profile pic
Hi, I'm Product Security Engineer - II

Gaurav Joshi

Cloud Security Red Teamer & Product Security Engineer II at HighRadius. I specialize in multi-cloud security, red teaming, and building open-source tools for cloud visibility and attack simulation.
Creator of CloudLens and co-creator of SCAGoat.
Speaker at BlackHat, AppSec Village, and core team at Seasides.

Listed in: Hacking Archives of India

Download CV Contact

Experience

Product Security Engineer - II

Highradius | January 2025 - Present

  • Conducting in-depth cloud penetration testing on AWS and GCP environments, identifying and exploiting misconfigurations.
  • Engaged in CSPM initiatives, helping remediate misconfigurations and strengthen cloud security posture.
  • Red Teaming assessments in multi-cloud environments, focusing on escalation, lateral movement, and post-exploitation.
  • Conduct security hardening and provided recommendations for security controls.
  • Enhanced vulnerability management and Attack surface management.

Associate Product Security Engineer - II

Highradius | July 2024 - December 2024

  • Conducted vulnerability assessments using WIZ and Nessus.
  • Developed adversary simulations to mimic sophisticated offensive TTP's.
  • Conducted cloud penetration testing across AWS and GCP.
  • Executed vulnerability triage processes in multi-cloud settings.

Associate Product Security Engineer - I

Highradius | June 2023 - June 2024

  • Addressing critical vulnerabilities in cloud environments using Wiz.
  • Performed internal and external network penetration tests.
  • Conducted vulnerability assessments with Nessus.
  • Administered quarterly patch management activities.
  • Improved 70+ Kubernetes clusters security assessment.

Product Security Intern

Highradius | September 2022 - May 2023

  • Improved Checkmarx tool to 80% accuracy with custom queries.
  • Created secure code examples for product development teams.
  • Performed Web and API penetration testing.
  • Triaged 5000+ security findings.

Projects

CloudLens

A lightweight CSPM & inventory collector for AWS & GCP. Surfaces attack surfaces, region-based resources, and misconfigs using read-only keys. Built for red teams, bug bounty hunters, and cloud defenders.

View on GitHub

SCAGoat - Damn Vulnerable Application

A vulnerable-by-design SCA lab for supply chain testing. Features real-world attack scenarios: CVEs, malware, dependency confusion, and more. Presented at Defcon 32, BlackHat Europe, and C0c0n.

View on GitHub

Skills

Security Testing

Penetration Testing Vulnerability Assessment Red Teaming SAST API Security Testing

Cloud Security

AWS Security GCP Security CSPM Cloud Penetration Testing Kubernetes Security

Tools & Technologies

Wiz Checkmarx Burp Suite Nmap Metasploit Kali Linux Jenkins Nessus

Core Competencies

Vulnerability Management Security Architecture Risk Assessment Secure Code Review Incident Response

Certifications

2023

Certified Red Team Professional (CRTP)

Altered Security

Advanced penetration testing and cyberattack simulation certification focused on Active Directory exploitation.

2023

Certified Appsec Practitioner (CAP)

The SecOps Group

Specialized certification in application security testing and secure development practices.

2023

Certified Cloud Security Practitioner - AWS

The SecOps Group

Expertise in AWS cloud security practices and cloud penetration testing methodologies.

Conference Calendar

Upcoming Current Past
2025
Black Hat Asia
SCAGoat - Exploiting Damn Vulnerable and Compromised SCA Application
April 1-4, 2025 Singapore Arsenal
2024
Black Hat Europe
SCAGoat - Exploiting Damn Vulnerable SCA Application
December 9-12, 2024 London, UK Arsenal
2024
AppSec Village @ DEF CON
SCAGoat - Arsenal
August 2024 Las Vegas, USA Arsenal
2025
Seasides Goa
Multi Cloud Dominance [Cloud Village]
February 2025 Goa, India Technical Talk
2025
Seasides Goa
Utilizing SAST with Enterprise tools [SAST Village]
February 2025 Goa, India Technical Talk

Contact

gauravsharma3876@gmail.com
+9190XXXXXX52
Hyderabad, India