AVINASH KUMAR THAPA

Lead security architecture, cloud security, and offensive security strategies for global retail, financial, and tech enterprises. Specialize in Red Team operations, threat modeling, penetration testing, and cloud security (AWS, Azure, GCP).

• Designed scalable security frameworks, IAM, zero-trust models, and cloud security posture management (CSPM) for AWS, Azure, and GCP
• Strengthened container security (Kubernetes, Docker) and serverless security while ensuring compliance with NIST, PCI-DSS, ISO 27001, and SOC2
• Conducted stealth Red Team operations, reverse-engineered encryption protocols, and exposed critical vulnerabilities in high-security environments
• Led threat modeling exercises across cloud and on-prem infrastructure
• Managed end-to-end security projects, team performance, and quarterly growth objectives
• Conducted performance reviews and mentored security professionals
• Built Infrastructure as Code (IaC) security solutions, reducing vulnerabilities by 30% across hybrid cloud environments
• Integrated security into CI/CD pipelines using Terraform, Python, and automation tools
• Developed cloud security hardening strategies, achieving a 15% reduction in risk exposure while maintaining compliance with regulatory standards
• Advised CISOs, security architects, and DevOps teams, ensuring security strategy aligns with business objectives

Reporting to the Director, responsible for scoping, leading and executing varieties of offensive security engagements for clients in financial, legal and telecommunication services

• Led offensive security engagements across financial, legal, and telecom sectors, improving cybersecurity by 40%
• Conducted web, mobile, API, and network security testing, uncovering critical vulnerabilities
• Designed & executed Red Team & Purple Team strategies, strengthening client defenses
• Managed end-to-end security projects, tailoring solutions to mitigate key risks
• Provided expert security guidance & training, fostering team growth & a learning culture
• Delivered executive-level security reports, translating findings into business-driven insights
• Researched & integrated emerging cybersecurity trends, enhancing client security postures

Under the guidance of the VP of Threat and Compliance Management, I spearheaded a team that enhanced bank security by 20% through comprehensive Red Teaming, and purple teaming activities

• Led Red Teaming operations, uncovering 50+ critical vulnerabilities, boosting security resilience by 20%
• Developed & refined threat models, security protocols, and risk assessments (NIST 800-30/53)
• Conducted Purple Team exercises, testing detection capabilities against MITRE ATT&CK techniques
• Automated security tasks using PowerShell scripts for OSINT & attack simulations
• Provided QA oversight on security deliverables, ensuring technical accuracy
• Assessed firewall & security configurations against CIS benchmarks for enterprise clients
• Designed cybersecurity training programs, strengthening staff expertise in incident handling & security best practices

Under the guidance of the VP of Security Architecture, I directed the projects for threat modelling, Agile and DevSecOps. Major contributor in onboarding security tools such as Veracode, and cloud security solutions within the bank

• Led threat modeling, Agile security, and DevSecOps initiatives, strengthening security frameworks
• Spearheaded Veracode onboarding & cloud security solutions, enhancing application security
• Integrated security protocols into Agile/DevSecOps, ensuring compliance & continuous evaluation
• Established risk management strategies, significantly reducing operational security risks
• Advised on vendor selection & security architecture, influencing key compliance decisions

Reporting to the Manager, responsible for conducting infrastructure and web applications vulnerability assessment and penetration testing activities

• Conducted penetration tests on infrastructure & web applications, identifying critical vulnerabilities
• Led Red Team operations, simulating adversarial attacks to enhance security defenses
• Delivered security training to technical teams, improving awareness & best practices
• Spearheaded R&D initiatives, identifying emerging threats & enhancing industry security knowledge
• Managed end-to-end security projects, ensuring timely & high-quality delivery

Reporting to the Manager, responsible for conducting infrastructure and web applications vulnerability assessment and penetration testing activities

• Led a variety of security evaluations and penetration testing for government organizations identifying and fixing over 200 security concerns to strengthen overall security measures
• Led penetration testing, wireless security checks, and automation of security testing procedures
• Provided cybersecurity trainings and contributed to industry research