RÉSUMÉ

Koushik Kotamraju

Sr. Technical Security Engineer · Yahoo!

CERTIFICATIONS

TECHNICAL STACK

Senior Technical Security Engineer

• —Own end-to-end lifecycle of 200+ active Python/Lambda detection signatures across AWS accounts — sustaining a 0% false-positive rate at account scale while continuously expanding coverage as the threat landscape evolves. Authored the AWS security baseline release: CIS-benchmarked controls across Lambda, ECS, S3, KMS, IAM, and VPC — the largest single coverage expansion in program history — each grounded in a MITRE ATT&CK gap analysis against real-world attack techniques sourced from cloud incident response data. Detection fleet deployed via Terraform-controlled infrastructure for reproducible, auditable rollout — enabling machine-speed detection and response across the full cloud account estate.
• —Architected an AI-native IAM audit agent — a production tool-calling skill that uses Boto3 to enumerate live AWS IAM configurations, traverses the privilege graph across 65+ escalation paths and 10 vulnerability classes, and applies LLM semantic reasoning to surface transitive permission chains and policy conditions that rule-based tools cannot evaluate. Generates risk-ranked remediation reports. Benchmarked against GOAT (open-source AWS IAM privilege escalation benchmark): 100% recall (32/32 findings), 0% false positives — eliminating the manual IAM review cycle.
• —Designed and shipped an agentic SOAR-style cloud security review platform that sharply reduced per-review effort — scaling threat modeling and security architecture review throughput to 120+ reviews across all business units with a small team, eliminating a multi-week backlog. Engineered a cross-ticket intelligence layer from a large corpus of historical security review tickets — 1,700+ knowledge nodes across many security domains, technology stacks, and application profiles — as the retrieval backbone for an autonomous review agent with passive detection rules, slash commands, and bidirectional MCP integration with Jira and Confluence. Established as the team's standard review methodology; scales security coverage without additional headcount.
• —Architected an autonomous threat intelligence pipeline using multi-agent orchestration across 19 foundation models and 5 providers — a performance-weighted model router dynamically assigns each stage (triage → analyze → decompose → peer review → synthesize) to the highest-performing model for that task, updating allocation weights after every run. Replaced a fully manual research process: 59 vetted security initiative proposals generated at $1.40/run — 55% cheaper than single-model approaches — with multi-persona peer review built into the evaluation chain.
• —Shipped a full-stack AI-augmented CSPM operations platform (FastAPI + Databricks SQL, 45 API endpoints) enabling autonomous alert triage and LLM-driven change request validation against policy baseline — adopted as the team's primary operational workflow. A deterministic AI advisor trained on 2,171 historical cloud security tickets powers a 4-signal scoring model (confidence clamped 5–95%) with a hard deny gate for 6 critical baseline categories where auto-remediation is never appropriate; auto-validates security configuration changes and eliminates manual review cycles at scale.
• —Pioneered a graph-theoretic framework for AI-driven IAM toxic combination dissolution — cataloguing 62 toxic combinations across 8 attack categories with MITRE ATT&CK mappings, and developing the minimum cut-set method that identifies the keystone permission whose removal collapses an entire privilege escalation chain without disrupting legitimate access. Enables deterministic security controls for AI agents operating on IAM configurations, providing a policy-as-code enforcement foundation for auto-remediation workflows.
• —Designed and shipped Artemis — a CNAPP-class AI Security Posture Management (AI-SPM) platform spanning 2,800+ AWS and GCP accounts — unifying AWS Security Hub, GCP Security Command Center, and Kubernetes/EKS workload findings into an AI-enriched attack path graph. Surfaces toxic IAM combinations, crown-jewel exposure, and CWPP-level workload risk trends across business units; maps findings to MITRE ATT&CK techniques and generates prioritized AI-driven remediation backlogs consumed by 4 engineering teams — delivering AI-powered posture management at enterprise scale.

Cyber Security Architect

• —Designed multi-account cloud infrastructure using AWS Transit Gateway, VPC Peering, and AWS SSO for API, ML, and data-crawling applications.
• —Built secure CI/CD pipelines with AWS Step Functions, GitLab, and CodeCommit across accounts using robust IAM roles.
• —Managed GuardDuty, Security Hub, and Inspector for SecOps while aligning hybrid cloud infrastructure with compliance standards.
• —Built cloud-based honeypots (Cowrie, ssh-honeypot, MongoDB) feeding threat intelligence data for client security programs.

Cyber Security Intern → Team Lead

• —Led cloud infrastructure and security teams through cloud migration, security training, and product development.
• —Configured complex network routing for physical data center environments using CISCO Firewalls, Unifi routers, and CISCO switches.

Systems Engineer

• —Developed Dell Boomi cloud integration workflows for EDI-JSON mapping for a US logistics client.
• —Optimized integration workflows to run 80% faster through automated ingestion of transactional EDI data.