About

I’ve spent the last 3.5 years building at two very different scales: Gojek (GoTo Group), a superapp with 5,000 engineers and 60k+ repositories, and Blueflag Security, an SDLC security startup where I own entire features end-to-end.

At Gojek, I built automation to solve Security Engineering’s problems: finding who owns what across 60k repos, scaling secret detection across the full engineering org, and building SCA tooling that replaced commercial licenses worth $400-600k.

At Blueflag Security, I own problems end-to-end: research, build, ship, and maintain, and engage with customers. I’ve been leading the company’s pentest activities, and am now leading the compliance audit activities.

I also volunteer at r/DevelopersIndia and Postgres Women India’s Upskill Program.

What I’ve Shipped

• Commit Journey: end-to-end commit traceability across PRs, pipelines, and container images. Flagship Blueflag feature, cited by several customers.
• Connector integrations, owned end-to-end (data collection, normalization, analytics)
• Vulnerability management platform with 2-way sync across 8+ sources
• SAST, DAST enhancements, and supply chain security tools
• Code to cloud context mapping
• Prediction service for repo ownership across 60k repositories. Built similar feature at Blueflag Security too
• Secret scanning rollout across a 5,000-engineer org (800+ secrets, 2,000+ locations)
• In-house SCA tooling that replaced $400-600k in commercial licenses