Shubham Aggarwal

Hi, I'm Shubham πŸ‘‹

Lead Security Consultant & Cloud Security Expert

10+ Years specializing in DevSecOps, Application Security, and Cloud Security Architecture

πŸ” Lead Security Consultant & DevSecOps Expert

☁️ AWS & Azure Cloud Security Specialist | Cost Optimization Expert

Security-focused engineer with proven expertise in Application Security, Cloud Security Architecture, and DevSecOps integration. I lead OWASP Top 10 remediation efforts, build IaC-based secure deployment pipelines, and architect cost-optimized cloud-native security systems that reduce vulnerabilities while improving performance.

Certified: ISCΒ² CC, AWS Certified Cloud Practitioner & AI Practitioner |Expertise: SAST/DAST Integration, Container Security, IAM Hardening, CSPM

πŸ’Ό Professional Experience
Cybersecurity Consultant | DevSecOps Engineer (~3 year)

Securim | Cybersecurity & DevSecOps Consulting Firm

Penetration Testing & Vulnerability Assessment: Led comprehensive security assessments covering 370+ API endpoints across multiple client environments, identifying critical vulnerabilities in authentication, authorization, and input validation systems.

VM Security & Infrastructure Hardening: Implemented security baselines for client virtual machine environments, configuring firewall rules, patch management, and access controls to reduce attack surface and ensure compliance readiness.

Azure Entra Identity Migration: Successfully migrated user identities and access policies between Azure Entra ID tenants for organizational restructuring, ensuring seamless authentication while maintaining security group memberships and role assignments.

Senior Software Engineer & Security Lead (~6 years)

Core Value Technologies | Tech Lead for Fetch Pay & Quest Marine projects

PCI DSS Compliance Implementation: Achieved Level 1 PCI DSS compliance for FetchPay platform handling $10M+ annual transactions, implementing tokenization, secure card data handling, and quarterly security assessments.

Maritime Data Security: Designed encryption-at-rest solution for Quest Marine's vessel tracking data containing sensitive location information, implementing AES-256 encryption and GDPR-compliant data retention policies.

API Security Architecture: Built secure API gateway for 12+ restaurant POS integrations using OAuth 2.0, JWT tokens, and rate limiting, preventing unauthorized access while maintaining sub-200ms response times.

πŸ† Key Security Achievements
  • πŸ”’ DevSecOps Transformation: Integrated Snyk security scanning in CI/CD pipelines β†’ reduced CVE fix time by 40% and eliminated security bottlenecks
  • ☁️ Cloud Security Optimization: Replaced Editor roles with custom least-privilege IAM policies β†’ achieved 90% reduction in over-privileged service accounts
  • πŸ›‘οΈ Application Security Engineering: Led OWASP Top 10 remediation across microservice architectures using automated security workflows and threat modeling
  • πŸš€ Container Security Hardening: Implemented distroless base images and automated image scanning β†’ enhanced supply chain security posture
  • πŸ’° Cost-Optimized Security: Designed automated YAML security checklists with infrastructure provisioning β†’ reduced manual security reviews by 60%
πŸš€ Featured Security Projects & Consulting
Securim - Cybersecurity Consulting

Penetration Testing Leadership: Led multiple penetration testing engagements (black-box and grey-box) covering 370+ API calls, focusing on input validation, authentication, authorization, file uploads, and application server security across AWS CloudFront, Windows, and exposed services.

DevSecOps Implementation: Designed secure CI/CD pipelines in GitLab with integrated SAST, DAST, and SCA tools. Delivered threat modeling workshops using OWASP Threat Dragon and YAML linting scripts for configuration hardening.

Cloud Security & Compliance: Performed comprehensive cloud security reviews (AWS/Azure) including IAM best practices, VPC segmentation, secret management, and Zero Trust design. Assisted clients with NIS2, DORA, and HIPAA compliance readiness through risk catalogs and security audit documentation.

Impact: Improved client onboarding speed through stable CI/CD test environments, reduced recurring vulnerabilities via automated scanning, and achieved compliance readiness for regulatory requirements.

FetchPay - Secure Payment Platform πŸ”—

Architected security-first F&B payment platform with end-to-end encryption, PCI DSS compliance, and secure API gateway integration. Implemented fine-grained IAM policies and JWT-based authentication for 12+ POS system integrations.

Quest Marine - Cloud Security Architecture πŸ”—

Designed DevSecOps CI/CD pipelines with automated vulnerability scanning for marine insurance platform. Implemented Kubernetes security controls and reduced attack surface through systematic firewall and access policy reviews.

πŸ” Core Security Expertise
Application Security (SAST, DAST, SCA, Snyk)
Cloud Security Posture Management (CSPM)
AWS & Azure Security Architecture
DevSecOps Pipeline Integration & Automation
Penetration Testing & OWASP Top 10 Remediation
Threat Modeling & Security Risk Assessments
Container & Kubernetes Security Hardening
Infrastructure as Code Security (Terraform, OPA)
Identity Access Management (IAM) & Privileged Access
CI/CD Security Integration & Cost Optimization
Supply Chain Security & SBOM Management
πŸ“š Currently Working On

β€’ Experimenting with AI + DevSecOps automation in my homelab (Proxmox cluster, 128GB RAM, 50TB storage πŸš€)

β€’ Building cost-optimized cloud security solutions and sharing insights on cloud security, AppSec, and DevSecOps best practices

β€’ Exploring AI-driven security automation for vulnerability detection and remediation

🀝 Let's Connect

sbmaggarwal@gmail.com

πŸ“ New Delhi, India

⚑ Fun fact: I love jumping into new tech stacksβ€”half for learning, half because curiosity is my favorite debugging tool. πŸ˜„