs.
- Developed “Compliance-as-Code Guardrail” – integrated Checkov into GitHub Actions to auto-scan Terraform PRs, generate compliance reports, and block insecure IaC changes (e.g., public S3 buckets, missing encryption), aligning with SOC2/HIPAA controls.
- Built an AI-powered PR Security Reviewer that integrated IaC/Kubernetes/container scanners (Checkov, kube-linter, Trivy, Syft) with GitHub Actions and an LLM. Automated inline PR comments, SBOM generation, and Slack security summaries, enabling shift-left security reviews and reducing manual triage effort by ~60%.
- Established strong working relationships with clients through exceptional communication skills, fostering trust and collaboration.
Lead DevSecOps Engineer
APT Portfolio
06.2022 - 03.2023
- Delivered security-hardened AKS platforms using Terraform + Azure DevOps, embedding IaC scans and compliance-driven controls.
- Integrated Veracode, BlackDuck, Polaris, and Qualys into CI pipelines for continuous vulnerability detection and AI-assisted remediation triage.
- Implemented threat modeling and security architecture reviews for microservices and APIs, identifying and mitigating misconfigurations before production deployment.
- Automated CI/CD pipelines with Terraform and YAML for app deployments and cluster provisioning, ensuring compliance with SOC2/HIPAA controls.
- Built IaC-driven infrastructure modules to standardize AKS, storage, and networking components across teams, reducing manual provisioning by 60%.
- Achieved successful project outcomes by maintaining accurate documentation and meeting strict deadlines.
Lead DevSecOps Engineer
Maersk GSC
12.2020 - 06.2022
- Designed and automated secure infrastructure on Azure with Terraform + Ansible, provisioning AKS, Cosmos DB, and Redis with built-in IaC security scans and CSPM integration (Azure Security Center, Wiz).
- Implemented container security hardening: PodSecurityPolicies, RBAC, workload identity federation, and network policies, reducing privilege escalation risks across AKS clusters.
- Conducted threat modeling and security architecture reviews for microservices and APIs, remediating IAM misconfigurations, lateral movement risks, and exposed endpoints before go-live.
- Developed real-time observability with Azure Sentinel, Prometheus, Grafana, and custom dashboards, enabling rapid detection and investigation of anomalous cloud and container activity.
- Applied DDoS protection, Bastion host setups, and VNet firewalls to enforce zero-trust access and minimize attack surface across containerized environments.
- Wrote Kubernetes manifests (Deployments, Services, Ingress, ConfigMaps) and built modular Terraform infra to automate VNet, firewall, Redis, and AKS provisioning.
- Established strong working relationships with clients through exceptional communication skills, fostering trust and collaboration.
Lead DevOps Engineer
PwC
09.2018 - 11.2020
- Enforced IAM isolation, vault integration, WAF, and secure key management.
- Delivered CI/CD pipelines for client onboarding with Jenkins, Nexus, Veracode scanning, and custom artifact promotion.
- Wrote Terraform and YAML-based automation to deploy microservices to Kubernetes clusters with secure access controls.
- Implemented VPC isolation, IAM hardening, secure vault integration, and managed multi-cloud DevSecOps.
- Architected secure pipelines for e-commerce, insurance, and banking clients using K8s, Terraform, Ansible.
- Created secure multi-tier deployments using VNet, WAF, Bastion, IAM policies, and key vaults.
- Improved code deployment efficiency by automating processes with CI/CD pipelines.
Lead DevOps Engineer
Coforge
09.2016 - 11.2018
- Pivotal for directing end-to-end perfection across Continuous Integration and Delivery (CI/CD), Infrastructure provisioning Configured and monitored distributed.
- Hands-on experience on implementing cloud solutions using various AWS services including EC2, VPC, S3, Glacier, EFS,, Directory services, RDS, DynamoDB etc.motion.
- Build and deployment scripts according to SCM team standards and processes to QA, Performance and Production Environments.
- Prometheus for monitoring and alerting for different metrics of the cloud environments.
- Designed and implemented containerization strategies using Docker and Kubernetes, improving resource utilization and management.
Senior DevOps Engineer
TCS
09.2013 - 11.2016
- Created network architecture on AWS VPC, subnets, Internet Gateway, Route Table and NAT Setup.
- Utilized Cloud Watch to monitor resources such as EC2, CPU memory, Amazon RDS DB services, DynamoDB tables, EBS volumes to set alarms for notification or automated actions, and to monitor logs for a better understanding and operation of the system.
- Used Ansible for the creation of playbook for orchestration of deployment process.
- Optimized cloud resource usage by analyzing cost metrics and making recommendations for more efficient configurations.
Build and Release Engineer, PL/SQL
TCS
02.2009 - 08.2013
- Automated CI/CD pipelines in Jenkins and managed Git-based version control, ensuring efficient build and release processes.
- Deployed and monitored applications (EAR/WAR) on WebSphere Application Server, managing nodes, clusters, and troubleshooting deployment issues across SDLC environments.
- Enhanced build infrastructure by automating scripts, error reporting, and JIRA integration, reducing manual intervention and improving transparency.
- Developed and optimized PL/SQL scripts, stored procedures, functions, triggers, and database objects (tables, views, indexes, sequences) to support business applications.
- Performed schema changes, user management, and data imports, ensuring database integrity and security.
- Established standardized workflows for code branching and merging strategies, fostering consistent practices among developers.
Education
Ph.D. - Computer Science (Leveraging AI in Cybersecurity)
IIIT Ranchi
PGP - Cloud Computing (GCP, AWS, Azure)
Great Lakes Institute
01.2020
B.Tech - Information Technology
JSS Academy of Technical Education
01.2008
Skills
Cloud & Infrastructure – Google Cloud Platform (SCC, Cloud Armor, IAM), AWS (EKS, IAM, Security Hub), Azure (AKS, Sentinel), Kubernetes (GKE, AKS), Helm, Docker, Terraform, Infrastructure as Code (IaC), GitOps
undefinedCertification
Cybersecurity for Leaders – Indian School of Business (ISB), Executive Education
CORE COMPETENCIES
- Developer Toolchains & Local Dev Experience – IDE configuration, debugging workflows, developer onboarding
- Cloud Security Posture Management (CSPM) – Wiz, Security Hub, GCP SCC
- CI/CD Governance & Standards – GitHub Actions, Jenkins, ArgoCD, Azure DevOps
- Infrastructure as Code (IaC) – Terraform, Ansible
- Containerization – Docker, Podman
- Orchestration & Deployment – Kubernetes (GKE, AKS, EKS), Helm, Kustomize
- Cloud Platforms – GCP, AWS, Azure
- DevOps & DevSecOps Culture Enablement – Cross-team collaboration, workflow optimization, best practice adoption
- Security Engineering – SAST, DAST, SCA, Secret Scanning, Vulnerability Triage, GCP SCC, Wiz, ArcticWolf, GKE vulnerabilities remediation
- Compliance – SOC2, HIPAA, CIS Benchmarks, Vanta, KnowBe4
- Developer Productivity Metrics – Measuring and improving release velocity, build success rates, onboarding efficiency
LINKS
- ISB Executive Education
- Great Learning Portfolio
- Capstone Blog Article
- GitHub:Cost-Drift-PR-Bot
- GitHub:Compliance-as-Code-Guardrail
- GitHub:AI-Powered-PR-Security-Reviewer
Accomplishments
- Built AI-powered PR Security Reviewer that automated IaC/Kubernetes/container scanning with GitHub Actions + LLMs, reducing manual triage by 60% and cutting security review cycles by 40%.
- Developed Cost Drift PR Bot (Terraform/GKE rightsizer) that saved $X in monthly cloud spend by automatically detecting and optimizing over-provisioned resources.
- Designed and implemented Compliance-as-Code Guardrail enforcing SOC2/HIPAA policies in CI/CD pipelines, preventing insecure PR merges and achieving 100% policy compliance pre-deployment.
- Reduced GitHub vulnerabilities from 1,000+ to ~200 and GKE cluster CVEs from 10,000+ to ~600, strengthening cloud security posture and ensuring regulatory readiness.
- Partnered with VP Engineering & platform teams to define a company-wide CI/CD enablement strategy, accelerating deployments by 30% while minimizing operational risks.
- Published research on Hybrid GNN + Transformer model for Intrusion Detection, enhancing real-time threat detection accuracy on CICIDS2017 dataset (Ph.D. work in progress).
Timeline
Staff DevSecOps Engineer
Suki.AI
04.2023 - 08.2025
Lead DevSecOps Engineer
APT Portfolio
06.2022 - 03.2023
Lead DevSecOps Engineer
Maersk GSC
12.2020 - 06.2022
Lead DevOps Engineer
PwC
09.2018 - 11.2020
Lead DevOps Engineer
Coforge
09.2016 - 11.2018
Senior DevOps Engineer
TCS
09.2013 - 11.2016
Build and Release Engineer, PL/SQL
TCS
02.2009 - 08.2013
PGP - Cloud Computing (GCP, AWS, Azure)
Great Lakes Institute
B.Tech - Information Technology
JSS Academy of Technical Education
Ph.D. - Computer Science (Leveraging AI in Cybersecurity)
IIIT Ranchi
Similar Profiles
Ramesh MaddheshiyaRamesh Maddheshiya
Staff DevSecOps Engineer at Suki.AIStaff DevSecOps Engineer at Suki.AI
SAKET SINGHSAKET SINGH
Manager-Client Engagement at Quess CorpManager-Client Engagement at Quess Corp
Nithya KrishnanNithya Krishnan
Technical Lead - Snr License Manager at Cognizant Technology SolutionsTechnical Lead - Snr License Manager at Cognizant Technology Solutions
MAHANTHESH HVMAHANTHESH HV
Assistant Manager at Indian Oil Corporation LimitedAssistant Manager at Indian Oil Corporation Limited
Sai Lavakumar Reddy ModiyamSai Lavakumar Reddy Modiyam
Senior Salesforce Consultant at IBM IndiaSenior Salesforce Consultant at IBM India