Summary
Overview
Work History
Education
Skills
Websites
Certification
Timeline
SalesManager
Ramesh Maddheshiya

Ramesh Maddheshiya

Bangalore

Summary

Staff Engineer & DevSecOps Leader with 16+ years of experience in cloud security and automation. Expert in modernizing CI/CD pipelines, designing secure multi-cloud architectures (AWS, GCP, Azure), and implementing automation with Kubernetes, Terraform, and Ansible. Hands-on with cloud security posture management (Wiz, GCP SCC, Security Hub), container security hardening, and threat modeling-ensuring compliance with SOC2, HIPAA, and CIS benchmarks. Recognized for reducing vulnerabilities at scale while enabling faster, more secure product delivery.

Overview

17
17
years of professional experience
1
1
Certification

Work History

Staff DevSecOps Engineer

Suki.AI
Bangalore
04.2023 - 08.2025
  • Built end-to-end CI/CD workflows with GitHub Actions, Terraform, and ArgoCD for GKE, embedding CSPM controls (Wiz, GCP SCC, GitHub Advanced Security) to continuously monitor misconfigurations and enforce SOC2/HIPAA compliance.
  • Integrated container image scanning (Trivy, Veracode, SonarCloud) into pipelines, blocking vulnerable builds before deployment and reducing exploitable container risks by ~70%.
  • Led cloud security architecture reviews and threat modeling across GKE workloads, IAM policies, and network controls, identifying and remediating critical risks pre-production.
  • Automated IAM remediation with Python-based bots and implemented policy-as-code guardrails (OPA/Conftest, Checkov) to prevent insecure Terraform changes (e.g., public buckets, missing encryption).
  • Reduced GitHub vulnerabilities from ~1,000 to ~200 and GKE cluster vulnerabilities from ~10,000 to ~600, enabling faster and safer enterprise product delivery.
  • Modernized CI/CD toolchains with GitHub Actions matrix builds, caching, and reusable workflows - cutting build times by ~40% and improving reliability across 50+ microservices.
  • Built AI-powered automation: 'Cost Drift PR Bot' (Terraform/GKE rightsizer) for cost optimization and 'Compliance-as-Code Guardrail' to block insecure IaC PRs.
  • Developed 'Compliance-as-Code Guardrail' - integrated Checkov into GitHub Actions to auto-scan Terraform PRs, generate compliance reports, and block insecure IaC changes (e.g., public S3 buckets, missing encryption), aligning with SOC2/HIPAA controls.
  • Built an AI-powered PR Security Reviewer that integrated IaC/Kubernetes/container scanners (Checkov, kube-linter, Trivy, Syft) with GitHub Actions and an LLM. Automated inline PR comments, SBOM generation, and Slack security summaries, enabling shift-left security reviews and reducing manual triage effort by ~60%.

Lead DevSecOps Engineer

APT Portfolio
06.2022 - 03.2023
  • Delivered security-hardened AKS platforms using Terraform + Azure DevOps, embedding IaC scans and compliance-driven controls.
  • Integrated Veracode, BlackDuck, Polaris, and Qualys into CI pipelines for continuous vulnerability detection and AI-assisted remediation triage.
  • Implemented threat modeling and security architecture reviews for microservices and APIs, identifying and mitigating misconfigurations before production deployment.
  • Automated CI/CD pipelines with Terraform and YAML for app deployments and cluster provisioning, ensuring compliance with SOC2/HIPAA controls.
  • Built IaC-driven infrastructure modules to standardize AKS, storage, and networking components across teams, reducing manual provisioning by 60%.

Lead DevSecOps Engineer

Maersk GSC
Bangalore
12.2020 - 06.2022
  • Designed and automated secure infrastructure on Azure with Terraform + Ansible, provisioning AKS, Cosmos DB, and Redis with built-in IaC security scans and CSPM integration (Azure Security Center, Wiz).
  • Implemented container security hardening: PodSecurityPolicies, RBAC, workload identity federation, and network policies, reducing privilege escalation risks across AKS clusters.
  • Conducted threat modeling and security architecture reviews for microservices and APIs, remediating IAM misconfigurations, lateral movement risks, and exposed endpoints before go-live.
  • Developed real-time observability with Azure Sentinel, Prometheus, Grafana, and custom dashboards, enabling rapid detection and investigation of anomalous cloud and container activity.
  • Applied DDoS protection, Bastion host setups, and VNet firewalls to enforce zero-trust access and minimize attack surface across containerized environments.
  • Wrote Kubernetes manifests (Deployments, Services, Ingress, ConfigMaps) and built modular Terraform infra to automate VNet, firewall, Redis, and AKS provisioning.

Lead DevOps Engineer

PwC
Bangalore
09.2018 - 11.2020
  • Enforced IAM isolation, vault integration, WAF, and secure key management.
  • Delivered CI/CD pipelines for client onboarding with Jenkins, Nexus, Veracode scanning, and custom artifact promotion.
  • Wrote Terraform and YAML-based automation to deploy microservices to Kubernetes clusters with secure access controls.
  • Implemented VPC isolation, IAM hardening, secure vault integration, and managed multi-cloud DevSecOps.
  • Architected secure pipelines for e-commerce, insurance, and banking clients using K8s, Terraform, Ansible.
  • Created secure multi-tier deployments using VNet, WAF, Bastion, IAM policies, and key vaults.

Lead DevOps Engineer

Coforge
Bangalore
09.2016 - 11.2018
  • Pivotal for directing end-to-end perfection across Continuous Integration and Delivery (CI/CD), Infrastructure provisioning Configured and monitored distributed.
  • Hands-on experience on implementing cloud solutions using various AWS services including EC2, VPC, S3, Glacier, EFS, Directory services, RDS, DynamoDB etc.
  • Build and deployment scripts according to SCM team standards and processes to QA, Performance and Production Environments.
  • Prometheus for monitoring and alerting for different metrics of the cloud environments.

Senior DevOps Engineer

TCS
Gurgaon
09.2013 - 11.2016
  • Created network architecture on AWS VPC, subnets, Internet Gateway, Route Table and NAT Setup.
  • Utilized Cloud Watch to monitor resources such as EC2, CPU memory, Amazon RDS DB services, DynamoDB tables, EBS volumes to set alarms for notification or automated actions, and to monitor logs for a better understanding and operation of the system.
  • Used Ansible for the creation of playbook for orchestration of deployment process.

Build and Release Engineer, PL/SQL

TCS
Gurgaon
02.2009 - 08.2013
  • Automated CI/CD pipelines in Jenkins and managed Git-based version control, ensuring efficient build and release processes.
  • Deployed and monitored applications (EAR/WAR) on WebSphere Application Server, managing nodes, clusters, and troubleshooting deployment issues across SDLC environments.
  • Enhanced build infrastructure by automating scripts, error reporting, and JIRA integration, reducing manual intervention and improving transparency.
  • Developed and optimized PL/SQL scripts, stored procedures, functions, triggers, and database objects (tables, views, indexes, sequences) to support business applications.
  • Performed schema changes, user management, and data imports, ensuring database integrity and security.

Education

Ph.D. - Computer Science (Leveraging AI in Cybersecurity)

IIIT Ranchi
08.2025

PGP - Cloud Computing (GCP, AWS, Azure)

Great Lakes Institute
01.2020

B.Tech - Information Technology

JSS Academy of Technical Education
01.2008

Skills

  • Google Cloud Platform
  • AWS
  • Azure
  • Kubernetes
  • Helm
  • Docker
  • Terraform
  • Infrastructure as Code
  • GitOps
  • DevSecOps Implementation
  • SAST
  • DAST
  • SCA
  • Secret Scanning
  • Vulnerability Management
  • Compliance
  • Policy-as-Code
  • GCP Cloud IDS
  • Cloud NGFW
  • Cloud Security Posture Management
  • Threat Modeling
  • Security Architecture Reviews
  • Python
  • Bash
  • API Integrations
  • MLOps Automation
  • Cross-Functional Team Leadership
  • Stakeholder Management
  • Executive Communication
  • Developer Experience Improvement
  • Mentorship
  • Coaching
  • Change Management
  • Ansible
  • Jenkins
  • Oracle
  • SQL
  • PostgresDB
  • MongoDB
  • ElasticSearch
  • Cassandra
  • Redis
  • Veracode
  • SonarCloud
  • GitHub Advanced Security

Websites

Certification

  • Cybersecurity for Leaders - Indian School of Business (ISB), Executive Education
  • Certified Kubernetes Administrator (CKA)
  • Azure Solution Architect
  • AWS SysOps Administrator

Timeline

Staff DevSecOps Engineer

Suki.AI
04.2023 - 08.2025

Lead DevSecOps Engineer

APT Portfolio
06.2022 - 03.2023

Lead DevSecOps Engineer

Maersk GSC
12.2020 - 06.2022

Lead DevOps Engineer

PwC
09.2018 - 11.2020

Lead DevOps Engineer

Coforge
09.2016 - 11.2018

Senior DevOps Engineer

TCS
09.2013 - 11.2016

Build and Release Engineer, PL/SQL

TCS
02.2009 - 08.2013

Ph.D. - Computer Science (Leveraging AI in Cybersecurity)

IIIT Ranchi

PGP - Cloud Computing (GCP, AWS, Azure)

Great Lakes Institute

B.Tech - Information Technology

JSS Academy of Technical Education

Similar Profiles

CREATE PROFILE
Ramesh Maddheshiya