About Me

Security is a practice,
not a product.

I'm Anilkumar, a Product Security Engineer with a deep focus on Application Security. My work sits at the intersection of software engineering and security architecture — helping teams build systems that are secure by design, not just hardened after the fact.

My Security Philosophy

Security must live where the code lives — inside pull requests, architecture reviews, and deployment pipelines. My approach layers threat modeling in design, automated scanning in CI/CD, and continuous validation post-deployment, creating a feedback loop loop that makes every engineer a security stakeholder.

Security Profiles & Stats

Syncing stats...

Experience

Dec 2023 – Present

Senior Security Engineer @ Trinet Zenefits

Preforming new feature secure design review, architecture reviews, and automated source code analysis (SonarQube). Writing business security test cases and performing manual pentesting using Burp Suite and OWASP ZAP. Coordinating issue debriefing and remediation with product engineering.

Mar 2023 – Dec 2023

Member of Product Security @ Edgeverve

Handled application features security testing (Web/Mobile), DAST, and SAST. Analyzed BDH scans for Software Composition Analysis (SCA) compliance. Led regular security training sessions for junior members and eliminated Checkmarx false positives.

Mar 2021 – Feb 2023

Senior Security Consultant @ EY GDS

Engaged in US and Singapore projects including vulnerability management for a telecommunications provider via High-Risk perimeter validation and automated ad-hoc assessments using Nmap & Python. Orchestrated scheduled Qualys vulnerability scanning and continuous compliance scans for major Real Estate & Insurance clients.

Feb 2018 – 2021

Associate InfoSec Consultant @ SecurEyes

Performed 30+ manual/automated penetration tests on Web, Mobile (iOS/Android), API, and Thick Clients globally across Finance, Banking, and Health Care. Led threat modeling and code analysis for 3-member engagement teams.

Certification Arsenal

🛡️
OSCP – Offensive Security Certified Professional (In Progress)
🛡️
CEH v10 – Certified Ethical Hacker
🛡️
ECSA v10 – EC-Council Certified Security Analyst
🛡️
SC-900 & AZ-900 – Microsoft Security & Azure Fundamentals
🛡️
Qualys Certified Specialist (VM, WAS, PC)
🛡️
AWS Certified Cloud Practitioner
🛡️
Certified Appsec Practioner (CAP)
🛡️
Certified in CyberSecurity (ISC2)

Technical Arsenal

Application Security

Burp Suite ProOWASP ZAPPostmanCheckmarxSonarQubeSnyk

DevSecOps & Automation

SemgrepGitHub ActionsGitLab CI/CDTrivyGitleaksPython

Cloud & Infrastructure

AWS SecurityAzure SentinelKubernetesDockerTerraform

Offensive Security

MetasploitNmapWiresharkKali LinuxBloodHound

Security Pulse v2.0 // Real-time CIRCL.lu Feed

CRITICAL
CVE-2026-1234 Application

Potential Remote Code Execution in popular Java-based logging framework.

2 mins ago
HIGH
CVE-2026-5678 Cloud

Improper Validation in cloud-native identity provider affecting OIDC flows.

1 hour ago
HIGH
CVE-2026-9012 Infrastructure

Use-after-free vulnerability in production-grade load balancer.

4 hours ago

Tech Arsenal: AWS, AZURE, K8S, JAVA, PYTHON, GO

Data Source: CIRCL.LU Security Intelligence

Professional Quest Log

Senior AppSec Role

2024

Securing industrial-scale cloud architectures.

OSCP Certification

Q2 2026

Deepening offensive security and penetration testing mastery.

Current Progress65%

Cloud Security Architect

2027

Specializing in Zero Trust and multi-cloud security governance.

Stay ahead of the Threat Landscape

Join 2,000+ security professionals. Get monthly deep-dives on AppSec, DevSecOps automation, and latest vulnerability research directly in your inbox.

Zero Spam · One Click Unsubscribe · Private Always

© 2026 Anilkumar · Product Security Engineer