Abhilash Pangutty Kumaran
Security Engineer
Security engineer with expertise in building secure, scalable infrastructure and driving adoption of DevSecOps practices across cloud, CI/CD, and identity systems.
Designing secure-by-default cloud infrastructure (Terraform + CI/CD)
Automated vulnerability management workflows across code & cloud
Pen-testing and threat modeling for cloud-native applications
Improving IAM hygiene with least-privilege policies
Security enablement & maturity programs for engineering teams
Core Competencies
Cloud Security
AWS (IAM, KMS, VPC, EKS)
GCP (IAM, SCC, Org Policies)
Container Security
Secrets/Key Management
Network Segmentation
IaC & Platforms
Terraform
GitLab CI/CD
CI/CD Security
SAST
DAST
Dependency Scanning
Secret Detection
Container Scanning
Vulnerability Automation
Snyk
Semgrep
Skills
Cloud Security
AWS (IAM, KMS, VPC, EKS)
GCP (IAM, SCC, Org Policies)
Container Security
Secrets/Key Management
Network Segmentation
IaC & Platforms
Terraform
GitLab CI/CD
CI/CD Security
SAST
DAST
Dependency Scanning
Secret Detection
Container Scanning
Vulnerability Automation
Snyk
Semgrep
Identity & Supply Chain
Least Privilege
Artifact Signing
Provenance (SLSA/Sigstore)
Secret Rotation
Programming
Go
Python
Bash
Governance
ISO 27001
SOC 2
Risk Management
SIEM Integration
Experience
Sr Security Engineer · OXA
2023 – Present
- Built secure-by-default Terraform patterns and CI/CD guardrails
- Pen-testing and threat modeling for autonomy & platform services
- Automated vulnerability workflows across code and cloud
- Reduced IAM misconfigurations with org policies and reviews
Sr Security Engineer · Locus
2022 – 2023
- Standardized SAST/SCA/Secrets/Container scanning in pipelines
- Security architecture reviews and developer training
- Automated secret scanning across org repos
Lead / Sr Security Engineer · Freshworks
2019 – 2022
- Shift-left security across multiple SaaS products
- Bug bounty triage and customer security reviews
- Custom security pipelines and enablement
Cyber Security Engineer · TCS
2015 – 2019
- Web app & infra assessments for global clients
- Integrated SAST into DevOps and supported incident response
Projects & Exploits
DNS Rebinder (Go)
Lightweight DNS server alternating A records (TTL 0) to demonstrate SSRF via DNS rebinding.
View Repo ↗Log4Shell Exploit Lab
Automated LDAP/HTTP servers to deliver malicious classes and demonstrate RCE in vulnerable log4j setups.
View Repo ↗Certifications
Google Professional Cloud Security Engineer
Google Associate Cloud Engineer
Certified Ethical Hacker (CEH v9)
ITIL 2011 Foundation
Education
M.Sc. Cyber Forensics & Information Security
University of Madras · 2018 – 2020
B.E. Computer Science
SSITM, Bhilai · 2010 – 2014
Honors & Awards
Intel
Hall of Fame · Jun 2018
Sony
Hall of Fame · Jan 2019
Telefonica (Bugcrowd)
Hall of Fame · Jan 2019
Cloudsmith.io
Hall of Fame · Feb 2020