r4reetik
Security Engineer
A versatile and detail-oriented security engineer with ~3 years of experience, build from scratch expertise in Blockchain Security Engineering, DevSecOps, and system architecture. Proficient in Solidity, EVM, Bitcoin and APIs, with a track record of safeguarding assets, leading audits, and optimizing secure infrastructure for high-growth startups and environments.
Experience: 3 years
Yearly salary: $60,000
Hourly rate: $40
Nationality: ๐ฎ๐ณ India
Residency: ๐ฎ๐ณ India
Experience
Product Security Analyst
Catalog 2022 - 2024
โ Engineered a kill switch for services, enabling system shutdown within 30 seconds to prevent exploitation during critical incidents. โ Discovered and mitigated 2 attack vectors and 1 critical vulnerability during internal smart contract audits. โ Coordinated with PeckShield for external audits, ensuring timely information exchange and report delivery. โ Implemented Wazuh as SIEM for alerting and monitoring, enhancing visibility into computation and transaction behaviors. โ Investigated and resolved a critical miscalculation issue, saving $120,000 worth of assets. โ Reduced backend latency by 80% through AWS VPC optimization, improving system availability. โ Conducted load testing on a proprietary L2 blockchain with 10,001 nodes, monitored using Prometheus and Grafana. โ Facilitated secure fund withdrawal plans post-Ren shutdown, ensuring zero asset loss. โ Spearheaded four months of R&D, demonstrating rapid learning and delivering POCs on emerging technologies. โ Took over DevSecOps responsibilities, integrating security into development workflows after the departure of the DevOps lead. โ Introduced โshift-leftโ security practices, embedding security in the development lifecycle for a new product, Garden Finance. This reduced pre-production security audit time to three days. โ Performed an internal audit of cross-chain Smart Contracts, Bitcoin scripts, and Web2 integrations, identifying two writable SQL injections and eight fund-loss vulnerabilities. โ Built CI/CD pipelines with approval mechanisms, leveraging AWS IAM and Secrets Manager for secure deployments. โ Implemented Sentry and AWS CloudWatch for advanced log management and debugging. โ Managed end-to-end external audits with Trail of Bits, delivering comprehensive technical and game-theoretical insights. โ Developed Discord bots for anomaly detection, resource monitoring, and DEX flow alerts, strengthening operational oversight. โ Explored Apache Kafka for blockchain monitoring with partial success. โ Set up custom SonarQube workflows in GitHub Actions for automated code quality checks. โ Improved system-wide latency by 10x using AWS API Gateway.
Application Security Intern
Catalog 2022 - 2022
โ Mapped the entire system architecture and business logic. Documented all actors and flows in diagrams, making the system accessible even for non-technical stakeholders. This enhanced team understanding and accelerated onboarding at the early startup stage. โ Achieved 99% statement and 100% branch test coverage for EVM Smart Contracts using Hardhat, Chai, and Mocha. โ Optimized gas usage by 7% through Solidity updates after identifying ine๏ฌciencies during testing. โ Conducted security analysis with Slither and Mythril, addressing optimization-level findings. โ Implemented six additional security headers and patched XXS and CSRF vulnerabilities, fortifying frontend security. โ Conducted API security testing based on the OWASP checklist. Discovered and resolved three critical vulnerabilities in APIs. โ Redesigned backend input validation processes to enforce type safety and eliminate runtime errors across all system entry points. โ Developed a CLI-based transaction troubleshooter to improve support e๏ฌciency by reducing response time.
Security Practitioner Intern
Azure Skynet 2018 - 2018
โ Conducted internal and external network penetration testing, identifying vulnerabilities in network configurations and protocols. โ Performed system audits to uncover weaknesses in endpoint security, privilege management, and access control mechanisms. โ Evaluated security tools and techniques for real-time threat detection and mitigation. โ Documented findings and recommendations in detailed reports, aiding stakeholders in understanding security gaps and remediation steps.
Skills
aws
bitcoin
cloud
devops
evm
security
english
hindi