About Shantanu Ghumade

Who I Am

I am Shantanu Ghumade, better known in the cybersecurity community as SecurityJunky.

I am a Security Tech Lead - Security Assurance at Deriv with over 6 years of experience scaling security practices for high-growth tech companies. I focus on application security, secure code and architecture review, cloud hardening, DevSecOps, and AI-driven security automation.

I am a "builder" at heart. While my foundation is in breaking systems, my passion has evolved into building automated security ecosystems that leverage Artificial Intelligence (LLMs & RAG) to solve complex security operational challenges.

Professional Expertise

• Offensive Security: OSCP, OSWE, and CREST CRT certified. I specialize in deep-dive penetration testing for Web, Mobile (Android/iOS), and APIs.
• Cloud Hardening: Extensive experience in securing AWS, GCP, and Alibaba Cloud environments using automated CSPM and CIS-aligned controls.
• DevSecOps: Building and maintaining security in the SDLC, from custom SAST/DAST pipelines to automated secret scanning and IaC security.
• AI Automation: Developing RAG-based security agents for threat intelligence, vendor risk management, and automated vulnerability triage.

Key Projects & Research

AI & Automation

• HackerOne Triage Bot: An automated agent designed to prescreen bug bounty reports, significantly reducing manual triage time.
• Threat Intel Feed: An AI-driven intelligence system that tailors threat feeds to specific tech stacks for proactive risk identification.
• Internal Security Assistant: A RAG-based knowledge assistant for employees to query internal security policies.

Open Source Tools

• JSSCANNER: A specialized tool for scanning JavaScript files to identify exposed endpoints and secrets.
• FFUFPLUS: Enhanced automation for web fuzzing and directory discovery.
• CVENOTIFIER: Real-time tracking and notification system for critical vulnerabilities.

Career Timeline

• Security Tech Lead - Security Assurance @ Deriv (Apr 2026 – Present) Leading security assurance across AppSec, AI security automation, cloud hardening, and DevSecOps.
• Senior Security Engineer @ Deriv (Jan 2023 – Apr 2026) Focused on cloud hardening, AI security automation, secure reviews, bug bounty operations, and DevSecOps.
• Lead Security Consultant @ SecureLayer7 (2020 – 2023) Led 50+ security assessments for global clients and managed consultant teams.
• B.Tech in Computer Engineering (2015 – 2019) Government College of Engineering, Jalgaon.

Connect With Me

I'm always open to discussing AppSec, AI, or the latest security research.

• Twitter: @dark_warlord14
• GitHub: dark-warlord14
• LinkedIn: Shantanu Ghumade
• Medium: @dark_warlord14
• Resume: resume.aivault.securityjunky.com
• Chromium VRP Archive: vrp-reports.aivault.securityjunky.com
• ZDI Advisories: zdi-dashboard.pages.dev
• PolyLens: polylens.aivault.securityjunky.com