Siddharth Rajput

On your LocalHost with 69 others

A little about me :)

About

Hello! World,
I'm Siddharth

  • ⚡ Security engineer, 🔭Penetration tester, ✨DevOps & 👾Bug Hunter.
  • 🎓I'm a geek interested in the cybersecurity, Linux Automation & programming.
  • 👨‍💻 I'm fond of cybersecurity & IT fields. And always strive to learn more & obtain more knowledge.
  • 👦 I'm an open-source enthusiast, a learner & an educator📕I'm deeply passionate about software development & innovations.

    • My Skills

    DevOps
    Python & Bash
    Web & Mobile Penetration Testing
    Security Tools - Burp, Nmap, Sqlmap, Semgrep & Others

    Tech I'm familiar with

    Tech Stack

    Java

    Python

    JavaScript

    Go

    Node

    GraphQL

    Docker

    Kubernetes

    Cloud

    Hadoop

    Databases

    Bash

    Experience

    Profile

    Security Engineer

    Meesho (Fashnear technologies private limited)

    October 2021 - Present

  • Designed and implemented an in-house SAST CI/CD pipeline for code and secrets scanning with MTTD of 1 minute. Implemented alerting functionality to block the code release process.
  • Set up recon automation to have an eagle eye view of all assets owned by Meesho, resulting in a 50% increase in asset tracking efficiency.
  • Utilized AWS and python to automate CVE scanning for services used in EC2 (SBOM).
  • Collaborated with DevOps to improve AWS security WAF, fine-tuning existing rules, resulting in an 80% reduction in false positives.
  • Conducted PRD reviews and threat modeling for a variety of applications, including web, mobile, and cloud (AWS).
  • Conducted phishing campaigns and vertical escalations to create security awareness.
  • Conducted extensive automated scanning of infrastructure and APIs using tools such as Burp Suite, Gitleaks, Nessus, Nuclei, and Semgrep via Python and Bash, thereby increasing efficiency by 60%.

    • DevSecOps Engineer

    Curl Analytics

    May 2021 - October 2021

  • VAPT: Conducted over 100 penetration testing and architecture review projects for various partners, covering web, mobile, network, and Docker security with 100% efficiency.
  • Implemented Hashicorp Vault for Docker authorization.
  • Trained and provided foundational secure coding knowledge to developers, on the OWASP Top 10.
  • Created scripts to automate deployments, upgrades, on-boarding using ansible and terraform.
  • Successfully conducted POC and implemented tools like Gitleaks, Synk, Trufflehog, and Prowler.

    • Penetration Testing Intern

    Jai Kisan (Greenizon Agritech Consultancy Private Limited)

    January 2021 - March 2021

  • Find ways to upgrade the security parameters of the current system.
  • Work closely with the development team to test upcoming features.
  • Automating repeated tasks since running manual security checks in the pipeline can be time-intensive.

    • Cloud Native Computing Foundation Intern

    The Linux Foundation

    October 2020 - December 2020

  • Community Bridge is a platform developed by the Linux Foundation, which accelerates the adoption, innovation, and sustainability of open-source software.
  • Implemented features, context & actions to increase observability & control for BlockViewer.

    • Security DevOps Intern

    Mortgage Kart Limited

    July 2020 - September 2020

  • I had to find vulnerabilities and bugs in their Web application, inspect their logs for unwanted requests.
  • I automated their API testing with the tools like jasmine, mocha, and python.

    • Security Analyst

    upSAVE Analytics

    May 2020 - July 2020

  • I had to find vulnerabilities and bugs in their android application whenever a new update is pushed.
  • Perform security checks before pushing the update.

    • Summer Intern

    Gurugram Police Cyber Security

    June 2020 - July 2020

  • Internship at Gurugram police cybersecurity summer internship 2020, under the guidance of Mr. Rakshit Tandon Cyber Security Expert, Consultant- Internet and Mobile Association of India.

    • CCTNS Cyber Challenge

    National Crime Record Bureau, India

    7 March 2020 – 9 March 2020

  • 2 days long Hackathon where 30 out of 2000 students were selected to participate with the sole motive to test and exploit the government’s Crime and Criminal Tracking Network System (CCTNS).
  • We were given an exact copy of the software to work with.
  • We were provided with the credentials of a police constable using which we had to hack (change or breach) the government’s FIR database. A team of 8 Triagers was there to verify the valid submissions and decide the winners.

    • Backend Intern

    Zoomcar India Private Ltd

    5 February 2020 – 15 March 2020

  • Reported some major security vulnerabilities in their web app and helped in their patch.
  • Learned about some top orchestration tools in the industry like Docker, Kubernetes.
  • Made some cool Bash scripts to automate the team's daily task.

    • Co-Mentor

    Cybrary Inc.

    September 2019 - September 2020

  • Mentored students during the Cybrary Fellowship.
  • Tutored students individually and in small groups to reinforce learning concepts.
  • Partnered with mentors to plan and implement lessons following the institution’s curriculum, goals, objectives, and philosophies.

    • Summer Intern

    Netlink Software Pvt. Ltd

    June 2019 - July 2019

  • The website serves as an e-commerce platform mainly for small businesses that can add their products, the orders.
  • Worked on developing a web application in a foreign-based company by the concept of learning from web applications.

    • Education

    Academics

    Bachelor's Degree in Electronics and Communications Engineering

    University School of Information, Communication, and Technology
    2017 - 2021

    Hall Of Fame

    Awards

    Western Union Bank

    Dutch Government

    Nethesda.net

    Oneplus.com

    Freecharge

    Oyorooms

    Paytm

    Nearbuy

    Twilio

    Takealot.com

    10+ Private Programs

    Volunteering

    Community

    Student Development Cell Member

    Faculty Feedback System

    August 2019 - Present

  • We designed a web application which is used to generate grades for all the staff members of a department.
  • As a web application developer and tester, I was asked to check and test the application thoroughly.

    • Student Mentor

    Gramiksha Resource Centre

    December 2014 - December 2016

  • Gramiksha is a non-profit organization registered under the M.P Society Act, 1973. We believe that all children are deserving of an empowering childhood and equal opportunities.
  • I made my contribution to this program in 2014-2016 by training individuals in English, Science, and Mathematics.

    • Some of my blogs

    Blogs

    May 2, 2021

    Pentesting on Arch linux as WSL

    March 10, 2021

    Pentesting on Windows

    May 17, 2020

    OSINT on Whatsapp

    Let's Talk

    Contact

    Want to connect?
    My inbox is always open!

    If you like my work, lets meet and share your thoughts 🎉 over ☕