Bangalore, India · DevOps Engineer

Hi, I'm Gokul A P.I build platforms that ship safely.

Software Engineer, DevOps at Moveworks — working on Kubernetes deployment automation and resource rightsizing. On the side, I hunt bugs, maintain open-source security tooling, and built devops-ctf.com.

GoogleHall of Fame100+vulnerabilities disclosed60+OSS projects

View my work Download Resume Get in touch

scroll

01 / about

A DevOps Engineer with a security mindset.

DevOps is the day job — Kubernetes, ArgoCD, deployment automation. Security is how I think about the systems I build: defensible by default, with the tooling to prove it.

ID_0x57899332

GOKUL A P

Software Engineer, DevOps

Bangalore, India

I'm a DevOps engineer with four years of production experience across site reliability and applied security research. Most of my work lives in Python, Go, and shell — infrastructure automation that turns slow, manual engineering workflows into fast, repeatable pipelines.

At Moveworks, I work on the DevOps team — deployment automation on Argo Workflows, CI guardrails for Kubernetes manifests, and Kubecost-driven resource rightsizing across production and gov environments. Before that, a year and a half as an SRE at ShopUp — cluster security hardening, Helm-based CI/CD, and Teleport-backed access infrastructure.

On the security side, I've been hunting bugs in production web systems since college — a mix of public bug-bounty programs and private engagements. That research tends to show up in open-source tooling I maintain: Reconator (automated reconnaissance for pentesters) and bugbounty-mcp-server (an MCP server that brings offensive-security tooling directly into LLM agents).

Outside work, I'm building devops-ctf.com — a Capture-The-Flag platform built for DevOps engineers, where each challenge drops you into a per-user sandbox to debug a realistic production incident. It's the closest thing I've shipped to a full product.

DevOps

·Kubernetes · Docker · Helm
·ArgoCD · Argo Workflows
·AWS · Terraform · Atlantis

Security

·Pentesting · Bug Bounty
·Trivy · Snyk · Kyverno
·Burp · OWASP ZAP

Automation

·Python · Go · Bash
·FastAPI · Selenium
·LLM agents · MCP

02 / stack

A toolkit for shipping & hardening at scale.

The stack I've used in production — opinions earned the hard way.

Languages & Frameworks

PythonGoBashTypeScriptFlaskDjangoFastAPISelenium

DevOps & Orchestration

KubernetesHelmKustomizeDockerPodmanTerraformAtlantisArgoCDArgo WorkflowsIstioKedaBazel

CI / CD

GitHub ActionsJenkinsCircleCITravis CIArgoCDArgo Workflows

Security Tooling

Burp SuiteOWASP ZAPMetasploitTrivySnykPingSafeHackTheBoxTryHackMe

Cloud

AWSGoogle CloudAzureDigitalOceanFirebaseHerokuVercelNetlify

Observability & Platform

PrometheusGrafanaVictoriaMetricsOpenSearchKafkaHashiCorp VaultTeleportKyvernoOPACloud CustodianKubecostPagerDuty

Databases

PostgreSQLMySQLOracleSQLSQLiteRedisMongoDB

Kubernetes·ArgoCD·Terraform·Python·Go·Vault·Kyverno·OPA·Trivy·Snyk·Burp Suite·Metasploit·Prometheus·Grafana·Docker·Helm·Istio·Keda·AWS·GCP·Azure·Cosign·OWASP ZAP·MCP·Kubernetes·ArgoCD·Terraform·Python·Go·Vault·Kyverno·OPA·Trivy·Snyk·Burp Suite·Metasploit·Prometheus·Grafana·Docker·Helm·Istio·Keda·AWS·GCP·Azure·Cosign·OWASP ZAP·MCP·

03 / pipeline

How I ship code, safely.

Every code change goes through six automated checks before it reaches users. If any step fails, the change stops — it never touches production. Here's what each step does.

STAGE 01

COMMIT

PR + review

Signed commits, code review, CI tests pass before merge.

STAGE 02

BUILD

container + SBOM

Reproducible container builds with a software bill of materials.

STAGE 03

SCAN

Trivy · Snyk · Kyverno

CVE scans, secret detection, IaC policy — critical findings block the pipeline.

STAGE 04

SIGN

Cosign keyless

Signatures via GitHub OIDC — no long-lived keys to rotate.

STAGE 05

DEPLOY

ArgoCD canary

GitOps sync to the cluster, progressive canary rollout to production.

STAGE 06

OBSERVE

Prometheus · Grafana

SLO tracking with error budgets; auto-rollback on regression.

COMMITPR + review

Signed commits, code review, CI tests pass before merge.

BUILDcontainer + SBOM

Reproducible container builds with a software bill of materials.

SCANTrivy · Snyk · Kyverno

CVE scans, secret detection, IaC policy — critical findings block the pipeline.

SIGNCosign keyless

Signatures via GitHub OIDC — no long-lived keys to rotate.

DEPLOYArgoCD canary

GitOps sync to the cluster, progressive canary rollout to production.

OBSERVEPrometheus · Grafana

SLO tracking with error budgets; auto-rollback on regression.

[commit]Signed commits, code review, CI tests pass before merge.

04 / projects

Things I've shipped that other people use.

Open-source tooling, a live platform, and security research — with live GitHub metrics.

8 projects

LIVEFLAGSHIP

DevOps CTF

Interactive Capture-The-Flag platform where engineers debug realistic production incidents in a browser-based terminal — CrashLoopBackOffs, broken Helm releases, leaked secrets, flaky CI pipelines, and more. Real kubectl / helm / terraform inside per-user Kubernetes sandboxes.

ReactDjangoPostgreSQLRedisKubernetesxterm.jsTerraform

DevOpsPlatformSecurity

www.devops-ctf.comlive

FEATURED

Reconator

Automated reconnaissance framework for pentesting & bug bounty — orchestrates 20+ tools into a single pipeline.

SecurityAutomationCLI

435227Python

FEATURED

bugbounty-mcp-server

Comprehensive MCP server for bug-bounty hunting — brings pentesting tooling directly into LLM agents.

SecurityAIAutomation

298Python

wappalyzer-cli

Fast CLI re-implementation of Wappalyzer — identifies web technologies in bulk scans.

SecurityCLI

7024Python

Pentesting-Resources

Curated collection of pentesting and bug-bounty resources used daily by hunters.

Security

5012

kustomize_to_helm

Framework for migrating large Kustomize estates to Helm charts without manual rewrites.

DevOpsAutomation

00Python

submax

All-in-one subdomain enumeration utility — fan-out to multiple sources, de-duplicate, resolve.

SecurityCLI

218Shell

bugdork

Google-dorking engine for vulnerability discovery — parameterized dork packs for common CWEs.

SecurityAutomation

197Python

All 60+ repos on GitHub

05 / experience

Where I've shipped.

Roles across DevOps and Site Reliability Engineering.

Senior Software Engineer, DevOps
Moveworks·Bengaluru, Karnataka · On-site
Mar 2026 — Present
- Led Kubernetes resource rightsizing across production and gov environments using Kubecost; built Grafana dashboards and alerts that surface under- and over-utilised workloads across hundreds of services.
- Hardened CI validation for Kubernetes manifests and ArgoCD apps; introduced HA instance families for Spot node groups to reduce interruptions on non-prod clusters.
KubernetesAWSKubecostGrafanaArgoCD
Software Engineer, DevOps
Moveworks·Bengaluru, Karnataka · On-site
Aug 2024 — Mar 2026
- Built deployment automation on Argo Workflows (workflow utilities, input validation, CI dry-run checks) for multi-region Kubernetes clusters; migrated pipelines from Jenkins to Argo and drove the Kustomize → Helm migration across platform services.
- Led a large-scale AWS RDS PostgreSQL upgrade (v12 → v16) across ~480 instances, 5 regions and 11 environments; shipped Cloud Custodian policies with Slack alerts to clean up unused AMIs, EBS volumes, and idle resources.
Argo WorkflowsKubernetesAWSHelmKustomizeCloud Custodian
Site Reliability Engineer 1
ShopUp·Bengaluru, Karnataka · On-site
Jun 2023 — Aug 2024
- Hardened Kubernetes security — migrated all application pods to run as non-root and moved authentication to GCP Workload Identity for keyless access from workloads and GitHub Actions.
- Built Trivy-based vulnerability-scanning pipelines that auto-open remediation PRs; designed Helm-based CI/CD and deployed internal platform tooling (SonarQube, OpenMetadata, Apache Flink).
GCPKubernetesTrivyHelmCI/CD
Site Reliability Engineer Intern
ShopUp·Bengaluru, Karnataka · On-site
Dec 2022 — Jun 2023
- Implemented centralised infrastructure access via Teleport (Kubernetes, MySQL, PostgreSQL) with GitHub Teams integration for role-based access.
- Built automated security-testing pipelines (URL fuzzing) and hardened internal API security — strengthened CORS and HTTP headers, remediated findings from internal and third-party assessments.
TeleportKubernetesGCPPython

06 / wins

Recognitions, disclosures, and receipts.

Work I'm proud of — and the numbers that back it.

Vulnerabilities Disclosed

Years Engineering

OSS Projects

RECOGNITION

Google Hall of Fame

Recognised for reporting a security vulnerability in Google Hangouts.

BUG BOUNTY

100+ Vulnerabilities · ₹20L+ in rewards

Responsibly disclosed across public and private bug-bounty programs — spanning auth bypass, IDOR, SSRF, and cloud misconfigurations.

PRODUCT

DevOps CTF — Launched

Built and launched devops-ctf.com — production platform with per-user Kubernetes sandboxes and real DevOps tooling in-browser.

OPEN SOURCE

Reconator — Open Source

Automated reconnaissance framework used by bug-bounty hunters worldwide.

RESEARCH

Docker & Cloud Research

Identified Docker security flaws and cloud misconfigurations; shipped Trivy-based scanning & remediation automation.

COMMUNITY

60+ OSS Projects

Security, DevOps, and automation tooling — free, permissively licensed, and actively maintained.

hands-on

Or, try the terminal.

Every DevOps engineer lives in a prompt. Type `help` to start.

helpwhoamiskillsprojectssudo hire-me

~/gokul — zsh — 120×30

↑/↓ history · Tab complete · Ctrl+L clear

$ Welcome. This shell is interactive.

Type help for commands, or try whoami, projects, sudo hire-me.

gokul@devsecops:~$

07 / contact

Let's build something together.

Consulting, full-time roles, open-source collaboration, or security research — the inbox is open.

primary

send a message