Sahad NK
Lead Security Engineer
Bangalore
Summary
Experienced security engineer with 6.5 year proven track record in securing web & mobile applications, APIs & cloud infrastructure. Recognized bug bounty hunter, acknowledged by top companies such as Facebook, Microsoft, and Sony. Skilled in identifying, mitigating, and preventing security vulnerabilities. Possesses strong communication skills enabling the clear and effective explanation of complex technical details to diverse audiences.
Overview
7
7
years of professional experience
Work History
Lead Security Engineer
Flipkart
03.2021 - Current
- Performed security reviews of applications, systems, and infrastructure to identify and mitigate potential vulnerabilities in business critical applications and services
- Led the Static Application Security Testing (SAST) program in Flipkart using CodeQL and Snyk
- Provided security architecture reviews and recommendations for enhancements and new initiatives
- Implemented mobile security measures to protect against mobile-specific security threats
- Ensured security in CI/CD pipelines, identifying and addressing potential security issues in the earlier stage of SDLC.
- Conducted Open Source Software (OSS) security assessments and implemented necessary controls to block the introduction of vulnerable packages to code repository
- Collaborated with development and operations teams to integrate security into the software development lifecycle (SDLC)
- Implemented and managed security tools and solutions to monitor and protect systems
- Contributed to the creation and maintenance of security policies and procedures
- Documented security findings, recommendations, and solutions for management and stakeholders
- Stayed informed about the latest security trends, threats, and best practices to continuously improve security posture.
Senior Application Security Specialist
Envestnet Yodlee
04.2019 - 03.2021
- Identified, reported, and prevented security flaws in Envestnet Yodlee's code bases and acquisitions
- Worked on cloud (AWS), Docker, and Kubernetes environments, maintaining internal security standards and best practices
- Performed security reviews, improved internal security tools, and wrote API wrappers for pipeline integrations
- Collaborated cross-functionally with development teams, architects, and different security teams
- Presented internal talks, conducted tech sessions, and hosted Capture The Flag events.
Direct Contractor - Application Security Team
Envestnet Yodlee
10.2017 - 03.2019
- Performed penetration testing for web applications, APIs, and mobile applications
- Carried out source code reviews and worked with developers on secure coding practices
- Documented and reported security issues to appropriate team members and management
- Provided training to new hires within the team.
Education
Bachelor of Technology: Computer Science & Engg -
MES Institute Of Technology & Management
Kollam, Kerala 04.2001 -
Skills
DevSecOps, CI/CD, Android Security
Vulnerability Assessment, Penetration Testing
Python, Java
Secure Coding
Mobile, Web & API Security
Docker & Kubernetes
ASVS, MASVS
AWS & GCP Cloud Security
OWASP Top 10, SAST/DAST
DevSecOps, CI/CD, Android Security
Accomplishments
- Acknowledged by Facebook (years 2013, 2014, 2015, 2016 & 2017) for responsibly disclosing security vulnerabilities in its various products and acquisitions. (https://www.facebook.com/whitehat/thanks/)
- Got featured in TechCrunch, Mashable, NDTV, FinancialExpress and various other medias for finding a critical security issue linked to few of Microsoft Office products.
- Listed in Microsoft Hall of Fame for finding and reporting critical security vulnerabilities. (September 2014, July 2018 and October 2018)
Timeline
Lead Security Engineer
Flipkart
03.2021 - Current
Senior Application Security Specialist
Envestnet Yodlee
04.2019 - 03.2021
Direct Contractor - Application Security Team
Envestnet Yodlee
10.2017 - 03.2019
Bachelor of Technology: Computer Science & Engg -
MES Institute Of Technology & Management
04.2001 -