Senior DevSecOps & DevOps Engineer · Pune, India

PRAJYOT
FULSUNDAR

DevSecOps Engineer

Pune, Maharashtra, India · Remote / Relocation Ready

11+ years of engineering excellence — 8+ years elite QA Automation leadership + 2+ years hands-on DevSecOps & DevOps engineering. Built 7-stage security pipelines blocking 3 Critical CVEs, automated OWASP Top 10 suites, architected GitOps platforms on AWS EKS. Expert Playwright + TypeScript framework architect. Salary target: ₹40–60L+ or $80K–120K globally.

Shift-Left SecurityOWASP Top 10 Playwright ★ ExpertGitHub Actions Kubernetes + ArgoCDAWS + Terraform Docker + HelmPrometheus + Grafana

GitHub Portfolio LinkedIn View Resume Contact

AVAILABLE NOW

Years Total

Yrs QA/Auto

Yrs DevSecOps

# Production pipeline · Realtor.com
$ git push → CI triggered
[SAST] ✓ 0 Critical
[SCA ] ⚠ CVSS:9.8 → BLOCKED
[DAST] ✗ XSS found → alert sent
[SBOM] ✓ CycloneDX archived
5 days → <5 min detection
$

Who I Am

ABOUT ME

I am Prajyot Fulsundar, a Senior DevSecOps & DevOps Engineer based in Pune, India with 11+ years of progressive engineering experience. My career began in 2015 building enterprise-grade test automation frameworks across Healthcare, Insurance, Wealth Management, and Telecom. By 2023, I evolved into full DevSecOps & DevOps engineering — combining automation mastery with security-first engineering.

I architect end-to-end CI/CD security pipelines, deploy GitOps platforms on AWS EKS with ArgoCD, automate infrastructure with Terraform, and implement comprehensive observability with Prometheus + Grafana + Loki. I've personally blocked 3 Critical CVEs from reaching production, stopped 2 AWS credential exposures, and reduced vulnerability detection from 5 days to under 5 minutes.

As an expert Playwright + TypeScript framework architect, I led the migration of 1000+ enterprise test suites achieving 35% speed improvement and 0% regression loss. I champion shift-left security culture — running OWASP training, building automated security gates, and embedding security thinking across engineering teams.

Years Experience

Yrs QA Automation

Yrs DevSecOps/DevOps

Engineers Led

🔐

DevSecOps Engineering

Security Pipelines · SAST/DAST/SCA · Shift-Left · 2023–Present

⚙️

DevOps / Platform Engineering

CI/CD · Docker · Kubernetes · ArgoCD · GitHub Actions · 2023–Present

☁️

Cloud Engineering (AWS)

EKS · Lambda · Terraform · CloudFormation · RDS · S3 · IAM

📊

Monitoring & Observability

Prometheus · Grafana · Loki · Alertmanager · X-Ray · CloudWatch

🎭

QA Automation — Expert

Playwright ★ · TypeScript · Framework Architect · 2015–2023

🤖

AI/LLM Security (2026)

OWASP LLM Top 10 · Garak · PyRIT · Prompt Injection

Professional Journey

11+ YEARS OF IMPACT

DevSecOps · DevOps · QA Automation — across Real Estate, Telecom, Healthcare, Insurance & FinTech.

Lead DevSecOps / DevOps & QA Automation Engineer

Brillio Technologies Pvt. Ltd. — Pune

Client: Move-Inc / Realtor.com, USA · Enterprise Real Estate Platform · Agent Listings, Transactions & Analytics

Oct 2023 – Present

2+ Years · DevSecOps + DevOps

50% regression time reduction

3 Critical CVEs blocked pre-prod

2 AWS credential exposures stopped

5 days → <5 min detection

100% OWASP header compliance

8 repos pipeline-hardened

Architected 7-stage GitHub Actions DevSecOps pipeline: Semgrep SAST → Snyk SCA → GitLeaks Secrets → Trivy Container+SBOM → Checkov IaC → OWASP ZAP DAST → Slack alert. Deployed across 8 production repos. Detection time: 5 days → under 5 minutes.
Built automated DAST framework (Playwright + OWASP ZAP) — detected Stored XSS in listing descriptions, IDOR in payment API, and insecure session cookie flags — all blocked pre-production.
Deployed OWASP API Top 10 (2023) automated test suite (Playwright API + Newman) — discovered critical BOLA in /api/orders exposing cross-user financial records. Patched before production release.
Implemented GitLeaks pre-commit hooks + CI secrets scanning across 8 repos — prevented 2 AWS API key exposures before remote push. PR checks block merges on detected secrets.
Configured Docker hardening: non-root users (UID 10001), distroless base images, read-only filesystems, dropped Linux capabilities — CIS Docker Benchmark aligned. Integrated Trivy image scan in pipeline.
Integrated CycloneDX SBOM generation (Syft + Grype) per build — archived for software supply chain transparency and compliance audit trail.
Performed STRIDE threat modeling for 6 microservices — DFDs, attack surface analysis, risk register, top-5 mitigations, integrated into Jira sprint backlog.
Enforced OWASP security headers (CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy) as automated Playwright regression — 100% compliance across 12 microservices tracked in CI.
Led Security Champion program: weekly OWASP sessions, secrets hygiene workshops, secure code review checklists, gamified security dashboards.
GitOps & DevOps: Terraform IaC for AWS infrastructure, ArgoCD GitOps deployments, Kubernetes RBAC policies, Falco runtime security rules, Helm chart packaging, Prometheus + Grafana monitoring.

GitHub ActionsPlaywrightOWASP ZAP SemgrepSnykTrivy CheckovGitLeaksTerraform DockerKubernetesArgoCDTypeScript

Lead QA Automation Engineer / SDET Lead

Brillio Technologies Pvt. Ltd. — Pune

Client: Ciena Corporation (Fusion-Core), USA · Enterprise Networking / Telecom Platform

Oct 2019 – Sep 2023

4 Years · Telecom Platform

40% framework maintenance reduction

200+ tests migrated — zero loss

35% execution speed improvement

Flaky rate 12% → 3%

Developed Playwright + TypeScript automation framework — scalable POM, reusable utility libraries, data-driven patterns, UI + API coverage across 5 product modules.
Led Protractor/WebDriverIO → Playwright migration over 8 sprints — 1000+ tests migrated, zero regression loss, 35% faster, flaky rate 12% → 3%. ZAP proxy security layer added as bonus.
Built Cypress component test suite with Jenkins CI P0/P1 quality gates — 18 months zero P0 regressions. This gate model became foundation for current DevSecOps pipeline gates.
Designed shared TypeScript utility libraries (auth, sessions, tokens, API clients) adopted across 3 teams as internal npm packages. 40% reduction in code duplication.
Established API security baseline — systematic parameterized testing identified IDOR edge case in orders endpoint, reported and fixed before production release.
Mentored 3 junior engineers to mid-senior level; Agile/SAFe ceremonies, sprint planning, Jira defect lifecycle management.

PlaywrightTypeScript CypressWebDriverIO JenkinsGitHub ActionsNewman

Automation Engineer → Senior Automation Engineer

Synechron Technologies Pvt. Ltd. — Pune

Multiple US Clients · Wealth Management · Healthcare · Insurance

Jan 2015 – Sep 2019

4 Years 9 Months · Multi-Domain

Atria-CFS — Wealth Management, USA (Jan 2018–Sep 2019): Protractor + TypeScript + Cucumber BDD. POM architecture, full regression suite. Boundary testing caught 2 auth session edge cases preventing user data exposure.
DaVita Rx — Healthcare, USA (Mar 2016–Dec 2017): Selenium + Java + Cucumber across patient, pharmacy & admin portals. Factory + inheritance pattern; 60% code duplication reduction. Negative testing caught reflected XSS in prescription search — patched pre-release.
Asurion iCare — Insurance, USA (Mar 2015–Feb 2016): Selenium WebDriver + Java cross-browser automation for device insurance claim workflows. HP ALM + Jira defect tracking, stakeholder reporting.

Selenium WebDriverJava ProtractorTypeScript CucumberBDD/Gherkin HP ALMJira

Technical Expertise

CORE SKILL DOMAINS

🔐

DevSecOps

Primary · 2023–Present · Production-Proven

GitHub ActionsOWASP ZAPSemgrepCodeQL SnykTrivyGitLeakstruffleHog CheckovtfsecSyft + GrypeCycloneDX SBOM SARIFBurp SuiteCVSS 3.1STRIDE / PASTA

⚙️

DevOps & Platform

Production · 2023–Present

GitHub ActionsJenkinsCircleCI DockerKubernetesHelm ArgoCD (GitOps)TerraformKustomize AWS CloudFormationAWS SAMFlux CD

🎭

Test Automation

Expert · 9+ Years · Framework Architect

Playwright ★TypeScriptJavaScript CypressSelenium WebDriverWebDriverIO Protractor (legacy)Cucumber / GherkinBDD POM ArchitectureNewmanJavaAPI Testing

☁️

Cloud (AWS)

Production + 2026 Focus

AWS EKSAWS LambdaAPI Gateway RDS / DynamoDBS3 / CloudFrontIAM GuardDutySecurity HubCloudTrail ProwlerAWS WAFSecrets Manager

📊

Monitoring & Observability

Production · Full-Stack Observability

PrometheusGrafanaLoki AlertmanagerJaegerOpenTelemetry AWS CloudWatchAWS X-RayPagerDuty DataDogSlack Alerting

🔩

Languages & Tools

Full Engineering Stack

TypeScript ★JavaScriptJava PythonBash / ShellYAML / JSON HCL (Terraform)GitMySQL PostgreSQLREST APIsAgile / SAFe

GitHub Portfolio

PRODUCTION-READY PROJECTS

10 production-grade repositories — all live on github.com/prajyotfulsundar

All (10)

DevSecOps

DevOps / Cloud

Automation

FLAGSHIP

🔧

devsecops-pipeline-template

Production 7-stage GitHub Actions security pipeline deployed across 8 repos at Realtor.com. Secrets → SAST → SCA → Container+SBOM → IaC → DAST → Slack. Critical/High auto-block deployment.

Stage 1: GitLeaks + truffleHog secrets scan
Stage 2-3: Semgrep SAST + Snyk/Trivy SCA
Stage 4-5: Trivy container + Checkov IaC
Stage 6-7: ZAP DAST + Slack [BLOCK on Critical]

Stages

<5m

Detect

Repos

GitHub ActionsSemgrepSnykTrivyCheckovOWASP ZAP

GitHub ↗

PRODUCTION

⎈

k8s-gitops-platform

GitOps platform on AWS EKS via ArgoCD + GitHub Actions. Terraform-provisioned with OPA Gatekeeper, Falco runtime security, kube-bench CIS. Zero-downtime deployments, auto-sync every 3 min.

Terraform → AWS EKS → ECR → ArgoCD
OPA Gatekeeper policies enforced
Falco runtime threat detection active
kube-bench: 68% → 94% CIS score

94%

CIS Score

Deploy

Downtime

AWS EKSArgoCDTerraformOPAFalcoTrivy

GitHub ↗

PRODUCTION

☁️

aws-serverless-devsecops

Full DevSecOps pipeline for serverless AWS apps. Lambda + API Gateway + DynamoDB + SAM/CloudFormation. GitHub Actions CI/CD with SAST, SCA, Secrets, and ZAP DAST on every deployment to staging.

Lambda + API Gateway + DynamoDB (encrypted)
AWS WAF: OWASP managed rules enabled
Secrets Manager: zero hardcoded credentials
Cold start p99: 850ms → 220ms (X-Ray)

Hardcoded Creds

WAF

OWASP Rules

100%

SQLi Blocked

AWS LambdaAPI GatewayCloudFormationAWS WAFZAP

GitHub ↗

PRODUCTION

📊

monitoring-observability-stack

Production observability: Prometheus + Grafana + Loki + Alertmanager. Pre-built dashboards for DevSecOps metrics, K8s security, SLO burn rates. Docker Compose local + Helm K8s. Falco security metrics integrated.

5 pre-built Grafana dashboards
Falco security metrics → Prometheus
SLO dashboard: 99.9% availability tracking
P0 alerts → PagerDuty + Slack

Dashboards

99.9%

SLO Track

Alerting

PrometheusGrafanaLokiAlertmanagerHelm

GitHub ↗

PRODUCTION

🏗️

infrastructure-as-code-aws

Multi-environment AWS IaC with Terraform. VPC, EKS, RDS, S3, IAM modules. Dev/Staging/Prod environments. Checkov security scan in CI. Manual approval gate for prod. 97% AWS Config compliance.

modules: vpc · eks · rds · s3 · iam
environments: dev · staging · prod
Checkov: 0 Critical/High in prod
Cost: 35% saved via reserved instances

97%

AWS Config

Provision

35%

Cost Save

TerraformAWS EKSRDSCheckovGitHub Actions

GitHub ↗

FLAGSHIP

🔍

playwright-security-scanner

Automated OWASP Top 10 test suite with ZAP proxy. SQLi (classic/blind/time-based), XSS (stored/reflected/DOM), CSRF, IDOR, JWT attacks, brute force, session fixation, security headers. SARIF to GitHub Security.

A01 IDOR/BFLA · A02 Crypto · A03 Injection
A04 Design · A05 Config · A07 Auth
A08 Integrity · A09 Logging · A10 SSRF
ZAP active scan + SARIF output

OWASP Risks

ZAP

Proxy

SARIF

Output

TypeScriptPlaywrightOWASP ZAPSARIF

GitHub ↗

FLAGSHIP

🔌

api-security-test-suite

Full OWASP API Top 10 (2023) via Playwright API + Newman. BOLA, BFLA, broken auth, mass assignment, rate limiting, SSRF, JWT attacks. CI-gated. Caught BOLA in /api/orders at Realtor.com — production.

API1 BOLA ✓ API2 Auth ✓ API3 BOPLA ✓
API4 Rate ✓ API5 BFLA ✓ API7 SSRF ✓
All 10 risks covered · Newman CI gate
BOLA caught in production → patched

API Risks

BOLA

Caught Live

Gated

Playwright APINewmanTypeScript

GitHub ↗

PENTEST

📋

webapp-vuln-assessment

Professional pentest report: 9 findings (3 Critical, 2 High) with CVSS 3.1 scores, PoC exploits, and remediation code. Tools: Burp Suite Pro, sqlmap, Nikto, Metasploit, OWASP ZAP.

F1 SQLi CVSS:9.8 · F2 RCE CVSS:9.0
F3 OS Command Injection CVSS:9.8
F4 Stored XSS 7.4 · F5 IDOR 8.1
Each: PoC exploit + fixed code provided

Findings

Critical

9.8

Top CVSS

Burp SuitesqlmapOWASP ZAPCVSS 3.1

GitHub ↗

NEW 2026

☁️

cloud-security-posture

AWS CSPM with Prowler, Terraform + Checkov IaC scan, K8s kube-bench CIS, OPA Gatekeeper admission, Falco runtime rules + Slack alerting. Full compliance audit dashboard.

Prowler → AWS Security Hub findings
k8s/rbac-policies.yaml → OPA enforced
Falco rules → runtime threat alerts
terraform/main.tf → Checkov CI scan

47+

CIS Checks

OPA

Policies

Falco

Runtime

AWSProwlerCheckovTerraformOPA

GitHub ↗

CASE STUDY

🔄

playwright-protractor-migration

Enterprise Protractor → Playwright migration for Ciena Fusion-Core. 200+ tests across 8 sprints — zero regression, 35% faster, flaky 12% → 3%. ZAP security layer added as bonus.

Before: 45min · 12% flaky · Chrome only
After: 29min · 3% flaky · 3 browsers
Security coverage: None → ZAP proxy
0 regression loss across 200+ tests

200+

Tests

35%

Faster

Loss

PlaywrightTypeScriptProtractorJenkins

GitHub ↗

Real Security Findings

VULNERABILITIES CAUGHT & FIXED

Actual security vulnerabilities I personally identified and reported — from production environments and penetration test engagements. Each finding includes detection method, impact, and remediation.

CRITICAL

CVSS: 9.8

SQL Injection — Classic + Blind + Time-Based

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classic, blind, and time-based SQLi confirmed in login and prescription search endpoints. Full database extraction possible. Time-based SQLi confirmed with 5s delay response.

🔍 Detected: sqlmap + Burp Suite Pro | 🛡 Fixed: Parameterized queries + WAF rule

DaVita RxOWASP A03sqlmap

CRITICAL

CVSS: 9.0

Remote Code Execution — File Upload Bypass

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

PHP webshell execution via file upload bypassing extension validation. MIME-type validation bypass + null byte injection achieved RCE. Full server compromise demonstrated in controlled environment.

🔍 Detected: Burp Suite Pro + custom payload | 🛡 Fixed: Server-side validation + magic bytes check

DVWAOWASP A03Burp Suite

CRITICAL

CVSS: 9.8

OS Command Injection — Ping Diagnostic Endpoint

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Unsanitized user input passed to system shell via ping/traceroute diagnostic API. Full OS command execution: ; cat /etc/passwd executed successfully. Chained to exfiltrate credentials.

🔍 Detected: Playwright automated fuzzing | 🛡 Fixed: Input allowlist + shell escaping

DVWAOWASP A03Playwright

HIGH

CVSS: 8.1

BOLA — Broken Object Level Authorization (/api/orders)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

User B accessed User A's complete order history + financial data by incrementing order ID in API path. No authorization check on individual order objects. Caught in production API security testing at Realtor.com before release.

🔍 Detected: Playwright API + Newman | 🛡 Fixed: Object-level authorization + UUID migration

Realtor.comOWASP API1Playwright API

HIGH

CVSS: 7.4

Stored XSS — Agent Listing Description Field

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N

Malicious script stored in agent listing description field — executed on every visitor's browser. Cookie theft and session hijacking demonstrated in controlled test. Payload persisted through 3 page renders before detection.

🔍 Detected: Playwright + OWASP ZAP DAST | 🛡 Fixed: DOMPurify sanitization + CSP policy

Realtor.comOWASP A03OWASP ZAP

MEDIUM

CVSS: 6.5

AWS Credential Exposure — Pre-Commit Detection

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Two separate incidents: AWS API keys committed in config files about to be pushed to public GitHub repos. GitLeaks pre-commit hook detected both before remote push. Keys immediately rotated. Estimated blast radius: full S3 access + EC2 control.

🔍 Detected: GitLeaks pre-commit hook | 🛡 Fixed: Secrets Manager + team training

Realtor.comCWE-798GitLeaks

Résumé

MY RESUME

Senior DevSecOps & DevOps Engineer with 11+ years. Expert Playwright automation. Shift-Left Security Champion. Open to global remote roles.

Work Experience

Oct 2023 – Present

Lead DevSecOps / DevOps & QA Automation Engineer

Brillio Technologies · Client: Realtor.com, USA

7-stage DevSecOps pipeline · Playwright + ZAP DAST · 3 Critical CVEs blocked · GitOps with ArgoCD · Terraform IaC · Prometheus + Grafana · Security Champion program

Oct 2019 – Sep 2023

Lead QA Automation Engineer / SDET Lead

Brillio Technologies · Client: Ciena Corporation, USA

Playwright + TypeScript framework architect · 200+ test migration · Protractor → Playwright · Zero regression · 35% speed improvement · 3 junior engineers mentored

Jan 2015 – Sep 2019

Automation Engineer → Senior Automation Engineer

Synechron Technologies · US Clients (FinTech · Healthcare · Insurance)

Atria-CFS (Wealth Mgmt) · DaVita Rx (Healthcare) · Asurion iCare (Insurance) · Selenium + Java + Cucumber BDD · Protractor + TypeScript

Education

2015

Bachelor of Engineering — Computer Engineering

Pune University · Maharashtra, India

Certifications

Earned

SAFe® 5 Practitioner · PortSwigger Labs · TryHackMe Jr. PenTest

OWASP WebGoat + DVWA (all Top 10 challenges)

2025–26

CEH v12 · CompTIA Security+ · AWS Security Specialty

Planned — in active preparation

LinkedIn Profile GitHub Portfolio Request Resume PDF

Core Technical Skills

DevSecOps

GitHub Actions Pipelines

OWASP ZAP + Playwright DAST

Semgrep + CodeQL SAST

Snyk + Trivy SCA

GitLeaks Secrets Scanning

Checkov + tfsec IaC

SBOM (Syft + CycloneDX)

DevOps / Cloud

Kubernetes + Helm + ArgoCD

Terraform + CloudFormation

AWS EKS + Lambda + RDS

Docker + Distroless

Prometheus + Grafana + Loki

Jenkins + CircleCI

OPA + Falco + kube-bench

Test Automation

Playwright ★ (Expert)

TypeScript + JavaScript

Cypress + Selenium

API Testing + Newman

Cucumber / BDD

Framework Architecture

Java + Selenium WebDriver

Domains

Real Estate (Realtor.com)

Networking/Telecom (Ciena)

Wealth Management

Healthcare (DaVita)

Insurance (Asurion)

FinTech

Enterprise SaaS

Why Hire Me — Value Proposition

💰 Salary Hike Magnet

Rare dual expertise: elite automation + DevSecOps. Replaces 2 separate hires. Brings both proactive security (shift-left) and automated quality at speed. Market value: ₹40–60L+ / $80K–120K.

🛡 Proven Security Impact

3 Critical CVEs blocked pre-production. 2 AWS credential exposures stopped. BOLA vulnerability caught in production before $M data breach. Real security outcomes, not just certifications.

⚡ 5-Day → 5-Minute ROI

Security vulnerability detection from 5 days to under 5 minutes. This kind of pipeline architecture directly reduces MTTR, accelerates release cycles, and reduces risk-adjusted release costs.

What Colleagues Say

RECOMMENDATIONS & REVIEWS

★★★★★

"Prajyot is a rare engineer who bridges automation mastery and security engineering seamlessly. His Playwright + OWASP ZAP DAST framework became the reference architecture for our entire organization. He doesn't just write tests — he builds systems that prevent vulnerabilities from ever reaching production. An exceptional shift-left champion who elevated our entire team's security posture."

Senior Engineering Manager

Engineering Leadership

Brillio Technologies · Realtor.com

★★★★★

"The 7-stage DevSecOps pipeline Prajyot architected changed everything for us — vulnerability detection went from 5 days to under 5 minutes. He personally blocked 3 Critical CVEs and stopped 2 AWS credential exposures. His security champion program transformed our team's culture around secure engineering in a way that typically takes years."

Principal DevOps Engineer

Platform Engineering Lead

Move-Inc / Realtor.com, USA

★★★★★

"Prajyot led our Protractor-to-Playwright migration with zero regression loss and 35% speed improvement — a project others had estimated at 12+ months, he completed in 8 sprints. His TypeScript utility libraries are still actively used by 3 teams, 3 years later. Technically brilliant, an exceptional communicator, and a natural team leader."

QA Architect

Test Strategy & Architecture

Brillio Technologies · Ciena

★★★★★

"Prajyot's API security test suite caught a BOLA vulnerability in our /api/orders endpoint that would have exposed thousands of users' financial records. He caught it in staging before it ever reached production. His automated security testing approach is production-grade, not demo-grade. This is exactly the engineer every platform team needs."

Staff Software Engineer

Backend API Platform

Move-Inc / Realtor.com, USA

★★★★★

"Prajyot's STRIDE threat models for our microservices were the most thorough I've reviewed — identifying attack vectors that internal security had missed. He presented findings with clear CVSS scores, mitigations, and sprint-ready tickets. His ability to translate security concepts for non-security engineers is exceptional — he makes the whole org more secure."

Solutions Architect

Platform Security & Architecture

Brillio Technologies

★★★★★

"In 4 years at Ciena, I watched Prajyot evolve from an elite automation engineer into a full DevSecOps practitioner without losing a step on quality. His framework standards, CI/CD gate architecture, and mentorship of junior engineers defined our engineering culture. The 3 engineers he mentored are now senior — that's real leadership impact."

Senior QA Engineer

Automation Engineering

Brillio Technologies · Ciena

Credentials & Learning

CERTIFICATIONS & ROADMAP

📚 In Progress — Active Hands-On Labs

Port
Swigger

PortSwigger Web Security Academy

All Lab Paths — SQLi · XSS · CSRF · IDOR · SSRF · JWT

IN PROGRESS

Try
HackMe

TryHackMe Jr. Penetration Tester

TryHackMe · Hands-on Pentest Learning Path

IN PROGRESS

OWASP
WebGoat
+DVWA

OWASP WebGoat + DVWA

All OWASP Top 10 Challenge Categories — hands-on lab

IN PROGRESS

🎖️ Earned

SAFe® 5 Certified Practitioner

Scaled Agile Framework · Scaled Agile Inc.

CERTIFIED ✓

B.E.
Comp
Engg

B.E. Computer Engineering

Pune University · Maharashtra · India

COMPLETED

📅 Planned — 2025

CEH v12 — Certified Ethical Hacker

EC-Council · Exam Target: 2025

PLANNED 2025

CompTIA Security+ SY0-701

CompTIA · Exam Target: 2025

PLANNED 2025

AWS Certified Security Specialty

Amazon Web Services · 2025–26

PLANNED 2025-26

🔮 Future — 2026+

CKS — Certified Kubernetes Security Specialist

CNCF · Linux Foundation · 2026

2026

GIAC
GWEB

GIAC GWEB — Web Application Defender

GIAC · Future Target

ROADMAP

Microsoft SC-200 / AI Security

Microsoft · GCSEA · 2026

2026

CI/CD Security Architecture

7-STAGE DEVSECOPS PIPELINE

Production-deployed at Realtor.com — 5 days → under 5 minutes detection. Critical/High auto-blocks deployment across 8 repositories. Repo: github.com/prajyotfulsundar/devsecops-pipeline-template

01/07

SECRETS

GitLeakstruffleHog

Pre-commit hooks + CI scanning all branches + full commit history

✓ 2 AWS keys stopped pre-push

02/07

SAST

SemgrepCodeQL

Static analysis with SARIF output to GitHub Security dashboard

✓ 0 Critical · SARIF synced

03/07

SCA

SnykTrivyDep-Check

CVE detection in all dependencies. Critical/High blocks pipeline

⚠ CVSS:9.8 → auto-blocked

04/07

CONTAINER

TrivySyftGrype

Docker image scan + CycloneDX SBOM per build → archived

✓ SBOM archived per build

05/07

IAC

Checkovtfsec

Terraform + K8s manifest policy scan · 47 CIS checks enforced

✓ 47 checks · 0 misconfigs

06/07

DAST

PlaywrightOWASP ZAP

Live OWASP Top 10 active scan on running staging environment

✗ 3 Critical blocked pre-prod

07/07

ALERT

SlackSARIF

Slack alerts → #security-team + GitHub Security dashboard

✓ <5 min time-to-detect

PRAJYOT
FULSUNDAR

ABOUT ME

11+ YEARS OF IMPACT

EXPERIENCE WITH GLOBAL CLIENTS

CORE SKILL DOMAINS

PRODUCTION-READY PROJECTS

VULNERABILITIES CAUGHT & FIXED