Adnan Koroth

Experience

Pintu — regulated Indonesian fintech (OJK-supervised)

• Staff Security EngineerMar 2025 – Present
• Lead Security EngineerSep 2022 – Feb 2025

• Cerberos — four-scanner cloud-posture suite on ephemeral ECS Fargate: container images (Trivy), AWS CIS + perimeter (Steampipe), EKS control plane (Kubescape), node OS per-AMI. One finding shape into OpenSearch and ticketing. detail →
• IAMGuru — multi-cloud IAM analysis built end to end: privilege-escalation paths, per-principal blast radius, AWS→GCP federation bindings, MITRE ATT&CK mapping, data-driven scoring. Runs for ~$8/month. detail →
• Pentagon (co-architected) — unified findings warehouse: one four-axis taxonomy across 6+ scanners, fingerprint deduplication, finding lifecycle with SLA, bounded AI agents under human review. Became the posture view security and engineering leadership use across cloud, application, and IAM risk. detail →
• Watchman — AI-enriched SOC: endpoint-alert pipeline that enriches with an LLM under a strict output schema and an interactive clarification loop; AI-assisted WAF-spike triage. Deterministic classification, confidence thresholds, human handover. detail →
• JIT Access — Slack-native just-in-time AWS elevation (ECS + DynamoDB, Slack Socket Mode): engineers request elevated access via Slack, account owners approve or deny in-channel, and the role is granted for a bounded session and auto-revoked at expiry. Replaced vendor PAM with an in-house bounded-trust workflow aligned to ISO 27001 A.9 / CIS least-privilege. detail →
• Identity & zero-trust — Okta + AWS IAM Identity Center federation, hardware MFA, least-privilege; eliminated standing long-term credentials org-wide; cross-system identity resolution service.
• Secrets & posture — multi-cloud secrets inventory across AWS / GCP / Vault with change detection; GitHub Enterprise auditing with drift detection.
• Platform — owned cloud-security and detection domains in a Go security-automation monorepo (26+ services, shared client libraries); IaC with Terraform and CDK, least-privilege per service, private-subnet-only, real-DB testing, pre-commit security gates.

Cars24 — used-car marketplace (India, Australia, Thailand & UAE)

• Security Engineer III — Cloud & InfrastructureJul 2021 – Sep 2022

• Established and built the security posture from scratch across 4 countries and 6,000+ employees — Cloud Security (AWS & GCP) and Endpoint Security (Palo Alto).
• Spearheaded and completed the XDR (Palo Alto Cortex) roll-out across 4 countries and 6,000+ endpoints in under 90 days.
• Designed, implemented, and maintained open-source security solutions in the cloud infrastructure; ran architecture design workshops to improve DevSecOps.
• Deployed Prisma Access as the SASE solution, replacing fragmented VPN with zero-trust network access; drove cloud-native IAM aligned with the AWS Well-Architected Framework across all pillars.
• Designed backup, redundancy, and information-security continuity controls in the AWS/GCP environment to support ISO 27001 certification.

Castellum Labs — security consultancy, India

• Team Lead, Cloud & Network SecurityMay 2021 – Jul 2021
• Cloud Security EngineerMay 2020 – Apr 2021
• Associate Cyber Security Engineer / ConsultantNov 2019 – Apr 2020
• Trainee Cyber Security EngineerAug 2019 – Oct 2019

• Cloud security architecture, controls, and roadmaps for enterprise clients on AWS and on-prem.
• Built a virtual SOC training environment (ThreatN!XD) for blue-team drills with red-team C2 simulations.
• Built a SIEM platform (ELK, Wazuh, TheHive, Cortex, MISP, OpenCTI); an internal CA with CFSSL; an S3 misconfiguration scanner via Certificate Transparency log harvesting.
• Conducted advanced phishing simulations (PhishCHK) for MNC clients — in-house OSINT framework, self-hosted mail servers, browser exploitation (BeEF).

IT Engineer Roles — Oman & India

• Freelance ConsultantJun 2017 – Jul 2019

• Diagnosis, configuration, and maintenance of desktop, network, and infrastructure issues.
• IT contractor for small businesses — networking, hardware, software, web and graphic design.

Education

Sathyabama University, Chennai — B.E. Computer Science. Thesis: detection of cyber terrorism using web data mining.

Certifications

AWS Certified Security – Specialty · Cisco CCNA & CCNP · Fortinet NSE 1 & 2 · ICSI Certified Network Security Specialist

Technical skills

• Languages — Python, Go, TypeScript, Bash
• Cloud — AWS (IAM, STS, ECS Fargate, Lambda, S3, Organizations, EKS, GuardDuty, KMS), GCP (IAM, Secret Manager, BigQuery, WIF), Terraform, AWS CDK, Cloudflare Workers
• Security engineering — Trivy, Kubescape, Steampipe/Powerpipe, Semgrep, Gitleaks, Falco, Wazuh, CrowdStrike Falcon, Palo Alto Cortex XDR / Prisma Access, AWS Access Analyzer
• Identity — Okta, AWS IAM Identity Center, federated SSO, OIDC, RBAC, Workload Identity Federation (AWS→GCP)
• AI & agents — Anthropic Claude API, LangChain, LLM workflow design for security triage and classification; bounded autonomy, deterministic classification, confidence thresholds, human-in-the-loop, no destructive autonomous actions
• Detection & data — OpenSearch/ELK, SIEM design, MITRE ATT&CK, IOC correlation, PostgreSQL, BigQuery
• Compliance — CIS AWS / EKS, ISO 27001, NIST CSF, OWASP Top 10, PCI-DSS, OJK SEOJK-38