Sarthak Goyal
Fremont
Summary
Dynamic Security Engineer with over 6 years of experience enhancing security frameworks across diverse environments. Expertise lies in penetration testing, threat modeling, and the automation of security workflows, ensuring robust protection for both applications and infrastructure. Skilled in developing scalable detection and response pipelines, driving compliance with industry standards such as SOC 2 and ISO 27001. Committed to fostering proactive security measures that adapt to the evolving threat landscape while facilitating growth and innovation.
Overview
5
5
years of professional experience
Work History
Application Security Engineer
Coreweave
01.2025 - Current
- Driving security across CoreWeave’s deeply nested Kubernetes-in-Kubernetes architecture by building SDLC controls, conducting full-stack pentests—from GitHub repos and Kubernetes clusters to BMC hardware—and designing secret scanning pipelines and AppSec programs tailored to modern cloud-native infrastructure.
- Hardened CoreWeave’s K8s-in-K8s deployment patterns, auditing cluster APIs, ArgoCD misconfigs, secret management, and token scoping.
- Conducted real-world exploit tests on custom internal CRDs, admission controllers, and exposed ArgoCD endpoints.
- Automated false-positive filtering for secret scanning alerts using contextual enrichment from Backstage and commit metadata.
Apache Pinot PPMC and Committer
Self Employed
11.2023 - 01.2025
- Security Fixes to Open Source Community
- Https://pinot.apache.org/
Founding Security Engineer
StarTree
11.2023 - 01.2025
- Developed the entire Security Engineering Program from scratch for StarTree
- Designed the SDLC process to adhere to Shift Left Practice in the existing Build Pipeline.
- Performed Penetration Test for the StarTree infrastructure and the network.
- Implemented robust security frameworks and achieved critical compliance certifications—earning our customers' trust with their most sensitive data.
Security Engineer
GRAIL
08.2022 - 10.2024
- Leading the security efforts at GRAIL focusing on penetration testing and security automation.
- Conducted regular penetration tests to identify and address vulnerabilities before they can be exploited.
- Automated the GRAIL SOC platform for incident response.
- Developed and deployed an External Attack Management tool to detect vulnerabilities on public-facing endpoints.
- Implemented security engineering pipelines to generate automated alerts for detection schemes.
Application Security Engineer
SAP SuccessFactors
08.2020 - 07.2022
- Focused on application security and managing security pipelines for the product.
- Automating secure DevOps practices for embedding them in CI/CD pipelines providing Security as a Service.
- Automating security tools both SAST and DAST (whitesource, Fortify, Hadolint, Protecode, BlackDuck, Acunetix) in the Security Pipeline as CI/CD to be used by micro-services to scan their projects.
- Review of the penetration-test reports to find the length of exploitability in SAP products.
- Lead the SAP bug-bounty program.
Cyber Reverse Engineer
Citi
05.2020 - 07.2020
- Focused on Malware Reverse Engineering
- Reverse Engineering open-source malware to track data leakage from Citi’s network using CommandoVM and IDA.
- Cyber Forensics using Encase to find the preserve the financial data from Citi’s network.
Education
M.S. - Computer Science
University of Southern California
05.2020
Skills
- Apache
- Blockchain
- DevSecOps
- WebApp PenTesting
- Cyber Forensics
- Malware Reverse Engineer
- Groovy
- Python
- Solidity
- Kubernetes
- Terraform
- Threat Hunting
- Infrastructure PenTesting
- Network PenTesting
- Cryptography
- Kubernetes
Timeline
Application Security Engineer
Coreweave
01.2025 - Current
Apache Pinot PPMC and Committer
Self Employed
11.2023 - 01.2025
Founding Security Engineer
StarTree
11.2023 - 01.2025
Security Engineer
GRAIL
08.2022 - 10.2024
Application Security Engineer
SAP SuccessFactors
08.2020 - 07.2022
Cyber Reverse Engineer
Citi
05.2020 - 07.2020
M.S. - Computer Science
University of Southern California