Soham Ruj

Client: Thomson Reuters

• Cloud: Azure & AWS
• Team size: 50+
• Resolved critical issues during system integration phases, ensuring seamless transitions between design iterations.
• Evaluated vendor proposals for equipment procurement, selecting optimal solutions based on performance requirements.
• Integrate OWASP tools into the organization's CI/CD pipeline to automate security testing of web applications during the development and deployment phases. This helps in identifying and addressing vulnerabilities early in the software development lifecycle.
• Conducted comprehensive security assessments of web applications using Burp Suite's suite of tools, including manual testing, automated scanning, and vulnerability identification.
• Performed penetration tests on web applications to identify potential entry points for attackers and assess the overall security posture. Burp Suite's Intruder tool is particularly useful for conducting automated attacks and identifying weaknesses in input validation.
• Championed environmental sustainability initiatives by integrating eco-friendly practices into engineering designs.
• Applied lean principles to enhance efficiency and reduce waste in various engineering projects.
• Designed secure infrastructure solutions in collaboration with the IT team, minimizing vulnerabilities from outdated or misconfigured systems.
• Collaborated with cyber security investigations when necessary, supporting the apprehension of malicious actors.
• Reviewed existing security architecture for improvements that aligned with evolving business needs while minimizing risk exposure.
• Analyzed log files for anomalies, identifying potential intrusions or malicious activity before significant damage occurred.
• Collaborated with IT teams to develop comprehensive cybersecurity strategies, reducing risks from external attacks.
• Assisted in the successful completion of security audits, resulting in a boost of client trust and confidence.
• Implemented multi-factor authentication measures, strengthening overall network defenses against unauthorized access attempts.
• Enhanced network security by implementing intrusion detection systems and monitoring potential threats.

Client: Good Beat Poker Game

• Team: 5
• Designed production level infrastructure in Azure cloud with infra architecture diagram.
• Contributed to the creation of a DevOps culture within the organization, leading to increased agility and cross-functional collaboration.
• Improved code deployment efficiency by automating processes with CI/CD pipelines.
• Monitored automated build and continuous software integration process to drive build/release failure resolution.
• Contributed to the creation of a DevOps culture within the organization, leading to increased agility and cross-functional collaboration.
• Provided technical guidance during product planning sessions, aligning business objectives with technological capabilities.
• Established strong interdepartmental communication channels, fostering collaboration between development, operations, and QA teams.
• Conducted regular post-mortems after incidents to identify root causes and prevent recurrence.
• Documented project design for reference and future use cases.

Client: Merced Benz (DevSecOps)

• Cloud : Azure
• Team size: 25+
• Secure environment implementations
• Implemented security automation throughout the software development lifecycle, including code scanning, vulnerability assessment, and automated security testing.
• Utilized Burp Suite to identify and prioritize vulnerabilities such as SQL injection, cross-site scripting (XSS), and authentication flaws. This involves regular scanning and analysis of web applications to ensure they meet security standards.
• Used Burp Suite to analyze HTTP/S traffic during incident response investigations. This includes examining network traffic logs, identifying suspicious activities, and pinpointing potential security breaches or data exfiltration attempts.
• Setting up systems for continuous security monitoring to detect and respond to security threats in real-time.
• Collaborate with DevOps and infrastructure teams to design and implement secure cloud and on-premises infrastructure architectures.
• Integrated security checks into CI/CD pipelines to ensure that only secure code is deployed into production environments.
• Enforcing security policies and compliance standards across development, testing, and production environments.
• Ensuring compliance with industry regulations and standards such as GDPR, BDSA, PCI-DSS, etc.
• Documented project design for reference and future use cases.

Client: United Airlines

• Team Size: 7
• Fixed Wiz report issues in containers.
• Fixed AWS cloudformation templates vulnerabilities.
• Upgraded the outdated linux packages.
• Collaborated with QA team to check the updated security reports.
• Did container failover monitoring via prometheus dashboard.

Client : Zyter (Healthcare Domain)

• Cloud: AWS
• Team size: 25
• Maintained version control systems like Git or Bitbucket for seamless collaboration among developers and engineers during project lifecycles.
• Designed Infrastructure architecture using AWS
• Facilitated seamless integration between on-premise systems and AWS resources, streamlining workflows across organizational boundaries.
• Setup the Dev, Stage and Production servers in linux using EC2
• Automated daily backups of critical data using AWS S3, reducing the risk of data loss in case of system failures.
• Developed and maintained CI/CD pipelines using Jenkins, increasing deployment speed and reliability.
• Developed comprehensive strategies for leveraging AWS Auto Scaling, ensuring optimal resource allocation and cost efficiency during periods of high demand.
• Designed and implemented Infrastructure as Code (IaC) using AWS CloudFormation, Terraform reducing deployment time by 30%.
• Established secure remote access protocols using VPNs or SSH tunnels, safeguarding sensitive data transmission.
• Automated manual tasks through scripting languages such as Python or Shell, boosting team productivity levels.
• Designed secure infrastructure solutions in collaboration with the IT team, minimizing vulnerabilities from outdated or misconfigured systems.
• Setting up site reliability via monitoring
• Reduced system downtime for critical applications by implementing robust monitoring and alerting tools.
• Configured monitoring and logging solutions with Amazon CloudWatch and AWS CloudTrail, enhancing visibility into system performance and security.
• Configured secure system environment for low risk mitigations
• Mitigated security risks by conducting regular vulnerability assessments and applying necessary patches.
• Conducted regular security scans in code by integrating SAST tool: sonarqube and DAST tool: OWSAP in CI pipeline.
• Established strong interdepartmental communication channels, fostering collaboration between development, operations, and QA teams.
• Performed system troubleshooting during breakdowns
• Provided 24/7 on-call support for critical systems, ensuring high availability and rapid issue resolution.
• Conducted regular post-mortems after incidents to identify root causes and prevent recurrence.
• Worked with software development and testing team members to design and develop robust solutions to meet client requirements for functionality, scalability, and performance.
• Wrote code and supported architecture in high-throughput systems.
• Corrected, modified and upgraded software to improve performance.
• Conducted KT sessions and technical guidance
• Provided technical guidance during product planning sessions, aligning business objectives with technological capabilities.
• Developed incident response plans that decreased resolution times for production issues.
• Conducted deep-dive hands-on training sessions to transfer knowledge to customers considering or already using AWS.
• Guided other teams to design, develop and deploy data sets and tools that supported product use cases.
• Trained junior engineers on best practices for working within an AWS environment, promoting skill development across the team.
• Delivered services to customer locations within specific timeframes.