About Shantanu Ghumade

Who I Am

I am Shantanu Ghumade, better known in the cybersecurity community as SecurityJunky.

I am a Senior Application Security Engineer with over 6 years of experience in scaling security practices for high-growth tech companies. Currently, I serve as a Senior Security Engineer at Deriv in Cyberjaya, Malaysia, where I lead end-to-end security for cloud, web, and mobile products.

I am a "builder" at heart. While my foundation is in breaking systems, my passion has evolved into building automated security ecosystems that leverage Artificial Intelligence (LLMs & RAG) to solve complex security operational challenges.

Professional Expertise

• Offensive Security: OSCP, OSWE, and CREST CRT certified. I specialize in deep-dive penetration testing for Web, Mobile (Android/iOS), and APIs.
• Cloud Hardening: Extensive experience in securing AWS, GCP, and Alibaba Cloud environments using automated CSPM and CIS-aligned controls.
• DevSecOps: Building and maintaining security in the SDLC, from custom SAST/DAST pipelines to automated secret scanning and IaC security.
• AI Automation: Developing RAG-based security agents for threat intelligence, vendor risk management, and automated vulnerability triage.

Key Projects & Research

AI & Automation

• HackerOne Triage Bot: An automated agent designed to prescreen bug bounty reports, significantly reducing manual triage time.
• Threat Intel Feed: An AI-driven intelligence system that tailors threat feeds to specific tech stacks for proactive risk identification.
• Internal Security Assistant: A RAG-based knowledge assistant for employees to query internal security policies.

Open Source Tools

• JSSCANNER: A specialized tool for scanning JavaScript files to identify exposed endpoints and secrets.
• FFUFPLUS: Enhanced automation for web fuzzing and directory discovery.
• CVENOTIFIER: Real-time tracking and notification system for critical vulnerabilities.

Career Timeline

• Senior Security Engineer @ Deriv (2023 – Present) Focused on Cloud Hardening, AI Security Automation, and DevSecOps.
• Lead Security Consultant @ SecureLayer7 (2020 – 2023) Led 50+ security assessments for global clients and managed consultant teams.
• B.Tech in Computer Engineering (2015 – 2019) Government College of Engineering, Jalgaon.

Connect With Me

I'm always open to discussing AppSec, AI, or the latest security research.

• Twitter: @dark_warlord14
• GitHub: dark-warlord14
• LinkedIn: Shantanu Ghumade