Yash Chhabria

I’m a Senior Application Security Architect and hands-on AppSec program builder with 7+ years in application security. I’ve built an AppSec program from zero, cutting critical vulnerabilities by 90%, securing $8M+ in executive investment, and reducing MTTR from 45 to 7 days across a $25B+ enterprise portfolio.

I build and continuously improve AppSec strategy, policies, tooling, and controls across the full SDLC—from design review through deployment gates. I integrate SAST, DAST, and SCA into CI/CD workflows (including GitHub Actions and GitLab CI), and I’ve delivered “zero compliance violations across all audit cycles.”

I’m deeply technical in secure code review and vulnerability remediation across web, mobile, and API products—manually catching issues automated scanners miss. I’ve reduced critical findings from 40+ to under 5 in 18 months, hardened REST and GraphQL API security, and governed 200+ annual penetration testing engagements to protect the remediation pipeline quality.

I also lead AI/LLM security practice, assessing LLM integrations and RAG pipeline trust boundaries as AI features move into production. Using OWASP LLM Top 10 and prompt-injection threat modeling, I embed AI security checkpoints into the SDLC, deliver developer-ready remediation guidance, and pair security awareness with incident response and compliance governance.