Staff Engineer & DevSecOps Leader with 16+ years of experience in cloud security and automation. Expert in modernizing CI/CD pipelines, designing secure multi-cloud architectures (AWS, GCP, Azure), and implementing automation with Kubernetes, Terraform, and Ansible. Hands-on with cloud security posture management (Wiz, GCP SCC, Security Hub), container security hardening, and threat modeling-ensuring compliance with SOC2, HIPAA, and CIS benchmarks. Recognized for reducing vulnerabilities at scale while enabling faster, more secure product delivery.
Overview
17
17
years of professional experience
1
1
Certification
Work History
Staff DevSecOps Engineer
Suki.AI
Bangalore
04.2023 - 08.2025
Built end-to-end CI/CD workflows with GitHub Actions, Terraform, and ArgoCD for GKE, embedding CSPM controls (Wiz, GCP SCC, GitHub Advanced Security) to continuously monitor misconfigurations and enforce SOC2/HIPAA compliance.
Integrated container image scanning (Trivy, Veracode, SonarCloud) into pipelines, blocking vulnerable builds before deployment and reducing exploitable container risks by ~70%.
Led cloud security architecture reviews and threat modeling across GKE workloads, IAM policies, and network controls, identifying and remediating critical risks pre-production.
Automated IAM remediation with Python-based bots and implemented policy-as-code guardrails (OPA/Conftest, Checkov) to prevent insecure Terraform changes (e.g., public buckets, missing encryption).
Reduced GitHub vulnerabilities from ~1,000 to ~200 and GKE cluster vulnerabilities from ~10,000 to ~600, enabling faster and safer enterprise product delivery.
Modernized CI/CD toolchains with GitHub Actions matrix builds, caching, and reusable workflows - cutting build times by ~40% and improving reliability across 50+ microservices.
Built AI-powered automation: 'Cost Drift PR Bot' (Terraform/GKE rightsizer) for cost optimization and 'Compliance-as-Code Guardrail' to block insecure IaC PRs.
Developed 'Compliance-as-Code Guardrail' - integrated Checkov into GitHub Actions to auto-scan Terraform PRs, generate compliance reports, and block insecure IaC changes (e.g., public S3 buckets, missing encryption), aligning with SOC2/HIPAA controls.
Built an AI-powered PR Security Reviewer that integrated IaC/Kubernetes/container scanners (Checkov, kube-linter, Trivy, Syft) with GitHub Actions and an LLM. Automated inline PR comments, SBOM generation, and Slack security summaries, enabling shift-left security reviews and reducing manual triage effort by ~60%.
Lead DevSecOps Engineer
APT Portfolio
06.2022 - 03.2023
Delivered security-hardened AKS platforms using Terraform + Azure DevOps, embedding IaC scans and compliance-driven controls.
Integrated Veracode, BlackDuck, Polaris, and Qualys into CI pipelines for continuous vulnerability detection and AI-assisted remediation triage.
Implemented threat modeling and security architecture reviews for microservices and APIs, identifying and mitigating misconfigurations before production deployment.
Automated CI/CD pipelines with Terraform and YAML for app deployments and cluster provisioning, ensuring compliance with SOC2/HIPAA controls.
Built IaC-driven infrastructure modules to standardize AKS, storage, and networking components across teams, reducing manual provisioning by 60%.
Lead DevSecOps Engineer
Maersk GSC
Bangalore
12.2020 - 06.2022
Designed and automated secure infrastructure on Azure with Terraform + Ansible, provisioning AKS, Cosmos DB, and Redis with built-in IaC security scans and CSPM integration (Azure Security Center, Wiz).
Implemented container security hardening: PodSecurityPolicies, RBAC, workload identity federation, and network policies, reducing privilege escalation risks across AKS clusters.
Conducted threat modeling and security architecture reviews for microservices and APIs, remediating IAM misconfigurations, lateral movement risks, and exposed endpoints before go-live.
Developed real-time observability with Azure Sentinel, Prometheus, Grafana, and custom dashboards, enabling rapid detection and investigation of anomalous cloud and container activity.
Applied DDoS protection, Bastion host setups, and VNet firewalls to enforce zero-trust access and minimize attack surface across containerized environments.
Wrote Kubernetes manifests (Deployments, Services, Ingress, ConfigMaps) and built modular Terraform infra to automate VNet, firewall, Redis, and AKS provisioning.
Lead DevOps Engineer
PwC
Bangalore
09.2018 - 11.2020
Enforced IAM isolation, vault integration, WAF, and secure key management.
Delivered CI/CD pipelines for client onboarding with Jenkins, Nexus, Veracode scanning, and custom artifact promotion.
Wrote Terraform and YAML-based automation to deploy microservices to Kubernetes clusters with secure access controls.
Implemented VPC isolation, IAM hardening, secure vault integration, and managed multi-cloud DevSecOps.
Architected secure pipelines for e-commerce, insurance, and banking clients using K8s, Terraform, Ansible.
Created secure multi-tier deployments using VNet, WAF, Bastion, IAM policies, and key vaults.
Lead DevOps Engineer
Coforge
Bangalore
09.2016 - 11.2018
Pivotal for directing end-to-end perfection across Continuous Integration and Delivery (CI/CD), Infrastructure provisioning Configured and monitored distributed.
Hands-on experience on implementing cloud solutions using various AWS services including EC2, VPC, S3, Glacier, EFS, Directory services, RDS, DynamoDB etc.
Build and deployment scripts according to SCM team standards and processes to QA, Performance and Production Environments.
Prometheus for monitoring and alerting for different metrics of the cloud environments.
Senior DevOps Engineer
TCS
Gurgaon
09.2013 - 11.2016
Created network architecture on AWS VPC, subnets, Internet Gateway, Route Table and NAT Setup.
Utilized Cloud Watch to monitor resources such as EC2, CPU memory, Amazon RDS DB services, DynamoDB tables, EBS volumes to set alarms for notification or automated actions, and to monitor logs for a better understanding and operation of the system.
Used Ansible for the creation of playbook for orchestration of deployment process.
Build and Release Engineer, PL/SQL
TCS
Gurgaon
02.2009 - 08.2013
Automated CI/CD pipelines in Jenkins and managed Git-based version control, ensuring efficient build and release processes.
Deployed and monitored applications (EAR/WAR) on WebSphere Application Server, managing nodes, clusters, and troubleshooting deployment issues across SDLC environments.
Enhanced build infrastructure by automating scripts, error reporting, and JIRA integration, reducing manual intervention and improving transparency.
Developed and optimized PL/SQL scripts, stored procedures, functions, triggers, and database objects (tables, views, indexes, sequences) to support business applications.
Performed schema changes, user management, and data imports, ensuring database integrity and security.
Education
Ph.D. - Computer Science (Leveraging AI in Cybersecurity)