Yash Singh Chauhan

Architected and executed the migration of EKS clusters to IAM Roles for Service Accounts (IRSA), replacing static credentials to enforce least-privilege principles and harden cloud infrastructure. Optimized Wazuh SIEM alert logic, achieving a 70% reduction in noise by filtering over 5 million (50 lakhs) non-critical alerts, transforming raw logs into a reviewable monitoring stream. Enhanced network defense by upgrading and tuning Suricata NIDS rules, significantly reducing false positives while successfully detecting and alerting on valid attack vectors. Managed Cloudflare WAF and edge security configurations, performing real-time reviews to mitigate active spam campaigns and bot attacks. Spearheaded the end-to-end development and maintenance of an internal IAM portal, building custom access modules to streamline user provisioning and providing on-call debugging support. Conducted daily Code and Architecture reviews while leading Vulnerability Management efforts, prioritizing critical remediation to secure the software development lifecycle (SDLC). Orchestrated security operations including organizational-wide phishing campaigns Led Root Cause Analysis (RCA) for security incidents to prevent recurrence.

Developed comprehensive application security labs encompassing diverse technologies (Python - Django, Node.js, React.js, Vue.js, Go, Ruby) for multiple Fortune 500 companies, enabling hands-on training and skill enhancement. Served as a co-trainer at prestigious industry events such as BlackHat, sharing expertise and facilitating knowledge transfer in application security. Crafted cloud security training content (Azure) tailored to the specific needs of various clients, ensuring effective knowledge dissemination. Conducted in-depth research on emerging trends in application security and cloud security, leveraging findings to design cutting-edge training programs. Spearheaded end-to-end penetration testing processes for a wide range of web applications, mobile applications, and infrastructure, delivering comprehensive security assessments for multiple Fortune 500 clients.

Developed the companys security advisory portal from scratch, taking charge of frontend development using Reactjs. This portal allows users to easily access vulnerability information, significantly reducing the teams manual effort in crafting advisories by 95%. Worked on penetration testing of the platform and verification of the reported findings. Contributed to the enhancement of the product by focusing on vulnerability management aspects.