A DevSecOps Engineer with experience using Cloud-native Applications, integrating security into Software Developement Life Cycles, Threat Modelling for System Architectures, DevOps, Technical Writing, and Public Speaking.

Throughout my career as a DevSecOps Engineer with hands-on experience in building secure, scalable, and production-ready applications, I have:

• Integrated Secret Management, Image Scanning, SAST, and DAST tools like Trufflehog, Trivy, Snyk, SonarQube, and OWASP ZAP respectively into CI/CD pipelines to scan codebases, Docker images, and dependencies for vulnerabilities and poor coding practices.
• Implemented pre-commit hooks to validate developer code before Git commits locally.
• Facilitated cross-team communication between Design, Development, and Security teams, ensuring smooth collaboration and timely bug fixes.
• Managed QA processes and updated management on test results, backlogs, and deployment readiness for applications.
• Implemented security policies for GitHub branch; This is to enforce access control and ensure CIA of codebase.
• Conducted integration and unit tests for applications via the CI/CD Pipeline and manually as well.
• Deployed applications on Deployment Platforms like DigitalOcean, AWS, Railway, and Render.
• Led Vulnerability Assessments across applications and proactively mitigating security risks.
• Containerized microservices using Docker and managed organizational image registries.
• Delivered DevSecOps training to 50–70 job seekers and interns, covering CI/CD, containerization, secure SDLC, infrastructure as code, etc.
• Learned and applied technical writing skills, including creating FAQs, user manuals, documentation, and guides for some projects I have worked on and my personal projects as well.
• Mastered technical writing tools, style guides, active voice, and proper verb usage to ensure clarity and professionalism.