Gautam Patil

Application Security Engineer | DevSecOps | Cloud & CI/CD Security

Application Security Engineer at PTC with hands-on experience securing enterprise products including ServiceMax and Onshape across multiple applications. Proven expertise in identifying design and implementation vulnerabilities through threat modeling, design reviews, secure code analysis, and automated security testing. Strong foundation in DevOps and cloud-native security, with prior experience building CI/CD pipelines and deploying applications on AWS.

Adept at collaborating with engineering teams to embed security into the SDLC and drive secure-by-design initiatives. Bachelor’s degree in Computer Science Engineering with a passion for continuous learning and staying current with emerging security threats and technologies. Outside of work, I enjoy 3D design, swimming, and reading, which help foster creativity and problem-solving skills.

Experience

PTC, Pune

Associate Information & Cybersecurity Analyst
07/2024 - Present

• Performed Source Code Analysis, Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST) using tools such as Burp Suite, OWASP ZAP, Black Duck, OWASP Dependency-Check, Checkmarx, and Veracode.
• Implemented Checkmarx & Black Duck source code analysis automation and JIRA integration using Python APIs; automated workflows with GitHub Actions and Jenkins to streamline vulnerability tracking and reduce manual effort.
• Conducted secure code reviews for web and mobile applications, identifying vulnerabilities such as XSS, SQL Injection, CSRF, insecure authentication, and authorization flaws.
• Developed a Security Requirements AI Agent using Large Language Models (LLMs) and Retrieval-Augmented Generation (RAG) to automatically map OWASP ASVS security requirements to features and stories with high accuracy.
• Built and maintained threat models during the design phase to identify potential attack vectors early in the SDLC.
• Designed and implemented a Custom PenTest AI Tool leveraging Model Context Protocols (MCP), Agentic AI, and function calling, powering an automated reconnaissance assistant and reducing manual offensive security effort by ~20%.
• Solved critical security vulnerabilities, strengthening overall application security posture.
• Implemented Content Security Policy (CSP) to enhance protection against cross-site scripting and client-side vulnerabilities.
• Led security design reviews for new applications and features to identify risks early in the SDLC.
• Automated OWASP ZAP scanning using Python and integrated it into CI/CD pipeline across Development, Staging, and Production environments.

Skills

Projects

Docly (opens in a new tab) (opens in a new tab)

Docly is your secure, browser-based document organizer. Effortlessly capture, organize, and manage your important personal documents with Docly. All data stays on your device.

ReactNode.jsMongoDBJWT Authentication

EduMaterials (opens in a new tab) (opens in a new tab)

Documentation Template with React with & Firebase Authentication. (Used by FYMaterials, SYMaterials, TYMaterials)

DockerReactFirebaseMongoDB

REZUME (opens in a new tab) (opens in a new tab)

Your Personalized Resume Hosting Platform. Create your own personalized resume website in minutes.

ReactFirebaseDockerKubernetesCloudfare

PictoPixie (opens in a new tab) (opens in a new tab)

Your Goto AI Buddy to solve questions with help of images and PDF files.

GeminiAIFastAPIReactDockerMongoDB

LofiPomo (opens in a new tab) (opens in a new tab)

Lofipomo is a MERN (MongoDB, Express, React, Node) full-stack web application designed to enhance productivity by combining a variety of features.

ReactMongoDBExpressJSNodeJS

EBikeStore (opens in a new tab) (opens in a new tab)

The EBikeStore is a comprehensive web platform designed to provide users with a wealth of information about electric bikes and scooters available in India

DjangoTailwindCSPostgreSQL

ShortStories (opens in a new tab) (opens in a new tab)

ShortStories, a delightful online platform created with ReactJS to bring you an exquisite collection of short stories. Explore, read, and get lost in the magic of short stories at ShortStories.

ReactDjangoDjango-rest-frameworkvercel

FYMaterials (opens in a new tab) (opens in a new tab)

FYMaterials is a comprehensive web application designed to cater to the academic needs of first-year students at GH Raisoni College of Engineering Pune.

DjangoMkdocs MaterialReactDocker

Short-Stories-API (opens in a new tab) (opens in a new tab)

The Short Stories API is a robust and versatile API that provides developers access to a vast collection of captivating short stories across multiple genres.

DjangoDjango-rest-frameworkAPIDocker

Certifications

• Application Security for Developers (opens in a new tab) by Not So Secure - Nov 2025

• MongoDB Node.js Developer Path (opens in a new tab) by MongoDB University - Jan 2024

• Full Stack Development (opens in a new tab) by University of Helsinki - Oct 2023

• Introduction to GitOPs (opens in a new tab) by The Linux Foundation - Mar 2024

• Linux Essentials (opens in a new tab) by CISCO - Apr 2023

• Docker Projects (opens in a new tab) by Great Learning - Mar 2023

• Introduction to DevOps (opens in a new tab) by Great Learning - Feb 2023

• Problem Solving with Programming (opens in a new tab) by Hackerrank - Aug 2022

• Scientific Computing with Python (opens in a new tab) by Free Code Camp - Jul 2022

• Postman API Fundamentals Expert (opens in a new tab) by Postman University - June 2024

• Jira Fundamentals (opens in a new tab) by Atlassin University - May 2024

Education

Bachelor of Technology in Computer Science

• Institution: Pune University
• CGPA: 8.83
• Honors: Artificial Intelligence and Machine Learning

HSC (12th Standard)

• Board: CBSE
• School: Lexicon International School
• Percentage: 84%