Open to opportunities

Adarsh Kumar

@adarshkumar12

Product Security Engineer with 8+ years securing web apps via threat modeling, secure reviews, and vulnerability research.

India

Message

What I'm looking for

I’m looking for a product-focused security role where I can own secure-by-design from early SDLC stages—leading threat modeling, security reviews, and CI/CD automation—while partnering closely with engineers to ship resilient systems.

I’m a Product Security Engineer with 8+ years of experience securing web applications and platforms through threat modeling, security architecture reviews, secure code review, and vulnerability research. I’ve built scalable SSDLC programs, integrating SAST/DAST into CI/CD, and partnered closely with product engineers to ship secure-by-design features with minimal friction.

In my current role, I lead threat modeling and security architecture reviews across multiple Splunk products, driving secure design decisions early in the SDLC. I support PSIRT incident response on rotation, deliver on-call security consultations via monitored Slack channels, and help teams triage and resolve OSS/SCA and SAST-related issues—while also working on threat modeling workflows for Splunk’s AI products.

Experience

Work history, roles, and key accomplishments

Current

Product Security Engineer

Current

Splunk

Sep 2023 - Present (2 years 9 months)

Led threat modeling and security architecture reviews across multiple Splunk products, driving secure design decisions early in the SDLC. Supported PSIRT on-call incident response, delivered security consultations, and advanced threat-modeling workflows via a STRIDE-GPT proof of concept.

Threat Modeling Security Architecture Review Secure SDLC SAST DAST OSS SCA Triage CI CD Security

Associate - Application Security

TIAA

Feb 2023 - Sep 2023 (7 months)

Owned SAST/DAST program execution and governance across product teams as a SAST subject matter expert. Created weekly security office hours to improve remediation velocity and guided developers through secure remediation without breaking existing functionality.

SAST DAST Application Security Security Governance Developer Enablement Secure Code Remediation Security Office Hours Threat Remediation Guidance SDLC Security

Senior Analyst - Application Security

TIAA

Feb 2021 - Feb 2023 (2 years)

Developed and contributed to application security roadmaps and implemented shift-left detection by creating custom CxQL queries for emerging zero-days (Log4Shell/Spring4Shell). Integrated Checkmarx stages into Jenkins using Groovy scripting, supported vulnerability mitigation with application development teams, and managed application security testing tollgates in CI/CD.

Checkmarx Groovy Script Jenkins CI Application Security Testing Security Roadmaps

Senior Member Technical (Security)

ADP

Jul 2020 - Jan 2021 (6 months)

Conducted web and API penetration testing focused on authorization flaws, injection patterns, XSS, and insecure session handling, then delivered actionable remediation guidance. Partnered with engineering to address reported vulnerabilities and improve application security posture.

Penetration Testing API Testing Injection Testing XSS Security Consulting

Member Technical (C# Development)

ADP

Jul 2017 - Jul 2020 (3 years)

Developed features in the Billing Basis Point Console application using C# and .NET Framework, and built an application to create Fee Disclosure Documents. Created an SSIS package to copy ~2 million records from flat files to a SQL database, reducing processing time by 8x.

C++.NET Framework SSIS SQL Data Migration Performance Optimization Application Development

Education

Degrees, certifications, and relevant coursework

College of Engineering, Biju Patnaik University of Technology

Bachelor of Technology, Computer Science Engineering

2013 - 2017

Completed a Bachelor of Technology in Computer Science Engineering at the College of Engineering, Biju Patnaik University of Technology from 2013 to 2017.