Raajhesh Kannaa Chidambaram
Cloud Security Engineer at DoorDash
15 years from bare metal to securing cloud infrastructure at scale. I build the security tooling and automation that makes secure defaults the easy path for engineering teams.
Projects
GHA Scannerlive
GitHub Actions security scanner. 25 checks, 8 categories, graded reports. Free, open source.
Attack Surface Management
Continuous external attack surface discovery and vulnerability scanning across AWS accounts.
Green Stone
Real-time Security Group change detection and one-click revert across AWS Organizations.
Fleet Access
Hub and Spoke IAM Roles for AWS multi-account security at scale.
CDK Booty Strappin
Automatically CDK bootstrap all AWS accounts in an Organization.
CloudTrail Lake Detections
Detection rules for investigating security events via AWS CloudTrail Lake.
Writing
Assumed Role
Cloud security thriller. IAM credential theft, lateral movement, incident response. Techniques mapped to MITRE ATT&CK with real CloudTrail detection queries.
Signed and Sealed
Supply chain attacks, CI/CD compromise, code signing, container security. Real-world parallels to SolarWinds, Codecov, and tj-actions.
Experience
Cloud Security Engineer at DoorDash
July 2023 - Present- Built natural-language querying tool for AWS infrastructure security discovery across all accounts using Steampipe.
- Automated Private Terraform module synchronization across the GitHub Organization.
- Developed SlackBot for automated GitHub PR review and approval in Cloud Security support channel.
- Led full lifecycle evaluation, selection, and integration of a CSPM tool.
Senior Staff Security Engineer at Delphix
June 2022 - April 2023- Built CDK Pipelines/GitOps delivery for AWS Config Conformance Pack findings imported into SecurityHub with PagerDuty/Slack/Jira alerting.
- Built Incident Response Notebooks using Jupyter Notebooks to query CloudTrail Lake for investigation.
- Designed Enforcement Engineering Pipeline deploying SCPs, corrective actions, and Permission Boundaries via CDK.
Senior Security Engineer at Guidewire Software
May 2021 - May 2022- Automated AWS Attack Surface Management for 300+ accounts using CDK CI/CD Pipelines.
- Set up AWS Control Tower, enrolling 300+ accounts with Security Hub, GuardDuty, SSO/Okta, and SCPs.
- Built Deception Engineering system to detect targeted attacks and prevent lateral movement.
Senior Security Analyst at BoxyCharm
Sept 2019 - Apr 2021- Built Security Operations Center using GuardDuty, SecurityHub, CloudTrail, Config with Sumologic/PagerDuty.
- Built ChatOps-driven preventive guardrails for real-time Security Group change approval and revert.
Security Engineer at Zuora
Oct 2018 - Sept 2019- Built Vulnerability Management solution using Qualys API, Lambda, DynamoDB, and Sumologic.
- AWS security operations across 60+ accounts using Organizations, GuardDuty, SecurityHub, and Inspector.
Technical Lead, IT Risk Management R&D at BNY Mellon | Eagle Investment Systems
Oct 2016 - Oct 2018- Built Application Security Program with static analysis (Coverity), dynamic analysis (Burp Suite, AppScan), and dependency checking.
- Developed Secure Development Lifecycle documentation and security awareness programs.
Senior System Administrator at Ebix
Apr 2014 - Sept 2016- Vulnerability Assessment and Management using Qualys. Web Application Firewall with ModSecurity.
- Open Source Intelligence using Censys.io. File Integrity Monitoring using OSSEC HIDS.
System Administrator at Ebix
Mar 2011 - Sept 2014- Infrastructure operations, monitoring, system administration. Database backup encryption with LUKS.
Certifications
OSCP
Offensive Security Certified Professional
OAWSP
Offensive AWS Professional (CloudBreach)
AWS Security
AWS Certified Security Specialty
AWS Networking
AWS Advanced Networking Specialty