Sumit Kumar

Attack Surface Management (ASM)

• Developed an application to mitigate risks to digital infrastructure
• Monitored 150,000+ ports for potential vulnerabilities daily
• Tracked 50,000+ assets with daily snapshots of their public exposure
• Maintained a record of 400,000+ security findings for comprehensive risk assessment
• Technologies: Airflow, PostgreSQL, Redis, Elasticsearch clusters, Kibana, AWS Lambda, Docker, Nginx, FastAPI, Ubuntu server, ETL

Triangulum

• Worked on a microservice to orchestrate security tools in a sandboxed environment
• Built integrations for ZAP, Bandit, Prowler, Nuclei, Semgrep, Trivy, Snyk, Wiz and others
• Developed a Cloud Asset Inventory tool for AWS and GCP, using Boto3 and Google Cloud SDK
• Implemented task tracking with state update and user-friendly error codes for improved observability
• Adapted the collection of data from conventional methods to a queue-based messaging system
• Directly impacted the generation of 1,000,000+ findings and 20,000+ assets
• Technologies: gRPC, Celery, RabbitMQ, Elasticsearch, Docker, AWS ECS

Strobes SaaS Platform

• Implemented a drafts feature to save in-progress user actions and restore them on reload or similar events
• Developed homepage widgets to deliver real-time stats and a comprehensive organizational overview
• Designed report templates tailored to end-user roles and security assessment types
• Integrated Mixpanel to track user preference activities overview
• Technologies: Django Rest, Nginx, GraphQL, PostgreSQL, Celery, RabbitMQ, Elasticsearch, Redis

Additional Contributions

• Developed a service that verifies the state of Network/Web findings in real-time by executing PoC templates
• Developed an automated patch application service that generates pull requests for codebase updates
• Developed a threat intelligence database that correlates with vulnerable packages and updates daily