About Experience Projects Certifications Security Portfolio Blog Get in Touch
Rakesh
Elamaran
Seeking Roles as
>_ $

Security Engineer with 4+ years securing web, API, and cloud-native platforms across enterprise environments. Former Comcast & Temenos  ·  Open to full-time cybersecurity roles in the UK  ·  Graduate Visa (Full UK Work Rights)

🏛 NCSC Certified Degree MSc Cyber Security Engineering · University of Warwick
View My Work Get in Touch LinkedIn ↗
4+
Years in AppSec
40+
Security Assessments
50+
Security Sessions
8+
Certifications
Rakesh Elamaran

About Rakesh

I'm an Application Security Engineer with 4+ years of experience securing web applications, APIs, and cloud-native environments across enterprise and startup ecosystems. I hold an MSc in Cyber Security Engineering from the University of Warwick — an NCSC Certified degree — and am a Licensed Penetration Tester (LPT).

My experience spans secure code reviews, threat modeling, application security assessments, and DevSecOps integration — partnering closely with engineering teams to embed security throughout the SDLC.

Currently preparing for the HTB CPTS certification and actively seeking Application Security / Product Security roles in the UK. I bring a hands-on, impact-driven approach focused on reducing real-world risk.

Experience

Career Timeline

4+ years securing applications at enterprise scale across telecoms, fintech, and security consulting.

Dec 2022 – Sep 2024
Security Engineer II
Comcast India Engineering Center
Chennai, India · Telecommunications / Media
  • Embedded application security within development teams across the SDLC for web, API, and cloud-native services — identifying high-risk attack paths and driving risk-based remediation.
  • Conducted targeted security assessments across microservices and APIs, analysing authentication, authorisation, and trust boundaries to identify systemic weaknesses and validate controls.
  • Reviewed and prioritised findings from penetration tests, vulnerability assessments, and bug bounty submissions — validating exploitability, escalating risks, and driving remediation with engineering teams.
  • Performed threat modelling and secure design reviews using STRIDE to identify attack surfaces during early architecture phases and influence secure design decisions prior to release.
  • Integrated automated SAST, SCA, and container vulnerability scanning into CI/CD workflows, enforcing security gates on merge requests and reducing remediation timelines by 30%.
  • Led internal security enablement by delivering technical training sessions and knowledge-sharing programmes to improve secure coding adoption across engineering teams.
SAST/SCAThreat ModellingDevSecOpsMicroservices
Oct 2021 – Dec 2022
Product Security Analyst
Temenos AG
Chennai, India · FinTech / Banking
  • Led Log4j impact assessment across production banking platforms — validating exploitability and compensating controls to support risk-based remediation within PCI-DSS environments.
  • Triaged SAST and SCA findings across core and digital banking products, identifying recurring vulnerability patterns and partnering with development teams to prioritise secure design and release decisions.
  • Collaborated with product, engineering, and risk stakeholders to align vulnerability insights with control requirements, supporting secure release outcomes in regulated enterprise environments.
  • Contributed to application security governance: vulnerability tracking, compliance evidencing, and advising on risk acceptance decisions aligned with audit and regulatory expectations.
PCI-DSSVuln TriageAppSec Governance
Jul 2020 – Sep 2021
Security Associate
ByteBlanket
Remote · Security Consulting (UAE clients)
  • Conducted web application and API security assessments for banking and enterprise clients — identifying authentication, authorisation, and input validation vulnerabilities aligned with OWASP standards.
  • Delivered risk-prioritised remediation guidance and collaborated with client engineering teams to strengthen secure coding practices and improve application resilience.
Pen TestingOWASPConsulting
Education

Academic Background

Formal grounding in cybersecurity engineering and computer science.

MSc Cyber Security Engineering
University of Warwick
Oct 2024 – Oct 2025
🏛 NCSC Certified★ Warwick Award

Dissertation: Designed and evaluated a hybrid intrusion detection framework incorporating structured threat modelling, attack simulation, and risk-based security evaluation.

Bachelor of Engineering in Computer Science
Anna University
Aug 2016 – Apr 2020

Foundation in computer science, algorithms, and software engineering principles that underpin current security engineering practice.

Core Expertise

Core Expertise

Comprehensive security capabilities across the full software development lifecycle.

AS
Application Security
Securing web and mobile applications through comprehensive security assessments and secure architecture design.
PT
Penetration Testing
Black-box and white-box penetration testing for web apps, APIs, and network infrastructure.
API
API Security
Securing REST and GraphQL APIs against OWASP API Top 10 vulnerabilities.
CS
Cloud Security
AWS security configuration, IAM policies, and cloud-native security controls.
TM
Threat Modeling
STRIDE-based threat modeling for complex systems, APIs, and microservices architectures.
CR
Secure Code Review
Manual and automated code analysis to identify vulnerabilities before they reach production.
DS
DevSecOps Integration
Embedding security into CI/CD pipelines with automated SAST, DAST, and SCA scanning.
AU
Security Automation
Building automated security workflows, custom tooling, and pipeline integrations to scale security at speed.
Arsenal

Skills & Expertise

Depth across the full application security spectrum — from shifting left in the SDLC to exploiting real-world vulnerabilities.

Offensive Testing

Burp SuiteMetasploitffufNmapSQLmapNuclei

Red Team & Exploitation

CRTA OpsC2 FrameworksLateral MovementPrivilege EscalationPayload CraftingOSINT

API & Web Attacks

OWASP API Top 10Authentication BypassJWT AttacksGraphQL SecuritySSRFIDOR

Governance & Frameworks

ISO 27001NIST CSFPCI-DSSSTRIDECVSSPTES

AppSec & DevSecOps

CheckmarxSemgrepMend (WhiteSource)SAST / DAST / SCASecure Code ReviewThreat Modelling

Scripting & Cloud

PythonBashJavaScriptJavaAWS SecurityContainer SecurityOWASP ASVS
Credentials

Certifications

Industry-recognised certifications demonstrating hands-on offensive and defensive security capability.

CREST Practitioner Security Analyst (CPSA)
CREST International
In Progress
HTB Certified Penetration Testing Specialist (CPTS)
Hack The Box
In Progress
Certified Red Team Analyst (CRTA)
CyberWarFare Labs
Licensed Penetration Tester (LPT)
EC-Council
Open Source

Projects

Security research and engineering projects — built in public, shared with the community.

Hybrid IDS for CAN Bus Networks

A lightweight hybrid intrusion detection system for connected vehicles — simulating five real-world CAN bus attacks, comparing rule-based and machine learning approaches, and achieving 98% accuracy with a 2.1ms detection latency.

Python · ML
View on GitHub →
Secure Network Design

A structured approach to designing secure network architectures — covering segmentation, zero-trust principles, firewall rules, and defence-in-depth for enterprise environments.

Python
View on GitHub →
Coming Soon

Next project coming soon. Focused on application security tooling, automation, or research — stay tuned via GitHub.

— In Progress
GitHub →
Coming Soon

Another project in the pipeline. Security research, tooling, or community resource — link will be live here when published.

— In Progress
GitHub →
Leadership

Community & Influence

Building security knowledge and culture beyond the day job — through community, mentorship, and open-source contribution.

Community Founder

Founder and lead of a 500+ member cybersecurity community organising hands-on workshops, CTF events, and technical seminars. Actively mentor beginners and early-career professionals in building practical security skills and launching cybersecurity careers.

Explore the Community →
Public Speaker

Delivered 50+ security talks and hands-on workshops covering application security, threat modelling, and DevSecOps practices. Audiences include enterprise engineering teams, universities, and industry conferences.

Mentorship

Support aspiring and mid-career security professionals transitioning into product and application security roles through structured career guidance, hands-on technical coaching, and mock technical interviews.

OWASP Chapter Leader

Chapter Leader of the OWASP Cuddalore Chapter — organising local meetups, security awareness events, and hands-on sessions to grow the security community at the grassroots level.

Open to Collaboration

Interested in working together?

I'm available for Guest Lectures, Workshops, Student Mentoring, and conversations around Community Building in Cybersecurity — whether at universities, bootcamps, or industry events. If you're organising something and think I'd be a good fit, I'd love to hear from you.

Get in Touch →
Security Portfolio

Hands-On Practice

Continuous skill development through offensive security platforms and real-world machine exploitation labs.

Check Profile →
Top 1%
Global Rank
300+
Rooms
230+
Day Streak

Hands-on offensive and defensive security labs covering web exploitation, network pentesting, OSINT, and red team techniques.

Web ExploitationPrivilege EscalationActive DirectoryOSINT
Check Profile →
Script Kiddie
Rank
3
Machines
10
Challenges

Real-world machine exploitation and challenge labs focused on penetration testing techniques and CTF problem solving.

Machine ExploitationCTFEnumerationPrivilege Escalation
Accomplishments

Recognition & Achievements

WMG
Excellence Scholarship
Awarded the WMG Excellence Scholarship at the University of Warwick in recognition of academic merit and potential in cybersecurity.
Award
Warwick Award
Recipient of the Warwick Award recognising outstanding contribution to the university and wider community during postgraduate study.
10+
CTF Challenges
Competed in and completed 10+ Capture The Flag challenges across global and regional cybersecurity competitions.
OSS
Open Security Summit Membership Award
Recognised with membership award at the Open Security Summit for contributions to the open security community and collaborative security research.
CSI
Student Icon Award
Awarded by the Computer Society of India for sustained leadership and contributions to the CSI Club over three consecutive years.
Events & Networking

Conferences Attended

Engaging with the security community through major industry conferences, summits, and practitioner-led events.

BSides LondonLondon, UK
BSides BirminghamBirmingham, UK
National Cybersecurity ShowBirmingham, UK
Cloud & Cybersecurity ExpoLondon, UK
OWASP BirminghamBirmingham, UK
BSides LondonLondon, UK
Black Hat LondonLondon, UK
OWASP ChennaiChennai, India
Null ChennaiChennai, India
Nullcon GoaGoa, India
Seasides GoaGoa, India
Research & Insights

Security Writing

Practical perspectives on application security, threat modelling, and building secure engineering cultures.

Red TeamingFeb 20258 min read
CRTA Certification Journey: Stepping Into Red Teaming

My experience earning the Certified Red Team Analyst (CRTA) from CyberWarFare Labs — covering Active Directory exploitation, exam tips, practice rooms, and honest thoughts on whether it's worth it.

Read Article →
DevSecOpsJan 202510 min read
Secure SDLC Best Practices for UK Startups

UK startups need to move fast while meeting GDPR and NIS Regulations. Here's how to build security into your SDLC without killing velocity — from threat modelling to CI/CD scanning.

Read Article →
Threat ModellingSep 20248 min read
STRIDE in Practice: Threat Modelling Microservices That Actually Ship

Most threat modelling exercises are too academic to survive contact with real engineering timelines. Here's a lean, attacker-informed STRIDE process that fits inside a sprint and still catches what matters.

Read Article →
Recommendations

What People Say

Recommendations from industry leaders, professors, and the security community.

Rakesh is one of the most inspiring personalities I have come across in the cybersecurity space. He is not just a cybersecurity professional — he is a deep researcher with exceptional command over both offensive and defensive security domains. His ability to dive deep into complex security challenges, break them down, and produce meaningful research is truly remarkable. Through ROOTECSTAK and his various community initiatives, he has been a core driving force behind creating an active, vibrant cybersecurity community in Chennai.

AT
Arulselvar Thomas
CEO · Briskinfosec
View on LinkedIn ↗

Mr. Rakesh is an enthusiastic student since the day I got connected with him when he was playing a technical role in the CSI chapter. He was very keen in the Security domain and had done a good number of projects. He is very active and ready to contribute to the students community. I have admired his commitment, dedication and mentoring the students in the Security domain.

JT
Jeyaprabha T J
Associate Professor · Sri Venkateswara College of Engineering
View on LinkedIn ↗
In The Spotlight

Talks & Interviews

Podcast appearances, video interviews, and media features covering cybersecurity, community building, and the security industry.

YouTube · Video Interview
EC Council Video Interview — LPT Certification
EC-Council · Licensed Penetration Tester
Spotify · Podcast Episode
CyberSecurity Roadmap Unlocked
CIT Podcast · Episode 1
Contact

Let's talk security.

Open to relocation within the UK for Application Security, Penetration Testing, and Offensive Security roles. Let's connect.

Get In Touch
[email protected] Send me a message on LinkedIn +44 7823 800609 West Midlands, United Kingdom
Social Media
@rakeshelamaran98 @rakeshoffcl @RakeshExplores @rakesh_elamaran