Shivam Vaishampayan

Shivam Vaishampayan

he/him

Software Engineer | Security Architect

Securing Products and Platforms

Resume

Email: shivamvviiita@gmail.com
LinkedIn: linkedin.com/in/shivamvv
Resume: PDF

Education

Indian Institute of Information Technology, Allahabad (IIITA)
B.Tech in Electronics and Communication Engineering

Work Experience

Sprinklr — Product Security (CloudSec + SecArch)

Security Engineer / Architect
Jan 2024 – Present | Gurugram, India

  • Architecture Reviews: Embedded in product planning from inception; reviewed cloud and application designs for New Product Initiatives. Promoted Secure by Design patterns, IaC-based Infra provisioning, and proactive threat modeling.
  • LLM Security: Built real-time inference pipelines for internal LLM workloads to mitigate prompt injection, jailbreaks, and indirect prompt chaining attacks. Integrated input sanitization, token-level filters, and red teaming feedback loops.
  • Bring Your Own Key (BYOK): Architected tenant-isolated BYOK encryption framework across AWS, Azure, and GCP using envelope encryption and dedicated KMS per customer. Automated key lifecycle operations (provisioning, rotation, revocation).
  • Iron Dome (Patch Management): Designed continuous patching framework for containers and VMs. Codified baselines using Wiz, Lacework, and Upwind; integrated hardened AMIs & Golden Images into CI/CD.
  • Runtime Security: Deployed eBPF-based detection agents across 22+ production accounts; monitored syscalls, privilege escalations, lateral movement; integrated telemetry into SIEM pipelines for incident response.
  • DevSecOps Enforcement: Implemented GitLab CI/CD enforcement for Secrets, SAST, SCA, and IaC security using TruffleHog, Entro, CyCode, and Semgrep. Hardened 50+ repositories with pre-commit hooks and MR auto-block logic.
  • CNAPP Integrations: Led E2E integration of Wiz, Lacework, Upwind, Entro, and Cycode across 25+ cloud accounts spanning AWS, Azure, and GCP. Automated triage handoff to MS Teams, Jira, OpsGenie.

Urban Company — Core Platforms

Software Engineer
Jan 2022 – Dec 2023 | Gurugram, India

  • Network Redesign: Built Terraform modules to provision AWS VPC components, EKS/ECS clusters. Migrated ArgoCD, Jenkins, Kafka, Prometheus alerting, and ELK observability stack to new Infra.
  • Nginx Revamp: Re-architected 30+ EC2-based NGINX servers using Emissary Ingress; reduced costs by ~40%, added rate limiting, load balancing, and canary deployments.
  • Crypto Shredding: Enabled irreversible PII deletion across 90+ microservices for 25M+ users using ephemeral key encryption; ensured no sensitive data persisted unencrypted in MongoDB, RDS, Snowflake.
  • Vulnerability Management: Solely managed bug bounty program on HackerOne and PingSafe as CSPM; resolved dependency confusion, IDOR, CSRF. Created Secure Coding guidelines and review checklists.
  • Recognitions: Awarded UC Champion & Rookie Rockstar for Q3 ’22 and Q1 ’23.

C3iHub, IIT Kanpur

Summer Research Intern
May 2021 – Jul 2021 | Kanpur, India

  • Contributed to a configurable automated reconnaissance framework using open-source pentesting tools.

Certifications

  • OSCP – Offensive Security Certified Professional (24-hour hands-on exam + PWK labs).
  • CRTE – Certified Red Team Expert (48-hour exam covering advanced Active Directory attacks, Pentester Academy).
  • CSAW CTF & ESC – 2nd Rank in India (CTF Qualifiers), Top 5 National Finalist (ESC). Qualified for CSAW World Finals in both, co-hosted by NYU Tandon & IIT Kanpur.

Achievements

  • UC Champion Award at Urban Company for Exceptional Performance (Q3 2022).
  • Rookie Rockstar Award at Urban Company for Delivering Ahead of Timelines (Q1 2023).
  • Selected among Top 5 projects from India for CSAW ESC’20 World Finals (NYU and IITK).
  • Global Rank - 99 in 7th Flare-On Challenge (FireEye).
  • 2nd Rank Nationally in CSAW CTF 2020 hosted by NYU.
  • 2nd Rank at Cyber Hack CTF by National Forensic Sciences University (GFSU).
  • Best Hardware Hack prize at HackOut, a Hackathon by Headout in collaboration with GeekHaven, IIITA.

Technical Skills

Key Areas:
Platform Engineering · Distributed Systems · Cloud-Native Security · Threat Modeling · Compliance

Languages:
C · C++ · Python · Go · Java · JavaScript (Node.js) · TypeScript · Bash · SQL · Git

Infrastructure & Tools:
Terraform · Helm · Docker · Kubernetes · Linux · MongoDB · PostgreSQL · Redis · Kafka · ELK Stack