devsecops / cloud security / container hardening

Manikandan
Ravichandran

Six years doing DevSecOps — the kind where security actually ships with the code, not after. I've built scanners, hardened registries, tamed CI pipelines, and triaged more CVEs than I'd like to count. Right now I own container security at PhonePe across 500+ microservices.

[ VIEW EXPERIENCE ] [ GET IN TOUCH ]
Manikandan Ravichandran
01

ABOUT ME

0 YRS DEVSECOPS
0 MICROSERVICES SECURED
0 CVEs TRIAGED
0 SECURITY REGRESSIONS CUT
0 TB REGISTRY SCALE
Shift-Left Security
SAST, SCA, and image scanning wired into every PR and build. Vulnerabilities get caught before they touch staging, not after they hit prod.
Supply Chain & SBOM
Full artifact provenance via Dependency-Track, SBOM generation, and Nexus proxy governance. 700+ artifacts tracked, every CVE ranked by real-world exposure.
Secure CI/CD Pipelines
GitLab runners hardened — image provenance enforced, non-root mandatory, outbound locked down. 1500+ daily CI runs with no non-audited runner ever executing.
Compliance Automation
CSCRF, PCI DSS, REBIT, SOC Type 2, CIS benchmarks — not checked manually, enforced automatically as pipeline gates across multi-cloud and bare-metal.
bash — manikandan@devsec:~$
manikandan@devsec:~$ whoami --verbose
role : DevSecOps Engineer | Information Security Engineer II location : Bengaluru, India experience : 6+ years securing cloud-native systems at scale current : PhonePe — owning container security for 500+ microservices focus : shift-left security, supply chain integrity, SBOM, CVE triage compliance : CSCRF · PCI DSS · REBIT · SOC Type 2 · CIS Benchmarks mission : make insecure code impossible to ship, not just unlikely manikandan@devsec:~$
02

TECH ARSENAL

Container Security
DockerKubernetes TrivyClair CIS Docker BenchmarkNon-root Enforcement
Registry & Artifact Management
GoHarbor (130TB)Nexus Sonatype Image ProvenanceSBOM Dependency-Track
SAST & Vulnerability Mgmt
GitLab SASTSonarQube Wazuh (HIDS)CVE Triage Exploitability Analysis
CI/CD & Automation
GitLab CI/CDRunner Governance AnsibleGo SDKsBash
Cloud & Infrastructure
AWSAzure Bare Metal K8sIAMKMS
Monitoring & Threat Detection
ELK StackPrometheus GrafanaSecurity Observability
Networking & Access Control
NginxCaddyHAProxy RBACLDAP / IDAMPfsense
Compliance & Governance
CSCRFPCI DSSREBIT SOC Type 2CIS BenchmarksDLP
Programming & Scripting
PythonGo BashJavaScriptJava
03

WORK EXPERIENCE

DEC 2022 — PRESENT
PhonePe · Bengaluru
Information Security Engineer II
  • Owned the container security charter — shifted security left across the entire SDLC with guardrails that block vulnerable images and libraries from entering production.
  • Built real-time vulnerability detection tooling triggered on every code push and Docker build, cutting security regressions by 70% via early feedback loops.
  • Deployed and scaled a distributed Harbor registry (130TB) fronted by Nexus proxy caches across multiple DCs — sustaining 2M–5M artifact pulls per DC per day.
  • Enforced non-root container execution across 500+ microservices, eliminating privilege escalation risks; compliance gating in GitLab blocked non-conforming images automatically.
  • Automated phased deprecation of 300+ base images across 200+ teams — scaled secure image adoption from 18% → 92% within 6 months.
  • Centralized SBOM visibility via Dependency-Track + PostgreSQL, providing contextual triage for 10K+ CVEs across 700+ artifacts ranked by exploitability and runtime exposure.
  • Hardened GitLab CI/CD runners with image provenance checks and outbound access controls — secured ~1500 daily CI executions and eliminated non-audited runner usage org-wide.
  • Tuned inline Trivy & Clair thresholds with per-team contextual exceptions — reduced false positives by 40% and improved remediation SLA from 10 days → 48 hours.
SEP 2021 — DEC 2022
NetBook · Bengaluru
Senior DevSecOps Engineer
  • Led DevOps function and drove the handoff of security responsibilities from dev to ops — establishing a security-first operating model.
  • Designed and delivered multi-cloud infrastructure architecture with security baked in at every layer.
  • Implemented Kubernetes on bare-metal, maintained SOC Type 2 posture and enforced CIS Kubernetes benchmarks.
  • Built CI pipelines with automated security gates, configured Caddy with RBAC, deployed ELK + Prometheus for security observability, managed secrets in K8s via KMS, and authored complex cross-cloud IAM policies.
JUN 2019 — AUG 2021
Curl Analytics & CurlHG · Bengaluru
DevSecOps Engineer
  • Led security operations — deployed endpoint monitoring (Wazuh/HIDS) across Linux, Windows, and macOS; implemented centralised IDAM via LDAP for Linux fleet.
  • Conducted Docker container hardening and enforced CIS Docker Engine benchmarks; managed 4-member DevSecOps team and led technical hiring.
  • Netapp engagement: securely deployed ML product into Netapp storage using Kubernetes.
  • Vakt & Mercuria: contributed to application architecture design and container hardening under enterprise security requirements.
APR 2019 — JUN 2019
Steinn Labs LLP · Pune
DevOps Engineer
  • Implemented AWS SaaS Factory and Multi-Tenant Architecture with secure isolation between tenants.
  • Established CI/CD pipelines and built secure REST APIs with proper authentication and authorization controls.
04

EDUCATION

07 / 2018
Bachelor of Engineering
E&TC · Savitribai Phule Pune University
GPA: First Class With Distinction
01 / 2014
Higher Secondary Certificate
CBSE · Army Public School, Kirkee
Score: 80.2%
05

GET IN TOUCH

Let's talk

Looking for Senior DevSecOps, Cloud Security, or Platform Security roles.
If you're building something that needs security to actually work — reach out.

mail: manikandan.ravi8@gmail.com loc: Bengaluru, India