Yash A.
Senior CyberSecurity Engineer
Experience
Apr 2023 - Present
2 years 8 monthsGurugram, India
Senior CyberSecurity Engineer
Aspire
- Led application security initiatives by establishing end-to-end security testing processes and building the AppSec program from the ground up
- Collaborated with product managers to prioritize remediation, tracked fixes, and drove cross-functional security reviews for every release, ensuring secure software delivery
- Identified and addressed a range of critical to medium severity vulnerabilities, such as LLM Injection, SQL Injection, access control flaws, and rate limit logic bypasses, during the early stages of the development process
- Developed Aspire's Responsible Disclosure Policy and established the end-to-end process from acknowledging researcher submissions to coordinating issue remediation
- Implemented OWASP Top 10 security rules, rate limiting, and threat score-based IP blocking on Cloudflare, enhancing web application protection and performance in collaboration with the DevOps team
- Implemented GitHub Advanced Security by integrating Static Application Security Testing (SAST) and Dependabot-based Software Composition Analysis (SCA), enhancing code security posture
- Designed and deployed a custom pre-commit Secret Detection tool to prevent accidental credential leaks, ensuring no sensitive data was pushed to repositories
- Built automated dashboards with the data team to track IT security KPIs, SLA breaches, uptime, compliance, and vulnerability trends
- Conducted internal AWS network penetration tests, discovered critical issues, and collaborated with DevOps to remediate
- Actively collaborated with DevOps engineers to identify, patch, and resolve Docker security issues by analyzing application packages and deploying manual patches to update vulnerable dependencies
- Performed quarterly AWS infrastructure security reviews, including IAM, Security Groups, and NACL rules, to maintain compliance and reduce misconfigurations
- Administered the CSPM platform (Wiz) to identify, validate, and prioritize cloud security risks, partnering with DevOps teams to deliver actionable remediation guidance
- Developed an automated log monitoring solution to detect and flag Personally Identifiable Information (PII) within application logs, preventing sensitive data exposure and enhancing data security
- Supported ISO 27001, SOC2, and PCI-DSS audits by collecting and organizing technical security evidence aligned with control requirements
- Conducted threat modeling for generative AI workflows, focusing on prompt injection, sensitive data exposure, and adversarial use cases
Dec 2021 - Apr 2023
1 year 5 monthsSecurity Engineer - I
Meesho
- Collaborated with the development team to conduct security testing for new features, review PRD and architecture, and perform quarterly testing of the Meesho Android app and supplier website
- Implemented an automation solution for Route53 that addressed DNS-related security issues, eliminated the DNS takeover bug class, and provided on-demand asset inventory
- Designed and implemented a CVE scanner for EC2 instances utilizing AWS SSM and the NVD CVE database, reducing the dependency on third-party tools such as Qualys Cloud Scanner
- Developed an in-house Static Application Security Testing (SAST) pipeline for code and secret scanning and managed the Bug Bounty Program
- Designed and executed the development of a specialized tool to scan and identify secrets within Confluence
Jan 2021 - Dec 2021
1 yearSecurity Consultant
Redhunt Labs
- Created and set up the Attack Surface Management Automation, improving efficiency by reducing manual work time by 80%
- Performed web application, API, network, and mobile applications security testing for multiple clients
- Stayed up to date with emerging security threats, CVEs, and new reconnaissance techniques
Summary
Impact-driven Cybersecurity Engineer with around 5 years of experience across FinTech, E-commerce, and SaaS industries. Skilled in Application Security, Cloud Security, and AI/LLM Security, with hands-on expertise in automation, vulnerability assessment and LLM Security. Passionate about building secure systems and embedding security best practices throughout the development lifecycle.
Languages
English
AdvancedEducation
Oct 2020 - Jun 2022
Indian Institute of Information Technology (IIITA)
Master of Technology, Cyber Law and Information Security · Cyber Law and Information Security · India · 8.87/10
Oct 2016 - Jun 2020
University School of Information, Communication & Technology
Bachelor of Technology, Computer Science Engineering · Computer Science Engineering · India · 7.62/10
Certifications & licenses
Google cloud Essesntials, Google baseline Infrastructure
PentesterLab: Unix, PCAP, White, Android and Recon Badges
Need a freelancer? Find your match in seconds.
Try FRATCH GPT More actions
Similar Freelancers
Discover other experts with similar qualifications and experience
- English
- Deutsch
2025 © FRATCH.IO GmbH. All rights reserved.