Pranav Hivarekar

Application Security Engineer - DevSecOps - AWS Security - CISSP

I am an Application Security engineer with 7+ years of experience at the intersection of how software gets built and how it gets broken. I’ve worked across the full AppSec spectrum — offensive (bug bounty, penetration testing), operational (vulnerability program management at HackerOne and Bugcrowd), and preventive (threat modeling, secure code review, DevSecOps pipelines). That range gives me a different perspective than engineers who’ve only worked one side of the problem.

My core work is embedding security into the software development lifecycle before vulnerabilities reach production:

  • Threat Modeling — STRIDE-based design reviews that identify trust boundary failures at the architecture level, before code is written
  • Secure Code Review — manual and tool-assisted (Semgrep, Checkmarx Bandit) review across Python, JavaScript, and Java
  • DevSecOps Pipelines — SAST, SCA, secrets scanning, IaC review, container scanning, and DAST integrated into CI/CD
  • AWS Cloud Security — IAM design, Secrets Manager, cloud-native architectures, secure IaC with Terraform
  • Vulnerability Assessment & Penetration Testing — manual and automated
  • Vulnerability Management — triage, CVSS risk rating, remediation guidance, program operations

Projects

AWS DevSecOps Security Pipeline End-to-end DevSecOps pipeline integrating TruffleHog, Bandit, Safety, Checkov, Trivy, and OWASP ZAP — all wired into Jenkins CI/CD on AWS. Each tool was chosen to address a specific threat class in the pipeline. Infrastructure provisioned with Terraform using least-privilege IAM.

Data Loss Prevention Pipeline — AWS Glue Automated DLP pipeline using AWS Glue and PySpark to detect and redact PII (email addresses, phone numbers, credit card numbers) in S3 datasets. Implements IAM role-based access controls, pattern-based detection with typed redaction tokens, and compliance mapping to GDPR and PCI-DSS.

Certifications

  • CISSP — Certified Information Systems Security Professional (ISC2)
  • AWS Certified Security – Specialty
  • Certified DevSecOps Professional (CDP) — Practical DevSecOps
  • Threat Modeling Professional — Practical DevSecOps

Let’s connect if you’re building secure products, exploring AppSec/Cloud Security, or just want to chat security.