Highly skilled Cybersecurity professional with over 4 years of experience in incident response, threat investigation, and DevSecOps engineering across diverse enterprise environments. Expert in identifying and containing threats through advanced SIEM/EDR platforms, strengthening detection workflows, and integrating automated security controls into CI/CD pipelines. Proven ability to enhance application and cloud security postures while fostering cross-functional collaboration to drive continuous process improvements.
Application Security Engineer
N/A, N/A, US
→
Summary
Leads secure code reviews and threat modeling for Python and Java applications, integrates SAST/DAST tools into CI/CD workflows, and develops secure data transfer services to enhance application security.
Highlights
Led secure code reviews and threat modeling for Python and Java applications, identifying over 40 vulnerabilities and reducing critical issues using Semgrep and OWASP ZAP.
Partnered with developers to embed secure coding practices and SAST/DAST tools into CI/CD workflows, significantly improving early vulnerability detection and accelerating remediation.
Developed a Secure Data Transfer Service with JWT authorization, enabling user-consented document exchange while ensuring robust authentication and authorization.
SOC Analyst Intern
Allen, Texas, US
→
Summary
Optimized SIEM operations and automated incident response workflows for containerized applications and firewalls within a Security Operations Center.
Highlights
Configured comprehensive log collection for containerized applications and firewalls with Elastic SIEM, enhancing visibility into file changes and application-level threats.
Engineered and optimized over 20 correlation rules in Elastic SIEM, significantly improving alert accuracy and detection capabilities for threats like lateral movement and credential abuse.
Collaborated with cross-functional teams to develop Splunk SOAR playbooks, automating incident response actions for VMs including isolation, process termination, and user account disablement.
DevSecOps Engineer
Kochi, Kerala, India
→
Summary
Engineered secure applications and infrastructure, integrating security into CI/CD pipelines and enforcing compliance standards across cloud and on-prem environments.
Highlights
Developed secure Python and JavaScript applications, resolving over 300 Jira issues by implementing OWASP practices (input validation, encryption), enhancing application security and stability.
Integrated GitHub Actions and Jenkins into end-to-end CI/CD workflows, automating build, test, and security scans to proactively detect and remediate code vulnerabilities earlier in the SDLC.
Ensured 100% compliance with NIST, HIPAA, and GDPR by collaborating with cross-functional teams and contributing to Agile ceremonies and peer code reviews.
Enhanced container security by integrating Docker image scanning (Trivy/Anchore) into CI/CD pipelines, ensuring only vulnerability-free images were deployed to production environments.
Hardened cloud and on-premise environments through IAM best practices, secret rotation via Vault, and privilege reduction, significantly mitigating access-related risks.
Application Security Intern
Kochi, Kerala, India
→
Summary
Assisted in developing secure applications, applying OWASP Top 10 practices, and conducting threat modeling and code reviews.
Highlights
Developed secure applications using JavaScript, Node.js, and Python, leveraging Semgrep for static code analysis to remediate XSS and SQL Injection vulnerabilities.
Collaborated with senior engineers to apply OWASP Top 10 secure practices, documenting recurring vulnerabilities and building knowledge bases for future security assessments.
Conducted threat modeling, code reviews, and dependency analysis to identify and assess potential risks in new and existing applications.
Volunteer
→
Summary
Assisted operations at America's oldest hacker conference, coordinating volunteer shifts and strengthening adaptability and crisis-management.
Highlights
Assisted operations at Summercon Security Conference, coordinating volunteer shifts and providing general support for a diverse corps, strengthening crisis management skills.
Volunteer
→
Summary
Supported logistics and speaker coordination for a sold-out cloud-native event, enhancing teamwork and stakeholder management.
Highlights
Managed logistics and speaker coordination for Kubernetes Community Day NYC 2025, a sold-out event drawing over 250 cloud-native practitioners.
Volunteer
→
Summary
Co-organized cybersecurity networking events, fostering cross-chapter coordination and relationship-building among professionals.
Highlights
Co-organized 3 cybersecurity networking events for over 40 professionals across New York and New Jersey, facilitating cross-chapter coordination and relationship-building.
→
Master of Science
Cybersecurity
Grade: ISC2 Graduate Scholarship Winner (2024), CTF – NCL 2025: Ranked 171/600
Courses
Malware Analysis
AI/ML for Cybersecurity
Mobile Forensics
Automation with Python
→
Bachelor of Engineering
Computer Science
Courses
Operating Systems
Computer Networks
Database Systems
OOP
Data Structures and Algorithms
Issued By
CompTIA
Issued By
CompTIA
Incident Detection & Response, Threat Hunting, Log Analysis, MITRE ATT&CK, Use Case Development, Alert Triage, RCA.
Splunk Enterprise Security, Microsoft Sentinel, IBM QRadar, LogRhythm.
Cortex XSOAR, Microsoft Sentinel Automation, Splunk SOAR, Python & PowerShell Automation.
CrowdStrike Falcon, SentinelOne, Carbon Black, Cisco Firepower, IDS/IPS (Snort, Suricata), OSQuery.
AWS Security Hub, GuardDuty, CloudTrail, Azure Defender, Azure AD Security, CSPM Basics.
Nessus, Qualys, OpenVAS, Patch Management, CVSS Scoring, OWASP Top 10.
Azure AD, Okta, MFA/SSO, RBAC, Privileged Access.
GitHub Actions, Jenkins, GitLab CI/CD, Docker, Kubernetes.
Indicator Analysis, STIX/TAXII, YARA Rules, Threat Feeds Correlation.
TCP/IP, DNS Security, SSL/TLS, VPN, Wireshark, Packet Capture & Analysis.
NIST CSF, ISO 27001, SOC 2, CIS Controls.
Python (Security Scripts), PowerShell, Bash, Regex, Java, JavaScript, SQL.
Email Header Analysis, Memory Analysis (Volatility), File Carving.
Incident Reports, RCA, Risk Assessments, Executive-Level Reporting.
Summary
Built production-grade AI agents using Google's ADK by implementing tool orchestration, memory systems, observability, and multi-agent communication. Developed stateful agents with long-term memory, integrated external MCP services, and built cross-agent workflows using the A2A protocol.
Summary
Developed a local, open-source cybersecurity assistant using the Model Context Protocol (MCP) to integrate AI with tools like Nmap and VirusTotal for offline threat scanning and intelligence automation.
Summary
Analyzed and reverse engineered 10+ malware samples to extract IOCs and TTPs, performing static and dynamic analysis to support threat classification, detection signature creation, and malware tooling deconstruction.