01 — about

Hi, I'm Advait Marathe,
a full-stack security engineer.

A decade across AppSec, cloud security, DevSecOps, vulnerability management, and incident response at startups and public companies. I design and deliver security solutions and work directly with the teams building the product.

get in touch resume ↗ github ↗

02 — highlights

CTF program

Ran org-wide CTF competitions to build AppSec awareness across the engineering team, making security culture more proactive.

appsec culture engineering enablement

Vuln management automation

Built a Python pipeline for vuln tracking and SLA enforcement that eliminated all manual ticket overhead and achieved 100% coverage across every service.

python vuln management automation

CI/CD security integration

Integrated SAST, secrets scanning, and container scanning into all CI/CD pipelines org-wide. Zero secrets in pipelines post-rollout.

devsecops sast ci/cd

Vuln reporting platform

Built automated vulnerability reporting tooling for 12,600 employees using Python (Django) and the Qualys API during a software engineering internship on the security operations team.

python django qualys

03 — experience

Jan 2025 — present

ASAPP

  • Led supply chain attack remediation and response across all teams and services.
  • Defined LLM acceptable use policies and led security remediation for AI tooling including Claude Code — covering prompt injection, data leakage, and third-party model risk.
  • Led architecture reviews on complex systems at scale; findings required deep system-level analysis, not surface-level scanning.
  • Ran org-wide CTF competitions to build AppSec awareness across the engineering team.

Aug 2023 — Dec 2024

Eltropy

Sr. Security Engineer

  • Resolved a product security issue blocking an enterprise renewal; saved ~$200k ARR.
  • Joined the Enterprise Architecture group as security SME for product platform decisions.

May 2022 — Aug 2023

SentiLink

Security Engineer

  • First security hire — owned AppSec, vuln management, and secure development practices from day one.
  • Automated vuln tracking and SLA enforcement in Python; eliminated manual overhead and reached 100% coverage across all services.

Nov 2018 — May 2022

Q2

Security Engineer / DevSecOps

  • Ran WebApp pentests across 5 products; found OWASP Top 10 issues including XSS and CSRF across multiple codebases.
  • Integrated SAST, secrets scanning, and container scanning into all CI/CD pipelines org-wide — zero secrets in pipelines post-rollout.
  • Automated repetitive security tasks with Python and F5 APIs; saved $27k/year.

May 2017 — Aug 2017

eBay

Software Engineer Intern — Security Operations

  • Built automated vuln reporting for 12,600 employees using Python (Django) and Qualys.

04 — contact

GitHub @advmarathe LinkedIn advmarat

05 — certifications & tools

Certifications

  • SANS GIAC GCSA
  • SANS GIAC GSEC

Tools & Platforms

  • AWS
  • Python
  • Kubernetes
  • Docker
  • Burp Suite

Compliance

  • PCI DSS
  • SOC 2
  • HIPAA