Linkedin: https://www.linkedin.com/in/utkarsh-kher-b8a66b118/
Blogging: https://productsecurity.ghost.io/
Security Architect with proven experience in building and leading a security program. Software Development, Skilled in Source Code-Driven Pentests, Product Security, InfraStructure Security, Web and Mobile Application Security (OWASP), Red Teaming, Penetration Testing, Secure SDLC, DevSecOps, CICD Automation, Manual Secure Code Reviews, Security Tool Development, Infra Security, Network Penetration Testing, Threat Modeling, and Cloud Security. Blog: https://productsecurity.ghost.io
I am currently working as an independent security engineer. Previously, I worked for Rippling, where I started as the first member of the product security team and was a co-contributor to enabling the product security program. I've worked on numerous web applications, mobile applications, and cloud and infrastructure security assessments during my time here. I am equally adept at manual secure source code reviews and dynamic security assessments. In the past, I have also worked as the only security engineer at Zeta (Directi), where I have worked on all things security.
I have also built internal security tools in Java and Python.
Core Skills:
Development Skills: Java, Javascript, and Python; Developed professional applications in the past. Also built security scanners.
Architecture Reviews
Threat modeling;
Manual secure code reviews (Java, Python, React)
Cloud Security - AWS, Terraform (basics), Kubernetes, and Docker.
Red Teaming
Secure SDLC
Web and Mobile Application Security Testing
InfraStructure and Network Security Testing