Yash A.
Senior CyberSecurity Engineer
Experience
Apr 2023 - Present
2 years 9 monthsGurugram, India
Senior CyberSecurity Engineer
Aspire
- Led application security initiatives by establishing end-to-end security testing processes and building the AppSec program from the ground up
- Collaborated with product managers to prioritize remediation, tracked fixes, and drove cross-functional security reviews for every release, ensuring secure software delivery
- Identified and addressed a range of critical to medium severity vulnerabilities, such as LLM Injection, SQL Injection, access control flaws, and rate limit logic bypasses, during the early stages of the development process
- Developed Aspire's Responsible Disclosure Policy and established the end-to-end process from acknowledging researcher submissions to coordinating issue remediation
- Implemented OWASP Top 10 security rules, rate limiting, and threat score-based IP blocking on Cloudflare, enhancing web application protection and performance in collaboration with the DevOps team
- Implemented GitHub Advanced Security by integrating Static Application Security Testing (SAST) and Dependabot-based Software Composition Analysis (SCA), enhancing code security posture
- Designed and deployed a custom pre-commit Secret Detection tool to prevent accidental credential leaks, ensuring no sensitive data was pushed to repositories
- Built automated dashboards with the data team to track IT security KPIs, SLA breaches, uptime, compliance, and vulnerability trends
- Conducted internal AWS network penetration tests, discovered critical issues, and collaborated with DevOps to remediate
- Actively collaborated with DevOps engineers to identify, patch, and resolve Docker security issues by analyzing application packages and deploying manual patches to update vulnerable dependencies
- Performed quarterly AWS infrastructure security reviews, including IAM, Security Groups, and NACL rules, to maintain compliance and reduce misconfigurations
- Administered the CSPM platform (Wiz) to identify, validate, and prioritize cloud security risks, partnering with DevOps teams to deliver actionable remediation guidance
- Developed an automated log monitoring solution to detect and flag Personally Identifiable Information (PII) within application logs, preventing sensitive data exposure and enhancing data security
- Supported ISO 27001, SOC2, and PCI-DSS audits by collecting and organizing technical security evidence aligned with control requirements
- Conducted threat modeling for generative AI workflows, focusing on prompt injection, sensitive data exposure, and adversarial use cases
Dec 2021 - Apr 2023
1 year 5 monthsSecurity Engineer - I
Meesho
- Collaborated with the development team to conduct security testing for new features, review PRD and architecture, and perform quarterly testing of the Meesho Android app and supplier website
- Implemented an automation solution for Route53 that addressed DNS-related security issues, eliminated the DNS takeover bug class, and provided on-demand asset inventory
- Designed and implemented a CVE scanner for EC2 instances utilizing AWS SSM and the NVD CVE database, reducing the dependency on third-party tools such as Qualys Cloud Scanner
- Developed an in-house Static Application Security Testing (SAST) pipeline for code and secret scanning and managed the Bug Bounty Program
- Designed and executed the development of a specialized tool to scan and identify secrets within Confluence
Jan 2021 - Dec 2021
1 yearSecurity Consultant
Redhunt Labs
- Created and set up the Attack Surface Management Automation, improving efficiency by reducing manual work time by 80%
- Performed web application, API, network, and mobile applications security testing for multiple clients
- Stayed up to date with emerging security threats, CVEs, and new reconnaissance techniques
Summary
Impact-driven Cybersecurity Engineer with around 5 years of experience across FinTech, E-commerce, and SaaS industries. Skilled in Application Security, Cloud Security, and AI/LLM Security, with hands-on expertise in automation, vulnerability assessment and LLM Security. Passionate about building secure systems and embedding security best practices throughout the development lifecycle.
Languages
English
AdvancedEducation
Oct 2020 - Jun 2022
Indian Institute of Information Technology (IIITA)
Master of Technology, Cyber Law and Information Security · Cyber Law and Information Security · India · 8.87/10
Oct 2016 - Jun 2020
University School of Information, Communication & Technology
Bachelor of Technology, Computer Science Engineering · Computer Science Engineering · India · 7.62/10
Certifications & licenses
Google cloud Essesntials, Google baseline Infrastructure
PentesterLab: Unix, PCAP, White, Android and Recon Badges
Need a freelancer? Find your match in seconds.
Try FRATCH GPT More actions
Similar Freelancers
Discover other experts with similar qualifications and experience
Ayesha A.
Senior Penetration Tester & Security Engineer
View Profile
Valeri M.
DORA Readiness – Gap Analysis and Implementation for Banks
View Profile
Syed G.
Cyber Security Professional
View Profile
Niels S.
Azure Architect
View Profile
Udayan S.
Head – IT Infrastructure & Cyber Security
View Profile
Stefan R.
ISO27001 Certification
View Profile
Ali Y.
Principal Product Security Engineer
View Profile
Kazim R.
Principal Security Architect - Contract Hands on
View Profile
Mohit D.
Senior Security Technologist
View Profile
Seyed M.
Senior Product Security Engineer
View Profile
Bhupender S.
Master of Computer Applications
View Profile
Dirk M.
Senior Program Manager & CISO | IT Transformation, Cybersecurity & GRC Leader
View Profile
Sascha L.
CEO
View Profile
Maryam M.
AI Red Team Engineer
View Profile
Nils K.
Vulnerability Management and Secure SDLC
View Profile
Alexander N.
Security Expert
View Profile
Bernhard B.
Senior Security Architect - Technical Consultant - Project Manager - Network Engineer
View Profile
Tezcan D.
Solution Architect / Project Manager
View Profile
Patrick B.
AML Officer
View Profile
Obad Z.
Cybersecurity Trainer
View Profile
Mallikharjun S.
Bug Bounty Hunter | Cybersecurity Researcher | Pentester
View Profile
Stanislaus S.
Security Consultant
View Profile
Henryk O.
Security Consultant
View Profile
Sokol Ç.
Cybersecurity Engineer
View Profile
Valon J.
Cybersecurity and Data Scientist Engineer
View Profile
Nikolaus B.
ICT Risk Management and Information Security
View Profile
Christian D.
Managing Director and Senior Consultant
View Profile
Federico L.
ISO – Senior Consultant Quality & Information Security
View Profile
Petr P.
Freelance Cyber Security Consultant
View Profile
Rashida A.
Security Research Engineer (Freelance)
View Profile
