Shreyas Sriram
Computer Science and Cybersecurity
Education
Johns Hopkins University, Baltimore, MD
August 2021 - December 2022
MS, Security Informatics
SSN College of Engineering, India (Affiliated to Anna University)
August 2016 - September 2020
BE, Computer Science and Engineering
Work Experience
Security Engineer II
Robinhood Markets | March 2024 - Present | Golang, Python
- Introduced a comprehensive Security Maturity Framework, enabling unified visibility into the security posture through streamlined controls and intuitive dashboards; established a holistic view of organizational security and dramatically improved operational efficiency
- Accomplished a strategic risk reduction initiative through meticulous planning and cross-functional collaboration across multiple organizations; achieved a 92% reduction of AWS accounts in 4 months with zero service interruptions
- Conducted thorough security assessments of new AI products; uncovered and addressed critical flaws in prompt handling and data protection
- Owned secret scanning initiative across various pipelines; managed incident response for security events affecting 40+ services, coordinating rapid mitigation efforts across team
- Implemented shift-left by integrating security scanning into the pre-commit stage of the SDLC; resulted in an 83% reduction in security feedback cycle time
- Optimized vulnerability management through innovative dependency tracking, dynamically managing projects and procedural enhancements; resulted in improved patching hygiene
Security Engineer I
Robinhood Markets | February 2023 - February 2024 | Golang, Python
- Led Safety by Design initiative, conducting over 50 reviews in 5 months and uncovering several critical vulnerabilities through rigorous threat modeling and code review
- Designed metrics and dashboards for real-time visibility into security scanning pipelines; identified and addressed friction points, resulting in a 30% speed up in scan times and accurate reporting
- Upgraded security scanning tools by optimizing CI efficiency, expanding coverage and integrating additional security controls, resulting in substantial improvements to overall security posture
Head Course Assistant
Department of Computer Science, Johns Hopkins University | August 2022 - December 2022 |
- Held office hours and assisted with grading for Object Oriented Software Engineering
- Setup assignment rubrics and managed work among other assistants
- Advised students on a semester-long software project
- Improved processes to minimize grading feedback time
Security Engineer Intern
Salesforce | May 2022 - August 2022 | Golang, Python
- Collaborated with engineering teams to determine critical components in services; performed infrastructure security assessments and design reviews to identify and minimize risks through security controls
- Discovered and investigated a critical bug in an internal security tool; documented a detailed report and proposed a redesign of the algorithm resulting in a 90% reduction in potential security vulnerabilities
- Strengthened cloud security measures by implementing additional checks into existing security assurance tools for AWS infrastructure; resulted in improved security management and informed decision-making
- Executed code refactoring efforts to improve user experience, reduce bugs, and drive higher usage by teams
- Enhanced the AWS Infrastructure by introducing a feature to monitor security posture over time, enabling comprehensive historical analysis and visibility into changes
Course Assistant
Department of Computer Science, Johns Hopkins University | January 2022 - May 2022 | Java
- Held office hours and assisted with grading
Course Assistant
Department of Computer Science, Johns Hopkins University | August 2021 - December 2021 | Java, PostgreSQL
- Advised students on a semester-long software project, held office hours and assisted with grading
Software Engineer
Mesh7 Technologies | August 2020 - March 2021 | Golang, C++, Python, Bash
- Researched cyber threat intelligence; designed and implemented microservices to integrate threat feeds for live threat monitoring
- Streamlined the real-time configuration pipeline for enhanced reliability, minimizing failures and reducing downtime
- Spearheaded and formulated strategies to achieve a 60% reduction in CI costs through Docker images and faster build times
- Hardened IAM architecture by developing highly configurable API integration and redefined workflows for better user experience
- Performed in-depth vulnerability assessments on product API and enforced strict access control policies to reduce security risks
- Established standards for simplifying and maintaining critical scripts; refactored code to support custom logging and improve readability
Software Engineer Intern
Qube Cinema Technologies Pvt Ltd | May 2019 - June 2019 | Android - Java, Kotlin
- Conducted manual code reviews; identified and fixed high-risk security bugs in the e-ticketing services
- Coordinated communications between the design and development teams for migrating to Android 10
Projects
TypoSquash - Detecting Package Typosquatting
September 2022 - December 2022 | Golang, Python, Semgrep | Project Link
- Ideated and led a 3-member team to develop a tool for detecting package typosquatting in package registries
- Integrated open source tools to provide critical detection mechanisms based on static and dynamic analysis; lead to detection of malicious packages in PyPI
Open Source Contributions - N0MoreSecr3ts/wraith
July 2022 - December 2022 | Golang | Project Link
- Extending features and bug fixes to a credential scanning tool
Cybersecurity Risk Management
February 2022 - April 2022 | NIST, HIPAA
- Led a 6-member team to perform cybersecurity risk assessments for a fictitious health organization
- Proposed a budgeting plan and timeline for setting up a fictitious SOC for the organization
- Carried out a mock HIPAA Audit to identify missing security controls and recommended technical safeguard for the same
- Analyzed critical assets and formulated an Incident Response Plan for ransomware attack
Docker Find
March 2022 | Bash | Project Link
- Basic automation script for docker forensics
- Search for a specific term in a given docker image by looking at metadata, history and layers
Breaking a Weak Cryptographic Implementation
October 2021 | Golang | Project Link
- Reviewed a client-server application with weak cryptography based on the Noise Protocol Framework and implemented a man-in-the-middle attack to break communications
Breaking Enigma with Cryptanalysis
September 2021 | Golang | Project Link
- Studied and implemented a hill-climbing attack on an M4 Enigma Machine provided with partial configuration
- Optimized the search space statistically to perform the attack under 70 seconds
Don't Ask For Flags (daff)
May 2021 | Golang | Project Link
- Developed a configurable Discord bot to check the health of hosted CTF challenges
- This removes the burden on CTF organizers to answer infrastructure-health-related questions by providing a direct interface for participants to interact with
BookXchange
November 2020 - March 2021 | NodeJS, MongoDB, GitHub Actions, AWS
- Led a 3-member team to develop the backend RESTful API for a book exchange application
- Integrated CI/CD pipelines using GitHub Actions, AWS CodeDeploy, S3 and EC2
- Incorporated shift-left principle by enforcing strict test coverage; resulted in uncovering bugs sooner
- Drafted Swagger API documentation and designed Figma prototypes for web application
GitHub Contributions Plus Plus
December 2020 | Golang, Serverless, AWS | Project Link
- Developed a Golang application that aggregates GitHub contributions from multiple accounts and produces a contribution graph
- Deployed on AWS Lambda using Serverless for easy integration (removed)
Easy-to-Remember Password Suggestor
May 2020 | JavaScript, HTML, CSS | Project Link
- Created a tool to address the issue of weak passwords; suggested passwords are based on the idea of passphrases
- Dropbox's zxcvbn password strength estimator is used to evaluate the strength of the suggested passwords
Online Transaction System using Visual Cryptography and Steganography
February 2020 | Python, NodeJS, React, MongoDB
- Developed a transaction system to authenticate payments using images sent over the network
- Steganography, visual cryptography, two-factor authentication were combined to enhance the overall security of the system
- Performed vulnerability assessment and penetration testing on the system to identify and fix security-related bugs
Removal of Sensor Dust Spots in Images
August 2019 | OpenCV - Python
- Developed a tool to automatically detect and remove sensor dust spots from an image
- Solved a major problem in images taken using a particular setting, thus saving a significant amount of time during post-processing
Certifications
CompTIA Security+
CompTIA | May 2020 - May 2023
Practical Ethical Hacking - The Complete Course
Udemy | April 2020
Publications
Braille Based Steganography System Using Dynamic Key Exchange
Springer | December 2019 | Publication Link
Technical Skills
Development Technologies
Golang, Python, C++, Bash, JavaScript, Bazel, gRPC
Other Tools and Technologies
Git, GitHub Actions, Docker, Kubernetes, AWS
Security Tools and Concepts
Burp Suite, NMap, Wireshark, Metasploit, Semgrep, OWASP Top 10, IAM, Secure coding, Design review, Manual code review, Threat modeling, SSDLC Security automation, Risk management, Security tooling, SAST, SCA, Web Security, Cloud security, Penetration testing, Cryptography
Activities
Capture the Flag (CTF) Contests
- Placed 2nd among 1000+ teams at csictf-2020, an online jeopardy-style CTF hosted by the csictf team
- Placed 19th among 3000+ teams at HacktivityCon 2020 CTF