• Manage a Team of 5+ super heroes; providing expert-level technical peer review for application security and cloud security issues, coaching and guidance on methodologies, tactics, processes and findings
• Create and Coordinate quarterly planning process (OKRs – Objectives and Key Results), manage security debt/backlog, assignment and reprioritisation of resources.
• Driving security engineering engagements with a high degree of Engineering satisfaction and through org-wide communication strategy.
• Partnering closely with other functions including Product and Engineering, Communications, PR, Marketing, Revenue, HR, Talent for anything related to security.

• Manage a Team of 5+ super heroes; providing expert-level technical peer review for application security and cloud security issues, coaching and guidance on methodologies, tactics, processes and findings
• Create and Coordinate quarterly planning process (OKRs – Objectives and Key Results), manage security debt/backlog, assignment and reprioritisation of resources.
• Driving security engineering engagements with a high degree of Engineering satisfaction and through org-wide communication strategy.
• Driving initiatives and providing insightful data-driven strategic recommendations to leadership team.
• Partnering closely with other functions including Product and Engineering, Communications, PR, Marketing, Revenue, HR, Talent for anything related to security.
• Provide innovative solutions by working in an ambiguous environment thereby contributing to overall product design.
• Work as the incident manager co-ordinating various stakeholders and provide timely mitigation.
• Revolving my entire job/planning/execution around two simple mantras “Security by Default” and “All things security as code”

• Working as a Security Architect for one of Claranet’s premier client helping them to setup a Product Security team riding on the “Shift Left” paradigm
• Partner with multiple application development teams within client organization, to ensure secure development of applications.
• Develop a broad and deep technical understanding of applications, services and architectures pertaining to the client application organization.
• Interpret results from exercises such as code review and penetration testing stakeholders and advise on remediation and mitigation as well as incorporate learnings into future designs.
• Conduct architecture reviews, threat Modeling, design reviews, code review on web and mobile applications and web services as and when required.
• Develop documentation, and a knowledge base to be used by developers for implementing secure coding practices
• Research and maintain knowledge of changing landscape of application security, latest threats, and attacker tools, techniques, and procedures.
• Provide recommendations for missing application security controls and secure design patterns.
• Support and provide consultation to development teams in the areas of application security, cloud security, DevSecOps, mobile security.
• Act as subject matter expert and provide mentorship to team members.
• Develop and maintain strong working relationship with development teams, leadership, and product owners.
• Lead the efforts towards creation and successful functioning of an application security program for the client organisation.
• Lead long term initiatives of program such as automation, processes, and documentation for the client organisation.

Responsibilities include:

• Security Automation

  • He loves automating his tasks and has also blogged about few of them in the Technology section.
  • He is a big fan of DevOps methodology and he loves to play around with devops tools like Jenkins,Docker,Kubernetes,Vagrant and Ansible.
  • At NotSoSecure he has build the entire DevSeCops course from ground-up involving plenty of automation.
  • Hence he is responsible for identifying tasks which can be automated at NotSoSecure.

• Security Architecture Review/Threat Modelling

  • Being a developer at heart Rohit has experience in understanding how a typical software development environment operates.
  • He has performed architecture reviews of various such environments whether they are running in traditional IT or the modern DevOps stack.
  • His architecture reviews involve understanding the current high-level architecture then drilling deep down into the technology stack and suggesting the security best practices.
  • He has also worked with the STRIDE threat modelling approach by Microsoft in various projects.
  • He has experience in performing architecture and configuration review from a security standpoint for on-premises as well as cloud infrastructure including technology like Kubernetes.

• Strategy

  • Being in the senior leadership Rohit Salecha is also tasked with steering the organization towards better growth.
  • Aligning research with pentesting and training content development to maximize revenue.
  • He is also tasked in leading the Protect and Detect segment to deliver strategic advises and consultancy to organizations for injecting security in their SDLC processes.
  • Actively involved in recruitment process for hiring exceptional candidates who can grow along with the company

• Pentesting

  • Web,Mobile and API pentesting of applications from various industries
  • Researching for new tools and techniques for pentesting by and feeding it back to the team.
  • Writing informational blogs for NotSoSecure to share back with the community.
  • He is also very active on the CobaltCore pentesting platform.

• Training

  • Lead trainer for three of the most selling classes of NotSoSecure viz. Application Security for Developers,DevSecOps and AppSecOps and delivered this class across the globe i.e. UK,EU and USA.
  • Developed the entire DevSecOps course from ground up and presented at OWASP Global APPSEC DC and many more places.
  • Trained and spoken at premier Security conferences like Blackhat,OWASP APPSEC,Nullcon and Agile+DevOps by Techwell.
  • Updating the trainings with new materials and exercises reflecting the changing infosec environment.

• Served as an internal Information Security consultant to the organization ensuring proper information security clearance amidst a constantly changing environment at the Bank and ensure its compliance with established organizational information security policies and regulatory requirements - Perform regular Security Assessments on the IT infrastructure, processes and procedures to ensure its compliance with the Groups Security policy. Proactively follow up for closure of the issues identified.
• Risk Assessment of New Business Initiatives (Products, Channels, Solutions) across the bank from an Information Security and Architecture perspective ensuring involvement at every stage of the project/imitative lifecycle.
• Third Party (Vendor) Assessments through RFP sessions helping select the best vendor from a Security and Architecture perspective.
• Performing BAU activities like firewall rule approvals,developer access approvals etc…

• Performing Vulnerability Assessment and Penetration testing for EYs clients in the Telecom, Media & Entertainment and Technology domains.
• Performed IT Audits for ensuring compliance with various regulatory standards and policies including SOX and TRAI
• Developing and Reviewing Minimum Baseline Security Standards for various technologies

• Performing VAPT on web/mobile applications and servers for various clients in the Banking industry and advising them on various security issues.
• Conducted CSJD (Certified Secure Java Development) trainings for NII’s and IIS’s premier clients and CSI (Computer Society of India) Mumbai Chapter.
• Delivered Security Awareness training to the senior management of a major Oil and Gas Corporation in India.
• Single-handedly managed a 3-month engagement for a leading insurance company to perform Secure Code review and developing security guidelines for developers in J2EE technology.

• Full stack developer in J2EE-Oracle technology with expertise in Spring,StrutsJPA,Hibernate,MySQL and Oracle
• Developed a suite of applications for MHADA Lottery 2012 following Secure Coding best practices as advised by the Security team over a period of 15 months.
• Developed PoC solutions on Liferay Platform
• Developed J2ME Mobile applications for bus-tracking as part of a hackathon.