Hi, my name is

Bharat Gandhi.

I make organizations more secure.

A security specialist with 11+ years of experience helping organizations deliver transformational change in a safe and secure manner. I bridge the gap between security and business — from cloud architecture to threat modeling to DevSecOps.

See my projects

01. About Me

I specialize in helping organizations deliver transformational change in a safe and secure manner enabled by technology. With extensive experience in both technical architecture and digital transformation, I combine hands-on engineering skills with strategic security leadership.

From architecting cloud security solutions at Amazon Web Services to leading security operations at Careem (an Uber venture), I've built deep expertise across the full security spectrum — cloud security, threat modeling, incident response, and compliance.

A few technologies I work with:

AWS Security Suite
Palo Alto / Fortinet
Splunk / QRadar
Python / PowerShell
DevSecOps / CI/CD
Threat Modeling

11+ Years Experience

10+ Certifications

5 Companies

02. Work Experience

Director Security Architecture and Operations @ Careem

Nov 2024 — Present · Dubai, UAE

Led design and implementation of scalable security architectures for distributed backend systems
Provided expert guidance on secure coding practices, cloud security, and threat modeling
Facilitated collaboration between InfoSec teams, architects, engineers, and product teams
Spearheaded AWS services implementation and cloud security initiatives
Integrated security throughout the software development lifecycle (SDLC)

Senior Security Engineer L5 @ Amazon Web Services

Dec 2021 — Nov 2024 · Canada

Contributed to cryptographic solutions and secure system architectures
Led DevSecOps initiatives for 2Pizza Teams across multiple product lines
Architected complex AWS environments using ECS, S3, ALB, RDS, KMS, Lambda
Conducted threat modeling and security design reviews at scale
Managed multiple security campaigns and gamedays to harden production systems

Cyber Security Manager @ PwC

Aug 2018 — Dec 2021 · Gurgaon, India

Developed and matured security metrics for IT Risk programs globally
Built Splunk and Ohana Dashboards for visibility across 176 territories
Implemented ISO 27001 controls and conducted internal audits
Developed automation projects in Python and PowerShell for SOC operations
Managed endpoint security technologies and cloud security implementations

Senior IT Security Operations Specialist @ McKinsey & Company

Jan 2017 — Oct 2018 · Global

Managed SIEM environment and security operations at enterprise scale
Developed Splunk queries and correlation searches for threat detection
Implemented Security Orchestration and Automation (SOAR) solutions
Conducted vulnerability assessments and penetration testing engagements
Managed network security infrastructure and access controls

Security Specialist @ HCL Technologies

Nov 2013 — Jan 2017 · India

Conducted risk identification and assessment according to ISO 27001:2013
Managed SOC operations, security monitoring, and alert triage
Implemented security policies, procedures, and governance frameworks
Conducted vulnerability assessments and security audits for enterprise clients
Provided security training and awareness programs to cross-functional teams

03. Projects

career-ops

AI-powered job search pipeline that automates job discovery, application tracking, and outreach using intelligent agents and workflow automation.

JavaScript
AI Agents
Automation

RiskRegister

Enterprise security risk register application for managing, tracking, and prioritizing security risks across an organization's threat landscape.

TypeScript
Security
Risk Management

ai-feedback-interviews

AI-powered interview preparation platform that provides real-time feedback on responses, helping candidates sharpen their answers and communication.

TypeScript
AI/LLM
NLP

Aiagent

Autonomous AI agent framework for orchestrating complex multi-step tasks, integrating tools and APIs to execute workflows with minimal human intervention.

TypeScript
AI Agents
Tool Use

lofi-reel-bot

Automated Python bot that generates and schedules lofi music reels for social media, combining audio processing, video generation, and platform APIs.

Python
Automation
Media Processing

Automations

Collection of security and workflow automation scripts for SOC operations, incident response playbooks, and DevSecOps pipeline integrations.

JavaScript
DevSecOps
SOC Automation

AutomationAIAgency

Website and platform for an AI automation agency, showcasing services, case studies, and client onboarding flows for AI-driven business solutions.

HTML/CSS
AI Automation
Agency

04. Technical Skills

Security Tools

Palo Alto Networks
Cisco IDS/IPS
Fortinet
Splunk
IBM QRadar
ArcSight
Qualys
Nessus
Burp Suite
Symantec
McAfee

Cloud Security

AWS GuardDuty
CloudTrail
Security Hub
AWS KMS / IAM
Azure MDATP
O365 Security
Google Cloud
Serverless Security

Security Operations

Incident Response
Threat Hunting
Vulnerability Management
Security Automation
Compliance Management
SOC Operations
Threat Modeling

Development

Python
PowerShell
TypeScript
JavaScript
GitLab / GitHub
DevSecOps
CI/CD Pipelines

05. Certifications

▹

Certified Information Security Manager (CISM)

ISACA

▹

Azure Fundamentals & Security

Microsoft — AZ-900, AZ-500

▹

Certified Ethical Hacker (CEH)

EC-Council

▹

ISO 27001:2013 Lead Auditor

ISO Certification

▹

CISSP

In Progress

▹

CompTIA Security+

CompTIA

▹

Splunk Certifications

Architecture · Admin · Knowledge Objects · Search & Reporting

06. What's Next?

Get In Touch

Interested in discussing security strategy, cloud architecture, or potential collaboration? My inbox is always open — whether you have a question or just want to say hi.

Say Hello