Kumar Ashwin ☕️

Kumar Ashwin

Securing Thoughts

Senior Security Engineer @ Tide

Experience

 
 
 
 
 
Senior Security Engineer
November 2023 – Present Remote
 
 
 
 
 
Security Engineer
February 2023 – September 2023 Bengaluru
  • Implement and enforce security practices throughout the entire organization.
  • Implemented security tooling such as Trivy, Trufflehog, and others, and ensured the integration of GitHub security features into the DevOps pipeline. Collaborated cross-functionally to drive widespread adoption of these security measures.
  • Research on different exploits reported by tool to determine it’s impact and exploitability using frameworks like EPSS.
  • Conducted penetration tests on feature releases and managed annual third-party security assessments to ensure software security and compliance.
  • Implemented a centralized vulnerability management solution to efficiently manage and triage security issues reported by tools like Trivy and ScoutSuite-powered makeshift CSPM.
  • Conducted routine access audits, enforced the least privilege principle, restricted access to sensitive components and data to only when necessary, and maintained comprehensive access logs for these instances.
  • Played a pivotal role in working towards attaining SOC2 and ISO27001 compliance certifications, demonstrating a commitment to industry- leading security standards.
  • Used Terraform for automated resource provisioning via pull requests, enhancing security and consistency while reducing operational risks.
  • Actively led the codebase and GitHub organization migration process, including restructuring and access control, to ensure a secure and organized transition.
  • Collaborated on enhancing deployment security with ArgoCD, optimizing the management of GitOps-driven infrastructure and ensuring secure, automated deployments.
  • Efficiently triaged reports from our open bug bounty program, prioritizing and addressing security vulnerabilities to enhance overall system resilience.
  • Conducted phishing drills to educate and raise awareness among team members about security threats and phishing attack vigilance.
 
 
 
 
 
Security Consultant - Program Manager
May 2022 – February 2023 Pune
  • Managed entire delivery process of all the projects in the company ensuring the quality of work is being delivered to the customer.
  • Acts as first point of contact for customers to resolve any issues.
  • Technical Lead for Projects.
  • Coordinating with different departments like HR, Marketing, Finance to get the best for the consultants and customers.
 
 
 
 
 
Security Consultant
July 2021 – May 2022 Pune
  • Performed penetration testing on a wide range of web technologies to identify critical vulnerabilities affecting the business, such as Content Manipulation and SQL Injection.
  • Experienced in working with automated and manual penetration testing methodology to deliver quality results.
  • Performed cloud configuration review and penetration testing to find critical misconfiguration in client’s infrastructure.
  • Automated workflows and created DevSecOps pipelines and performed penetration testing on CI/CD pipelines to find vulnerabilities.
  • Worked on in-house open-source projects like https://securecode.wiki and https://cybersecwiki.com to contribute to infosec community.
  • Hosted and managed Payatu Hiring CTF, contributed to creating challenges, hosting, and maintaining infrastructure, moderating Discord, etc. post that taking interviews of the top candidates to hire them.
 
 
 
 
 
Security Consultant Intern
January 2021 – June 2021 Pune
  • Working with clients to pentest web applications.
  • Developed front-end solution to make the secure code wiki public - securecode.wiki and also created its CI/CD pipeline.
  • Research on real time scenarios and tools.
 
 
 
 
 
Software Development Intern
RevMeUp
May 2020 – August 2020 Remote
  • Developed an admin panel to monitor and manage data and requests from the mobile application.
  • Tech Stack used: HTML/CSS, Bootstrap, NodeJS and MongoDB

Community

Volunteering work in different tech. communities.

 
 
 
 
 
Chapter Lead
May 2022 – February 2023 Pune, India
  • Re-started null Pune Chapter Monthly Meetups and other types of meetings like null Humla, Puliya and workshops along with concepts like news bytes and networking hour.
  • Organizing monthly events, arranging venues, inviting speakers, and other duties are among the responsibilities.
 
 
 
 
 
Crew member
July 2021 – Present Remote
  • Developed pre-CTF challenges for Social Media and also challenges for the main event.
  • Worked on different cloud providers - AWS, GCP, Azure, Digital Ocean & Alibaba while working on the CTF.
  • Handled Social Media aspect of strategising posts for better reach and engagements and also designing creatives for the event.
 
 
 
 
 
Moderator & Challenge Developer
March 2021 – Present Remote
  • Developed CTF challenges for the Winja CTF events at nullcon 2021 (06th Mar, 2021) and at c0c0n 2021 (12th Nov, 2021).
 
 
 
 
 
Volunteer
September 2020 – Present Remote
  • Managing null Study Groups for 7 different domains of information security. Helping the newcomers, get exposed to industry grade learning experience. Responsibilities involved conducting weekly/bi-weekly meetups, finding mentors, etc.
  • Moderator for null Community Discord Server.
  • Worked in the OSINT project, contributed in gathering information from the government websites and presenting them in an easy-to-consume form.
 
 
 
 
 
Core Team Member
November 2019 – June 2021 Remote
  • Moderating talks, sessions and any events that fall under the umbrella of DevC: Pune.
  • Developed CTF security centric challenges, for developers to learn about security.
  • Generates content or organizes discussion for the members.

Say Hi!