r4reetik

Security Engineer

A versatile and detail-oriented security engineer with ~3 years of experience, build from scratch expertise in Blockchain Security Engineering, DevSecOps, and system architecture. Proficient in Solidity, EVM, Bitcoin and APIs, with a track record of safeguarding assets, leading audits, and optimizing secure infrastructure for high-growth startups and environments.


Experience: 3 years

Yearly salary: $60,000

Hourly rate: $40

Nationality: ๐Ÿ‡ฎ๐Ÿ‡ณ India

Residency: ๐Ÿ‡ฎ๐Ÿ‡ณ India


Experience

Product Security Analyst
Catalog
2022 - 2024
โ— Engineered a kill switch for services, enabling system shutdown within 30 seconds to prevent exploitation during critical incidents. โ— Discovered and mitigated 2 attack vectors and 1 critical vulnerability during internal smart contract audits. โ— Coordinated with PeckShield for external audits, ensuring timely information exchange and report delivery. โ— Implemented Wazuh as SIEM for alerting and monitoring, enhancing visibility into computation and transaction behaviors. โ— Investigated and resolved a critical miscalculation issue, saving $120,000 worth of assets. โ— Reduced backend latency by 80% through AWS VPC optimization, improving system availability. โ— Conducted load testing on a proprietary L2 blockchain with 10,001 nodes, monitored using Prometheus and Grafana. โ— Facilitated secure fund withdrawal plans post-Ren shutdown, ensuring zero asset loss. โ— Spearheaded four months of R&D, demonstrating rapid learning and delivering POCs on emerging technologies. โ— Took over DevSecOps responsibilities, integrating security into development workflows after the departure of the DevOps lead. โ— Introduced โ€œshift-leftโ€ security practices, embedding security in the development lifecycle for a new product, Garden Finance. This reduced pre-production security audit time to three days. โ— Performed an internal audit of cross-chain Smart Contracts, Bitcoin scripts, and Web2 integrations, identifying two writable SQL injections and eight fund-loss vulnerabilities. โ— Built CI/CD pipelines with approval mechanisms, leveraging AWS IAM and Secrets Manager for secure deployments. โ— Implemented Sentry and AWS CloudWatch for advanced log management and debugging. โ— Managed end-to-end external audits with Trail of Bits, delivering comprehensive technical and game-theoretical insights. โ— Developed Discord bots for anomaly detection, resource monitoring, and DEX flow alerts, strengthening operational oversight. โ— Explored Apache Kafka for blockchain monitoring with partial success. โ— Set up custom SonarQube workflows in GitHub Actions for automated code quality checks. โ— Improved system-wide latency by 10x using AWS API Gateway.
Application Security Intern
Catalog
2022 - 2022
โ— Mapped the entire system architecture and business logic. Documented all actors and flows in diagrams, making the system accessible even for non-technical stakeholders. This enhanced team understanding and accelerated onboarding at the early startup stage. โ— Achieved 99% statement and 100% branch test coverage for EVM Smart Contracts using Hardhat, Chai, and Mocha. โ— Optimized gas usage by 7% through Solidity updates after identifying ine๏ฌƒciencies during testing. โ— Conducted security analysis with Slither and Mythril, addressing optimization-level findings. โ— Implemented six additional security headers and patched XXS and CSRF vulnerabilities, fortifying frontend security. โ— Conducted API security testing based on the OWASP checklist. Discovered and resolved three critical vulnerabilities in APIs. โ— Redesigned backend input validation processes to enforce type safety and eliminate runtime errors across all system entry points. โ— Developed a CLI-based transaction troubleshooter to improve support e๏ฌƒciency by reducing response time.
Security Practitioner Intern
Azure Skynet
2018 - 2018
โ— Conducted internal and external network penetration testing, identifying vulnerabilities in network configurations and protocols. โ— Performed system audits to uncover weaknesses in endpoint security, privilege management, and access control mechanisms. โ— Evaluated security tools and techniques for real-time threat detection and mitigation. โ— Documented findings and recommendations in detailed reports, aiding stakeholders in understanding security gaps and remediation steps.

Skills

aws
bitcoin
cloud
devops
evm
security
english
hindi