Gokul A P
devops · security

SR. SOFTWARE ENGINEER · DEVOPS

Gokul A P

I build platforms that ship safely.

gokul-ap / devops Healthy
status Running
role Sr. Software Engineer · DevOps
environment Moveworks · production
region Bengaluru, IN · multi-cloud
scope Kubernetes fleets · GitOps · DevSecOps
mission Reliable infrastructure & Secure platforms
View work Resume
Portrait of Gokul A P, Senior Software Engineer, DevOps
FIG.01 — operator● bengaluru · in
01

System overview

Senior Software Engineer (DevOps) at Moveworks, Bengaluru. Previously an SRE at ShopUp, keeping high-traffic commerce infrastructure fast and reliable under real load.

I work where DevOps engineering meets security: multi-cloud Kubernetes, GitOps, and policy-as-code, with automation that deletes toil. Every system is designed around its blast radius — failure should be small, contained, and recoverable.

Off the clock I hunt bugs — 100+ disclosed, a Google Hall of Fame listing, and rewards across leading programs — and ship open source, including a DevOps CTF.

  • Kubernetes
  • Terraform
  • ArgoCD
  • Helm
  • Docker
  • AWS
  • Argo Workflows
Portrait of Gokul A P, Senior Software Engineer (DevOps)
FIG.02 — operator● bengaluru
role
senior-devops
org
moveworks
focus
devops · security
phase: Running
manifest.yaml
apiVersion: devops.gokul.dev/v1
kind: Engineer
metadata:
name: gokul-ap
namespace: moveworks
labels:
role: senior-devops
focus: devops-security
spec:
specializes:
- kubernetes
- devops-engineering
- security
- automation
mission: "ship platforms safely"
status:
phase: Running
hallOfFame: true
vulnerabilitiesDisclosed: 100+
ready: true
engineer/gokul-ap configured · applied
02

Resources

A provisioned catalog of the platforms, runtimes and tooling I operate — browsed like a cloud console, grouped by kind.

kind: Cluster DevOps Engineering
Healthy region: multi-cloud 8 namespaces
kind: Pods Compute & Orchestration 5 services
  • Kubernetesorchestration
  • Dockercontainers
  • Helmpackaging
  • Kustomizeoverlays
  • Argo Workflowspipelines
kind: Service Networking 3 services
  • Istioservice mesh
  • AWS VPCcloud network
  • NGINX Ingressedge routing
kind: Deployment Delivery & GitOps 4 services
  • ArgoCDgitops cd
  • Atlantistf automation
  • Terraformprovisioning
  • Kedaautoscaling
kind: Provider Cloud Providers 5 services
  • AWSprimary
  • GCPcloud
  • Azurecloud
  • DigitalOceancloud
  • Herokupaas
kind: StatefulSet Storage & Databases 5 services
  • PostgreSQLrelational
  • MySQLrelational
  • Rediscache
  • MongoDBdocument
  • SQLiteembedded
kind: Policy Security 6 services
  • OPApolicy
  • Kyvernopolicy
  • Trivyscanner
  • Snyksca
  • Burp Suiteweb pentest
  • OWASP ZAPdast
kind: Monitor Observability 6 services
  • Prometheusmetrics
  • Grafanadashboards
  • VictoriaMetricstsdb
  • OpenSearchlogs
  • Vaultsecrets
  • PagerDutyincidents
kind: Runtime Languages 4 services
  • Gobackend
  • Pythontooling
  • Bashscripting
  • C++systems
$ kubectl get all --all-namespaces  ·  38 services across 8 kinds  ·  status: Ready
03

Impact

Impact / impact-overview Last 6 years ▾Live
Google HoF
HoF

Listed in Google’s Security Hall of Fame.

recognition
verified
Vulnerabilities
0+

Security issues responsibly disclosed.

vulns · disclosed
Bounty Rewards
0L+

Earned across bug-bounty programs.

rewards · INR lakh
OSS Projects
0+

Tools & repos published, incl. DevOps CTF.

repos · shipped
findings_disclosed · cumulative responsible disclosures
FIG.04 — impact-overview ● live datasource: bug-bounty · github
04

Experience

A rollout history — each role ships as a release, synced from source of truth to a healthy, running system.

career / applications — 4 releases
v4.0

Senior Software Engineer, DevOps

Moveworks · Bengaluru · Mar 2026 — Present
Synced Healthy current
ImpactLed Kubernetes resource rightsizing across production & gov environments using Kubecost.
SystemsGrafana dashboards & alerts surfacing under/over-utilised workloads across hundreds of services; hardened CI validation for manifests & ArgoCD apps.
OutcomeHA instance families for Spot node groups — fewer non-prod interruptions.
tech Kubernetes ArgoCD AWS Kubecost Grafana
v3.0

Software Engineer, DevOps

Moveworks · Bengaluru · Aug 2024 — Mar 2026
Synced Healthy
ImpactBuilt deployment automation on Argo Workflows (utilities, input validation, CI dry-run checks) for multi-region Kubernetes.
SystemsMigrated pipelines Jenkins → Argo; drove the Kustomize → Helm migration across platform services.
OutcomeLed an AWS RDS PostgreSQL upgrade (v12→v16) across ~480 instances, 5 regions, 11 environments; Cloud Custodian cleanup with Slack alerts.
tech Kubernetes AWS Helm Argo Workflows Kustomize Cloud Custodian
v2.0

Site Reliability Engineer

ShopUp · Bengaluru · Jun 2023 — Aug 2024
Synced Healthy
ImpactHardened Kubernetes security — all pods run non-root; auth moved to GCP Workload Identity for keyless access.
SystemsTrivy vuln-scanning pipelines that auto-open remediation PRs; Helm-based CI/CD; deployed SonarQube, OpenMetadata & Apache Flink.
tech Kubernetes Helm GCP Trivy CI/CD
v1.0

Site Reliability Engineer, Intern

ShopUp · Bengaluru · Dec 2022 — Jun 2023
Synced Healthy
ImpactCentralised infra access via Teleport (Kubernetes, MySQL, PostgreSQL) with GitHub Teams RBAC.
SystemsAutomated security-testing pipelines (URL fuzzing); hardened internal API security — CORS & HTTP headers, remediated assessment findings.
tech Kubernetes Teleport GCP Python
4 / 4 releases healthy sync policy automated $ argocd app history career
05

Open source

Tools and platforms built in the open — DevOps education, security automation, and large-scale Kubernetes work. Each repo ships to solve a real, recurring problem.

0 + open-source projects
public GitHub
1,240 contributions in the last year
flagship
devops-ctf public

Platform where engineers debug real production incidents in isolated cloud sandboxes — DevOps made learnable by doing.

solvesTurns abstract DevOps theory into hands-on muscle memory with real failure scenarios.
Kubernetes Terraform AWS
Go source view
reconator public

Automated recon framework for bug-bounty — subdomain enumeration, port scanning, and vulnerability discovery in one pipeline.

solvesScales reconnaissance across large attack surfaces without manual toil.
Recon Automation
Python view
bugbounty-mcp-server public

Brings offensive-security tooling into LLM agents through the Model Context Protocol — AI that can actually run a recon workflow.

solvesMakes security testing AI-native by exposing tools to autonomous agents.
MCP LLM
TypeScript view
wappalyzer-cli public

Fast command-line technology fingerprinting — detect frameworks, servers, and libraries behind any target in seconds.

solvesIdentifies any target's stack instantly, scriptable into recon pipelines.
CLI
Go view
pentesting-resources public

Curated, widely-used collection of bug-bounty and penetration-testing resources, references, and methodology.

solvesA trusted community reference that saves practitioners hours of searching.
Security Curated
Reference view
kustomize-to-helm public

Fleet-wide automated migration of Kubernetes manifests from Kustomize to Helm — safely, across many clusters at once.

solvesMakes large-scale manifest migration safe and repeatable, not a manual rewrite.
Helm K8s
Go view
06

DevOps CTF

gokulapap/devops-ctf Live flagship

Debug real production incidents —
in live cloud sandboxes.

A polished open-source platform where engineers fix realistic infrastructure failures, not toy puzzles. Real terminals, real cloud, graded automatically.

Launch DevOps CTF Source
MDREADME.md

The most practical way to learn DevOps: engineers fix realistic production failures inside isolated cloud environments — live terminals, real infrastructure, graded automatically.

Live terminals
Real shell, no simulation
Cloud sandboxes
Isolated, ephemeral, real
Auto-graded
Fix it, capture the flag
Real incidents
Failures, not toy puzzles
SVGarchitecture.svg
isolated cloud sandbox open exec report pass drives user web terminal cloud · k8s challenge engine auto-grader ★ flag
FIG.06 — request path● user → grader
MD## challenge categories
Kubernetes Terraform AWS Helm Docker CI/CD Linux Monitoring Security
MD## how it works
  1. 1
    Pick a challenge
    Choose a real-world incident across nine tracks
  2. 2
    Spin up a cloud sandbox
    An isolated Kubernetes environment boots, just for you
  3. 3
    Debug in a live terminal
    Inspect, diagnose and fix the broken infrastructure
  4. 4
    Auto-graded — capture the flag
    The grader verifies your fix and awards points
challenge · crashloop-detective
$ kubectl get pods -n paymentsNAME      READY   STATUS             RESTARTSapi-7f9   0/1     CrashLoopBackOff   7$ kubectl logs api-7f9 --previous | tail -1FATAL: connect ECONNREFUSED redis:6379$ kubectl get svc redis -n paymentsNo resources found  # ← missing service$ kubectl apply -f fix/redis-svc.yamlservice/redis created$ kubectl rollout status deploy/apideployment "api" successfully rolled out★ challenge solved — flag captured  +250
// real impact Engineers learn DevOps the way it actually happens — by debugging real production incidents.
07

Security

I think like an attacker so the platforms I build don't find out the hard way — every finding below was disclosed responsibly, then driven to a fix.

security_findings · disclosure log posture: disclosed & remediated
scanning 100% · complete
100+vulns disclosed
& remediated
critical high recognition Google Hall of Fame
001

Critical vulns affecting many users

Reported in widely-used platforms protecting large user bases; coordinated a full remediation.

scope: widely-used platforms
critical fixed
002

Credential & token exposure

Account- and infrastructure-takeover paths from leaked credentials, reported with remediation guidance.

class: auth / secrets
high triaged
003

Google Hall of Fame

Inducted for a sustained track record of high-signal, responsibly-disclosed reports.

recognition: google security
recognition awarded
004

Published research & tooling

Writeups plus open-source automation — Reconator and BugBounty MCP — used by other hunters.

artifacts: writeups + OSS
research shipped
responsible disclosure · scan complete
  1. 1
    Discover
    find the blast radius
  2. 2
    Report
    privately, with detail
  3. 3
    Coordinate
    a fix, then verify
  4. 4
    Credit
    public, once safe
08

Journey

gokul@career: ~/career — zsh git · main
gokul@career ~ % git log --graph --oneline --decorate
1a3f0c2
init
Computer science foundations
education · cs degree
genesismerged
c47e9b1
feat
First bug bounty — responsible disclosure
security · first finding
v0.1merged
9d2f7a4
deploy
SRE Intern @ ShopUp
shopup · first production systems
v1.0merged
b6e814c
feat
SRE @ ShopUp — reliability at scale
shopup · high-traffic commerce
v2.0merged
3f08d5a
release
DevOps @ Moveworks — GitOps + K8s fleets
moveworks · argocd · multi-cloud k8s
v3.0merged
a1f9c2e
feat
Launched DevOps CTF — learn by debugging prod
side branch · a product, not a repo
branch ↓shipped
7c40e9d
merge
100+ vulnerabilities disclosed
security · responsible disclosure
← mergedmerge
e2b5f81
tag
tag: hall-of-fameGoogle Hall of Fame
recognition · vrp hall of fame
tagtagged
f09a3c7
release
HEAD → mainSenior DevOps @ Moveworks
moveworks · platform & infra automation
v4.0current
gokul@career ~ %
09

Contact

contact-gokulproject: outreach Synced Healthy
contact-gokulApplication
reach-meService · ClusterIP
EmailPod · Running GitHubPod · Running LinkedInPod · Running TwitterPod · Running
last sync: just nowself-heal: on4/4 pods Running

$ argocd app get contact-gokul

Let’s build something that ships safely.

Hiring for platform, DevOps, SRE or security engineering? I turn manual work into automated systems and design for blast-radius. Every channel here is a healthy pod — reach me on any of them.

Email GitHub LinkedIn Resume
Availability● responds in < 24h
RegionBengaluru, IN
TopologyRemote-friendly