Aakash Rathee

AAKASH RATHEE - Email :- LinkedIN : https://www.linkedin.com/in/aakash-rathee-/ As an accomplished Security Engineer III, I have consistently demonstrated exceptional performance and expertise in various security domains, including Application security, Cloud security, and DevSecOps. With a proven track record of success, I have effectively conducted VAPTs for web, mobile, and APIs, and implemented robust security pipelines utilizing DAST, SCA, SAST, and image scanners. With proficiency in compliance frameworks such as ISO27001, PCI-DSS, and SOC2. Immediate Joiner Areas of Expertise Include: DevSecOps Application Security Cloud Security AppSec VAPT SCA SAST DAST CI/CD AWS Jenkins OWASP Kubernetes Container Security Threat Modeling Audit Terraform Vulnerability Management SIEM Python PROFESSIONAL OVERVIEW ESPER, Bengaluru Security Engineer III Nov 2021-Current ● Performed Static Code Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Image Scanning to identify vulnerabilities and weaknesses. ● Conducted comprehensive Vulnerability Assessment and Penetration Testing (VAPT) on the basis of OWASP, SANS for Web and Mobile Applications, and API(s) and provided reports and remediation to both developers and clients. ● Created a DevSecOps pipeline by integrating multiple Security tools in Pipeline for SCA, SAST, DAST, Secret Scanning, Image Scanning, etc. ● Employed Threat Modeling sessions and product design security reviews. ● Actively performed Secure Code Reviews before each release to identify and rectify potential security weaknesses. ● Ensured that the development process/developers incorporated security measures throughout the entire software development lifecycle. ● Demonstrated hands-on experience in implementing Infrastructure-as-Code (IaC) and Policy-as-Code (PaC) approaches. ● Enforced security principles, including the principle of least privilege, role-based access control (RBAC), and access appropriate to role. ● Regularly conduct Security Awareness training programs for all of the employees and Secure Coding for developers. ● Conducted infrastructure security hardening to strengthen the overall security posture. ● Possessed expertise in common information security management and control frameworks, such as ISO-27001, PCI-DSS, and SOC2. ● Periodically conducted access and permission review for Cloud infrastructure and perform hardening of Cloud. ● Collaborated with cross-functional teams to identify and address security gaps and implement appropriate risk mitigation strategies. ● Mentorship for new Joiners and Interns on tools and security concepts. ● Possessed in-depth knowledge and hands-on experience with the endpoint security tool Okta, Cloudflare, Cloud-custodian, Jupiterone, etc. In Time Tec, Jaipur Cyber Security Engineer ● ● ● ● ● ● ● ● ● ● ● ● Jan 2020 - Nov 2021 Threat Modeling performed for Application on STRIPE methodlogy. VAPT for Web Application, Mobile Application, Printers Applications and API(s) and suggesting remediation to Clients Deep understanding of Application Security standards and best practices (OWASP Top 10) Perform Source code review & SAST for web and mobile applications. Led project for creating SIEM tool from scratch from Open-Source Technology. Setup alerts & notification for any anomaly in network and servers. Setup IDS/IPS with the help of Security Onion to safeguard the Network. Working experience in authentication technologies, including OAuth, SAML, and SSO. Provided hands-on remediation guidance to development teams. Networking concepts and Secured Communication Deployments. Hands-on Experience on tools such as Burp-Suite, ZAP, Nessus, SonarQube, NMAP, SQLMAP, Nuclei, etc. Automated daily task with Python/Bash Scripts. EXTERNAL LINKS ● ● ● ● ● HackerOne : https://hackerone.com/iamaakashrathee?type=user LinkedIN : https://www.linkedin.com/in/aakash-rathee-/ Medium : https://medium.com/@iamaakashrathee Youtube : https://www.youtube.com/channel/UCfOwaz-7AgowC6FWkqBKV-Q Github : https://github.com/Akayrathee EDUCATION ● B.Tech: Computer Science Arya College of Engineering & IT, Jaipur (Raj.) ● Intermediate : Science Kendriya Vidyalaya No. 2, Jaipur (Raj.) ● Matriculation Kendriya Vidyalaya No. 2, Jaipur (Raj.) August 2016 - May 2020 April 2014 - March 2015 April 2012 - March 2012 CERTIFICATIONS & COURSES ● ● ● ● ● CEH (Certified Ethical Hacker) AWS Cloud Practitioner Completion Certificate Amazon Web Security Shared Responsibility Amazon Cloud Practitioner Essentials Owasp Top 10