π +91-6376486690 Β Β |Β Β π Jaipur, Rajasthan, India Β Β |Β Β π tharvid.in
LinkedIn β’ GitHub β’ βοΈ [email protected]
I'm a passionate Security Engineer with 4+ years of hands-on experience securing cloud environments and building scalable security programs. My expertise spans DevSecOps, Incident Response, Cloud Security (AWS, GCP, Azure), Security Automation, and Compliance Alignment.
Currently at Porch Group, I focus on securing CI/CD pipelines, implementing SIEM and SOAR solutions, automating vulnerability triage, and driving proactive threat detection across multi-cloud environments.
Jun 2024 β Present
- Built and managed a full-stack DevSecOps pipeline (SAST, DAST, IaC, Secrets, API fuzzing, Container scanning).
- Automated vulnerability triage for 500+ repos across AWS/GCP/Azure with ASPM + Jira integration.
- Implemented SIEM from scratch with 50+ sources, custom parsers, correlation rules, and SOAR playbooks.
- Ensured PCI-DSS compliance through CIS Control implementation across all 18 domains.
- Automated security workflows using Python, AWS Lambda, and GCP Functions.
Aug 2021 β Jun 2024
- Secured AWS workloads using GuardDuty, Config, CloudTrail, Macie, Inspector, and Security Hub.
- Integrated DevSecOps into CI/CD: SAST, SCA, Secrets, IaC scanning, Container scanning, and DAST.
- Managed EDR, CASB, MDM, and IAM enforcement (RBAC, SSO, Conditional Access).
- Built custom security tooling (phishing platform, DNS blocker, risk assessment engines).
- Ran microservice/API-focused penetration tests and led incident response efforts.
Technologies: Cloud Security β’ DevSecOps β’ Security Automation β’ SIEM/SOAR β’ Pen Testing β’ Incident Response β’ Threat Detection
Tools: AWS β’ GCP β’ Azure β’ Python β’ Jenkins β’ Docker β’ Kubernetes β’ Git β’ OWASP ZAP β’ Trivy β’ Semgrep β’ Checkov β’ Gitleaks β’ CrowdStrike β’ Netskope β’ Cloudflare β’ Coralogix β’ Chronicle β’ Okta β’ Azure AD
Frameworks: CIS Controls β’ PCI-DSS β’ ISO 27001
Built a full DevSecOps pipeline with Jenkins integrating Semgrep, Checkov, Trivy, Gitleaks, OWASP ZAP, and AWS ECR scanning. Alerts sent to Jira and DefectDojo.
Developed a phishing simulation platform using Gophish on AWS EC2, integrated with Amazon SES. Used for internal security awareness campaigns.
- π Fuzzing REST APIs for Bugs: An Empirical Analysis β FICTA 2022
- π Artificial Intelligence in Indian Irrigation β IJSRCSEIT (2019)
- π‘οΈ CompTIA Security+
- βοΈ AWS Certified Security β Specialty
- π Google Cloud: Professional Cloud Security Engineer
- βοΈ AWS Certified Cloud Practitioner
- π‘οΈ Microsoft 365: Security Administrator Associate
- English
- Hindi
Letβs connect and build secure things!