visitor@srlsec.in:~$ cat about_me.txt
> Security researcher turned DevSecOps engineer
> CEH v10 · CCNA
> Building secure, scalable infrastructure
Shift left, hack right.
Hi, my name is — SARATHLAL_UP · DEVSECOPS · SECURITY_RESEARCH
assets/profile.png · STATUS: VERIFIED// DevSecOps engineer with a hacker's mindset — scope, permission, coordinated disclosure.
$ cat ./manifesto.txt
DevSecOps engineer with a hacker's mindset. I've discovered and responsibly disclosed 112+ security vulnerabilities, and now I build automated pipelines to catch them before they reach production.
I developed an automated attack surface management tool in Django to identify and monitor security risks, built and maintained a secure online examination platform with integrated security features, and publish security research and best practices for the developer community.
// Skills from the field: security, cloud, development, systems & network.
CEH methodology, vulnerability assessment, SAST/DAST, OWASP Top 10, penetration testing, security auditing.
AWS, Docker, Kubernetes, Terraform, GitHub Actions, Jenkins.
Python, Django, Bash, Git, REST APIs, Boto3.
Linux/Ubuntu, network security, CCNA, firewalls, TCP/IP, Wireshark.
// Roles and outcomes — authorized work and engineering impact.
Discovered and responsibly disclosed 112+ security vulnerabilities across various platforms.
Developed automated attack surface management in Django; built and maintained a secure online examination platform; published security research and best practices for developers.
Managed network infrastructure for 500+ users with 99.9% uptime.
Implemented firewall rules and ACLs; collaborated with DevOps on cloud network security policies; cut incident response time by ~40% via automated monitoring.
// Public write-ups on Medium — authorized work, coordinated disclosure where applicable.
How an insecure direct object reference chain surfaced at ISP scale — impact, validation, and reporting.
When a signup flow trusts too much: reaching privileged UI without the usual auth gates.
Bulk public-sector surface review: finding systemic issues and helping teams close the loop.
Client-side or transport trust on a single field — and what safer verification flows look like.
// CI/CD, cloud automation, ASM, and observability — link repos when you publish them.
End-to-end CI/CD with security scanning at every stage: SAST (Bandit), DAST (OWASP ZAP), and container scanning (Trivy) to catch vulnerabilities early.
Python tooling with Boto3 for AWS: automated vulnerability scanning, security group auditing, and compliance reporting.
Django-based continuous security monitoring and asset discovery — map and track external attack surface for organizations.
Grafana dashboards for real-time security monitoring of containerized workloads, wired to Kubernetes and AWS services.
// Industry credentials.
CEH v10 · EC-Council
Cisco certified network associate
Associate (in progress)
Core certification
Network security
Linux administration
// I'm looking for new opportunities in DevSecOps and security research. Whether you have a question or just want to say hi, I'll try my best to get back to you.
[!] I do not assist with unauthorized access, credential abuse, stalking, or anything outside clear legal authorization. This site is a portfolio, not an offer to break the law.