A passionate DevSecOps Engineer dedicated to integrating security-first automation into the continuous delivery lifecycle, operating within Agile/DevOps methodologies.
I possess a strong technical foundation in security tooling, cloud infrastructure, and CI/CD pipeline development, with expertise in designing and implementing secure, resilient, and fully automated deployment systems leveraging GitOps principles to ensure infrastructure immutability and security compliance at scale.
Specialized in shift-left security, implementing comprehensive security scanning (SAST, DAST, SCA, SBOM) across the entire SDLC, from code commit to production runtime monitoring.
- Jaipur Engineering College (JEC)
- Bachelor of Technology - B.Tech, Computer Science and Engineering
Checkov TerraScan TFSec Prowler
SonarQube Snyk Nuclei OWASP ZAP
Trivy Dockle Grype Kubesec Falco OPA
OWASP Dependency-Check Snyk SBOM Syft
Prometheus Grafana OpenTelemetry Jaeger ELKB Stack Datadog
AWS Security Hub Azure Security Cloudflare
Jira Confluence Slack PagerDuty ServiceNow
- π Education: B.Tech in Computer Science and Engineering from Jaipur Engineering College
- π Core Focus: DevSecOps, GitOps, Cloud-Native Security, Supply Chain Security, and Observability
- π¨π½βπ» Currently Deepening Knowledge in:
- Advanced Kubernetes Security (Admission Controllers, RBAC, Network Policies, Pod Security Standards)
- Azure DevOps & Security Services (Azure Defender, Sentinel, Key Vault)
- Container Security Hardening (Distroless images, Runtime security with Falco)
- Software Supply Chain Security (SBOM, SLSA framework, Sigstore/Cosign)
- Zero Trust Architecture implementation
- π Key Technologies & Methodologies:
- Agile/Scrum development practices with security integration
- CI/CD Security Pipelines: GitLab CI, Jenkins, GitHub Actions with comprehensive scanning
- Infrastructure as Code: Terraform, Ansible, CloudFormation
- Container Orchestration: Docker, Kubernetes, EKS, AKS, GKE
- Security Automation: Python, Bash scripting for security workflows
- Databases: MySQL, PostgreSQL, MongoDB, Redis
- Observability Stack: Prometheus, Grafana, Jaeger, ELK, OpenTelemetry, AlertManager
- π Security In Depth:
- Secret Management: TruffleHog, Gitleaks for credential detection
- Dependency Scanning: OWASP Dependency-Check, Snyk SCA
- Container Security: Trivy, Dockle for image hardening
- Vulnerability Assessment: Nuclei, OpenVAS for infrastructure scanning
- IaC Security: Checkov, Terrascan, TFSec for Terraform/CloudFormation
- SAST/DAST: SonarQube, OWASP ZAP
- K8s Security: Kube-bench, Kube-hunter, Falco runtime protection
- π€ Currently Exploring:
- Advanced vulnerability scanning with fuzzing techniques
- Building self-healing infrastructure patterns
- eBPF-based security monitoring with Tetragon
- Service Mesh security with Istio/Linkerd
- Policy-as-Code with OPA/Rego
- π Getting Better At:
- Python automation for DevSecOps workflows
- Advanced Bash scripting for CI/CD pipelines
- Go programming for cloud-native tooling
- Threat modeling and security architecture design
- π Interests: Cloud & DevSecOps Engineering, Security-as-Code, Platform Engineering, SRE practices
π¬ Ask me about:
- Kubernetes & Cloud-Native Security
- GitOps & ArgoCD implementation
- CI/CD pipeline security automation
- Container security hardening (Trivy, Dockle)
- Secret detection & management (TruffleHog, Gitleaks)
- Vulnerability scanning (Nuclei, OWASP Dependency-Check)
- IaC security best practices
- Comprehensive observability stacks
- Supply chain security & SBOM
β‘ "DevOps is not a goal, but a never-ending process of continual improvement" - Jez Humble