Worked in the Product Security team to develop and maintain a containerized API to streamline scan result retrieval from various security tools that helped expedite vulnerability resolution for engineering teams. Built a dashboard leveraging the API to visualize the security posture of all the products across the entire Engineering org.
Tech Stack: Python (Flask), Docker, Helm, Kubernetes (RedHat Openshift), HTML, CSS, JavaScript.
Led the vulnerability triage and remediation efforts by employing proactive strategies, selecting optimal tooling for security scans, and converting the scan results into fully managed actionable items using Python and Shell Scripting, and deployed on AWS (IAM, S3, Route53, SecretsManager, ECR, EKS) via Kubernetes and Helm.
Collaborated with the engineering teams to provide in-depth analysis of security vulnerabilities and their impacts on their products and services.
Coordinated and administered the external penetration testing for various Cloudera products.
Worked on writing code to build a SecOps stack in AWS GovCloud (required for FedRAMP).
Other responsibilities include peer code reviewing, handling customer requests and escalations, working on-call to monitor the SIEM and SOAR tools for any suspicious alerts, and mentoring an intern to help her complete the 6-month internship project.
Contributed to Cloudera's OSS logredactor repo.
Automated security scans via Jenkins for diverse tools (Nessus, Fortify, OWASP Dependency-Check, TLS Check), to enforce DevSecOps and the 'Shift-Left' approach. Configured nightly jobs to store scan results in HDFS, ensuring SQL querying via Apache Hue for seamless accessibility.
Integrated Software Bill of Materials (SBOM) and Dependency Tree generation into CI/CD builds to enable comprehensive tracking of 3rd party libraries which facilitated correlation of security scan results with SBOM, pinpointing vulnerable libraries and their sources accurately.
Interned with Google's Managed Prometheus (GMP) team to build and deploy a containerized application on GKE to benchmark Prometheus. This helped compare the performance of Prometheus across releases, understand how an incoming code change might impact its resource usage and identify any performance bottlenecks. The benchmark results were published via Google Cloud Monitoring.
Made valuable open-source contributions throughout the duration of the internship.
Project | OSS Prombench Contribution | GMP Prometheus Contribution | Project Usage
Interned in the Platform Security team to build a comprehensive dashboard that portrayed the security status of various products owned by different engineering teams and also helped query relevant results to reduce the turnaround time to fix the security issues. The dashboard showed the scan results grouped by Releases, Projects, Components, and CVEs, and displayed threat counts based on products' release versions and minor versions along with a time-series analysis of issues.
Interned in the central platform data analytics team to develop a query builder using Python (NLP) / Django / MySQL which boosted the efficiency of the Hive query generation process (in the ETL schedule) by ~60%. Successfully tested the generated query using the Spark architecture.
Created a visualization framework for process mining and its deviation using d3 js.