Hi 👋
Myself, Aseem. I work as a Security Engineer at Rippling.

My usual work week involves :

  • Automating SecOps : Building automation using Golang or Python to effectively manage infrastructure security at scale.
  • Code Review : Some PR changes going to production.

In the past, at Gojek I worked in ProdSec team, working on :
  • Compliance as Code : This is a framework I wrote from scratch using Golang, to run automated CIS checks on our GCP infra, which spans 250+ projects. Also auto remediating any non-compliant resources. It has been running in production since the past 5 months without any downtime. Runs on Google Cloud Run.
  • Android and Web App Pentesting : Pentesting any feature release in the GoJek web API backend and GoJek Android application.
  • Code and Design Reviews : Code and design reviews for any feature release in the GoJek API or mobile application.
  • Red Teaming : Finding critcal vulnerabilities and escalated privileges to cover any loopholes in the whole GoJek ecosystem.

In my free time, I teach about cybersecurity on my youtube channel HackingSimplified, develop security projects in python, tinker with IoT security, read books 📚, play games 🎮, run 🏃‍♂️ and bicycle 🚴‍♂️.

Skills

Cloud & k8s Security

Advanced
  • AWS
  • GCP
  • Kubernetes
  • Guard Duty
  • Macie
  • Trusted Advisor
  • Cognito

App Pentesting

Master
  • OWASP Top 10
  • Recon automation
  • Android

Python

Master
  • flask
  • django
  • requests

Golang

Intermediate

Researching

Intermediate
  • ctfs
  • malware
  • IDA
  • r2

Work Experience (3)

Security Engineer
Rippling
Feb 2022 - Current
https://www.rippling.com/

Working in the SecInfra team. Automating security through code.

  • Building automation around Vulnerability Management System ( VMS ).

Senior Information Security Engineer
GoJek
Feb 2021 - Feb 2022
https://gojek.com/

Working in the ProdSec team. Driving Shift Left culture at GoJek.

  • Compliance As Code : CIS Benchmark auto remediation in Google Cloud using Google Cloud Run.

  • Web App & Android Pentesting : Pentesting for any feature release in the GoJek web API backend and GoJek Android application.

  • Red Teaming : Found critcal vulnerabilities and escalated privileges to gain admin access to almost all of the GoJek Infrastructure.

  • Code Reviews : Code reviews for any feature release in the GoJek API or mobile application.

  • GoSecCon : Organised the first ever security conference of GoJek, which included a CTF competition + external and internal speaker talks over a span of 2 days.

Security Engineer
Grofers
Apr 2019 - Jan 2021
http://www.grofers.com

Just after college have joined this as the 2nd member of the security team, just after it's creation a month earlier. The team and manager are awesome here. I've been working on a lot of interesting projects here. Some of the highlights are :

  • DNS-As-Code : Created from scratch an automated pipeline using terraform to create DNS entries in cloudflare as well as Route53 with failover option for easy switching to either of the DNS providers

    Built Using : terraform

  • G-Shield Security Bot : Created from scratch a github bot with the intention of shift-left, bringing security closer to the developer workflow. It scans each PR for common security issues like hardcoded secrets, code smells, vulnerable docker images, sensitive mount point etc. The code is modular and thus new modules have been easily added to it by other team members.

    Built Using : python, celery and github APIs

  • Temporary credentials for DB : Integrated vault with DBs and github so that users can generate temp credentials for database based on their github team

  • Cognito Integration : Worked with multiple teams to integrate AWS cognito in legacy APIs to provide better authentication workflows like social oauth ( such as google auth ) and OTP based workflow

  • OauthProxy : Integrated oauthproxy for gsuite authentication and compliance to some of our internal applications

Awards

HackIM CTF - 1st ( India ), 8th ( World Rank ) - 2018
NullCon - Walmart & VirtualBox
Found IDOR Bug in Digilocker ( GoI Initiative ) - Hall of Fame - 2017
Govt of India
Reported bugs to Google, Myntra, MakeMyTrip, Zoho, IBM, Sony, GM etc
1st in Terminal Tragedy CTF, NIT Trichy - 2017
NIT Trichy
DRDO CTF - Top 20 - 2017
DRDO

References

“ I worked with Aseem in the Security Team as his manager and what I really liked about him is his all-around skill. He never backs down from any challenge or new learning thrown at him and made sure he stepped out of the comfort zone to achieve the feat. He has got experience working as Developer and Secops - Jack of all trades. He also impressed everyone with his sheer dedication to work. Apart from professional development, he has done some fantastic work in his personal skill development. One thing really impressed me how he was able to adapt himself to the new work environment and quickly start initiating projects. His knowledge in network and application level security is quite impressive. He is definitely a quick learner and with the skillset that he poses, he is really a good security engineer. ”
Avinash Jain, Security at Microsoft (Identity Platform)

Education (3)

B Tech.
Information Technology
IIIT Allahabad
2015 - 2019
Grade: 7.7
Higher Secondary
DPS R K Puram, New Delhi
2012 - 2014
Grade: 89%
Secondary
VVRS, Purnea, Bihar
2005 - 2012
Grade: 10

Languages

Hindi

Native Speaker

English

Fluent

Interests

CyberSecurity 🖥️

  • web app pentesting
  • reverse engineering

Reading Books 📚

  • goodreads-97128738-aseem

Creating Stuff 💡

Running 🏃

  • garmin forerunner45
  • strava-47262934

Swimming 🏊