Rakesh Elamaran — Security Engineer

About Rakesh

I'm a Security Engineer with 5+ years of experience across application security, penetration testing, and offensive security, working across enterprise environments, fintech, and now OT/IoT-aligned systems.

I hold an MSc in Cyber Security Engineering from the University of Warwick, an NCSC Certified degree, and am a Licensed Penetration Tester (LPT). My background spans secure code reviews, threat modelling, DevSecOps integration, and hands-on offensive testing across web, API, and industrial environments.

Open to full-time roles in Application Security, Penetration Testing, or Offensive Security across the UK.

Experience

Career Timeline

5+ years securing applications at enterprise scale across telecoms, fintech, and security consulting. Now based in the UK.

Feb 2026 – Present

Penetration Tester (Freelance)

SafeTech Global

Remote, United Kingdom · ICS/OT Security

Supported security testing and analysis across web applications and ICS environments, assisting with vulnerability validation and documentation of findings for remediation.
Contributed to ongoing research on security evaluation approaches for ICS and LLM-integrated systems, analysing potential risks and supporting secure design considerations.
Collaborated with the product team to test features, validate security controls, and improve overall system resilience.

ICS/OTIoT SecurityPen TestingProduct Security

Dec 2022 – Sep 2024

Security Engineer II

Comcast India Engineering Center

Chennai, India · Telecommunications / Media

Embedded application security across the SDLC for 20+ microservices in a distributed environment, identifying attack paths and driving risk-based remediation across web, API, and cloud-native systems.
Evaluated authentication, authorisation, and API security controls, validating remediation of 50+ vulnerabilities and providing actionable remediation guidance across distributed services.
Advanced a Security-as-Code approach by operationalising SAST, SCA, DAST and container security scanning (Trivy) within CI/CD pipelines, reducing remediation timelines by 30% and improving DevSecOps Maturity.
Analysed security risks in LLM-based application components, identifying prompt injection and input validation weaknesses, and recommending mitigation strategies aligned with secure design practices.
Conducted AWS security assessments, validating cloud controls and influencing remediation to strengthen overall cloud risk posture.
Performed threat modelling and secure design reviews using STRIDE to identify attack surfaces during early architecture phases and influence secure design decisions prior to release.
Participated in risk discussions with stakeholders, translating technical vulnerabilities into business impact and supporting prioritisation of remediation activities.

SAST/SCAThreat ModellingDevSecOpsMicroservices

Oct 2021 – Dec 2022

Product Security Analyst

Temenos AG

Chennai, India · FinTech / Banking

Led security impact analysis during the Log4j incident across 30+ banking services, identifying exploit paths, validating compensating controls, and prioritising remediation to minimise risk.
Identified recurring vulnerability patterns across core and digital banking platforms, translating findings into actionable remediation guidance to support secure design decisions.
Analysed and validated static analysis findings using Checkmarx, identifying false positives and refining results to support accurate mitigation and secure release decisions in a regulated banking environment.
Partnered with product, engineering, and risk teams to align vulnerability findings with security controls, providing clear remediation guidance and enabling secure and compliant releases in regulated environments.

PCI-DSSVuln TriageAppSec Governance

Jul 2020 – Sep 2021

Security Associate

ByteBlanket

Remote, UAE · Security Consulting

Conducted web application security assessments for banking and enterprise clients, identifying and validating authentication, authorisation, and input validation vulnerabilities aligned with OWASP Top 10.
Presented security assessment findings directly to client stakeholders, delivering remediation guidance and secure coding recommendations across banking and enterprise engagements.

Pen TestingOWASPConsulting

Education

Academic Background

Formal grounding in cybersecurity engineering and computer science.

MSc Cyber Security Engineering

University of Warwick

Oct 2024 – Oct 2025

🏛 NCSC Certified★ Warwick Award

Relevant Modules

Penetration TestingAutomotive CyberSecurityGovernance, Risk and Compliance

Dissertation: Designed and evaluated a hybrid intrusion detection framework incorporating structured threat modelling, attack simulation, and risk-based security evaluation.

Bachelor of Engineering in Computer Science

Anna University

Aug 2016 – Apr 2020

Foundation in computer science, algorithms, and software engineering principles that underpin current security engineering practice.

Arsenal

Skills & Expertise

What I do and the tools I use to do it, across offensive security, application security, and engineering.

Application Security Penetration Testing API Security Red Teaming DevSecOps

Offensive & Red Team

Burp Suite Metasploit Nmap ffuf SQLmap Nuclei C2 Frameworks Lateral Movement Privilege Escalation Payload Crafting OSINT OT/IoT Security ICS Pentesting

AppSec & API

OWASP Top 10 OWASP API Top 10 SAST / DAST / SCA Checkmarx Semgrep Mend (WhiteSource) JWT Attacks GraphQL Security SSRF IDOR Secure Code Review

Governance & Standards

ISO 27001 NIST CSF PCI-DSS STRIDE CVSS PTES OWASP ASVS Threat Modelling

Languages & Cloud

Python Bash JavaScript Java AWS Security Container Security CI/CD Security

Open Source

Projects

Security research and engineering projects, built in public and shared with the community.

Hybrid IDS for CAN Bus Networks

A lightweight hybrid intrusion detection system for connected vehicles. Simulates five real-world CAN bus attacks, comparing rule-based and machine learning approaches. Achieves 98% accuracy with 2.1ms detection latency.

Secure Network Design

Designed and implemented a secure corporate network for Tech Zolutions Inc. Covers VLANs, OSPF routing, ZPF firewall, extended ACLs, site-to-site IPsec VPN and TACACS+ AAA. Simulated in Cisco Packet Tracer.

Pentest Automation Toolkit

A practical toolkit to automate reconnaissance and basic web security testing. Includes subdomain enumeration, port scanning, directory brute forcing, JavaScript analysis, and automated report generation. Designed to streamline repetitive tasks during security assessments.

Leadership

Community & Influence

Building security knowledge and culture beyond the day job, through community, mentorship, and open-source contribution.

Community Founder · Rootecstak

Founder and lead of Rootecstak, a 500+ member cybersecurity community organising hands-on workshops, CTF events, and technical seminars. Actively mentor beginners and early-career professionals in building practical security skills and launching cybersecurity careers.

Explore the Community →

Public Speaker

Delivered 50+ security talks and hands-on workshops covering application security, threat modelling, and DevSecOps practices. Audiences include enterprise engineering teams, universities, and industry conferences.

Mentorship

Support aspiring and mid-career security professionals transitioning into product and application security roles through structured career guidance, hands-on technical coaching, and mock technical interviews.

Book a 1:1 Session →

OWASP Chapter Leader

Chapter Leader of the OWASP Cuddalore Chapter, organising local meetups, security awareness events, and hands-on sessions to grow the security community at the grassroots level.

Open to Collaboration

Interested in working together?

I'm available for Guest Lectures, Workshops, Student Mentoring, and conversations around Community Building in Cybersecurity — whether at universities, bootcamps, or industry events. If you're organising something and think I'd be a good fit, I'd love to hear from you.

Get in Touch →

Security Portfolio

Hands-On Practice

Continuous skill development through offensive security platforms and real-world machine exploitation labs.

THM

TryHackMe

Top 1%

Check Profile →

Top 1%

Global Rank

325+

Rooms

265+

Day Streak

Hands-on offensive and defensive security labs covering web exploitation, network pentesting, OSINT, and red team techniques.

Web ExploitationPrivilege EscalationActive DirectoryOSINT

HTB

Hack The Box

Script Kiddie

Check Profile →

Script Kiddie

Rank

Machines

Challenges

Real-world machine exploitation and challenge labs focused on penetration testing techniques and CTF problem solving.

Machine ExploitationCTFEnumerationPrivilege Escalation

PortSwigger Web Academy

Apprentice Level

125/270

Labs Completed

Apprentice

Level

Hands-on web security labs covering SQL injection, XSS, CSRF, authentication flaws, access control, and more. Built by the creators of Burp Suite.

SQL InjectionXSSAuthenticationAccess Control

Accomplishments

Recognition & Achievements

WMG

Excellence Scholarship

Awarded the WMG Excellence Scholarship at the University of Warwick in recognition of academic merit and potential in cybersecurity.

Award

Warwick Award

Recognised for outstanding engagement in the Skills+ Development Programme, completing 100+ hours of employability-focused training.

10+

CTF Challenges

Competed in and completed 10+ Capture The Flag challenges across global and regional cybersecurity competitions.

OSS

Open Security Summit Membership Award

Recognised with membership award at the Open Security Summit for contributions to the open security community and collaborative security research.

CSI

Student Icon Award

Awarded by the Computer Society of India for sustained leadership and contributions to the CSI Club over three consecutive years.

Recommendations

What People Say

Recommendations from industry leaders, professors, and the security community.

Rakesh is one of the most inspiring personalities I have come across in the cybersecurity space. He is not just a cybersecurity professional. He is a deep researcher with exceptional command over both offensive and defensive security domains. His ability to dive deep into complex security challenges, break them down, and produce meaningful research is truly remarkable. Through ROOTECSTAK and his various community initiatives, he has been a core driving force behind creating an active, vibrant cybersecurity community in Chennai.

Arulselvar Thomas

CEO · Briskinfosec

View on LinkedIn ↗

Mr. Rakesh is an enthusiastic student since the day I got connected with him when he was playing a technical role in the CSI chapter. He was very keen in the Security domain and had done a good number of projects. He is very active and ready to contribute to the students community. I have admired his commitment, dedication and mentoring the students in the Security domain.

Jeyaprabha T J

Associate Professor · Sri Venkateswara College of Engineering