Hi, my name is
Shivam Saraswat.
I build things for the security.
I’m a security engineer (R&D) specialized in building exceptional security solutions. Currently, I’m focused on building dev-centric security products (using shift-left approach) at PayPal.
About Me
Hello! My name is Shivam. As a Security Engineer at PayPal, I engineer and implement innovative security solutions to protect the company’s web and API assets.
Accomplished DevSecOps and Cybersecurity professional with 3+ years of expertise in architecting enterprise-grade security solutions and driving cloud-native implementations. Demonstrated ability to build and optimize secure pipelines for large-scale environments, develop innovative in-house security tools, and implement cloud security best practices.
Proven track record of reducing security risks, streamlining compliance processes, and enhancing developer productivity through innovative tools and workflows.
Committed to bridging the gap between development and security teams to create resilient, scalable, and efficient systems.
Here are a few technologies I’ve been working with recently:
- SSDLC
- Application Security
- DevSecOps
- Cloud Security
- Security Automation (Python, Bash)
- Vulnerability Management
- Github Actions, GitLab CI/CD, Harness CI/CD
- Burp Suite, Nmap, Wireshark, Nuclei, Nessus
- MongoDB
- Docker, Kubernetes
- Google Cloud, AWS
- Swagger, Postman
Where I’ve Worked
Senior Cybersecurity Engineer @ PayPal
April 2025 - Present
-
Architected Container Security Framework & Security Policies: Spearheaded unified container-scanning framework and governance model, standardizing vulnerability checks for Docker images across all development teams while designing and enforcing JFrog Xray policies (severity gates, CVE exemptions, whitelists) to achieve 100% compliance and accelerate remediation cycles.
-
Orchestrated CI/CD-Native Security Enforcement: Integrated JFrog Xray container security scans into Harness CI/CD pipelines at both build and deploy stages, automating checks that block non-compliant images and improving vulnerability detection by 50%.
-
Led Container Scanning Tool Evaluation: Directed comparative analysis of industry tools (JFrog Xray, Trivy, Grype) against criteria including detection accuracy, performance impact, cost, and API support—piloting top choice to boost scan throughput without affecting pipeline SLAs.
Some Things I’ve Built
Featured Project
PYrevDNS
PYrevDNS is a simple tool for performing reverse DNS lookups on IP addresses. Available on PyPi and Docker Hub.
- Python
- DNS
- Docker
Featured Project
Certify - SSL/TLS Certificate Security Analysis Tool
Certify is a powerful and easy-to-use tool designed to check the security of SSL/TLS certificates. Available on PyPi and Docker Hub.
- Python
- TLS
Featured Project
Refinements in Zeek IDS
Designed and implemented custom scripts for improving the logging capability of the Zeek IDS. Also, published a paper in the IEEE Conference on the topic – Refinements in Zeek Intrusion Detection System.
- Zeek
- IDS
Other Noteworthy Projects
view the archivePYrevDNS
PYrevDNS is a simple tool for performing reverse DNS lookups on IP addresses. This tool is useful for network administrators and security professionals to identify the domain names associated with IP addresses.
Certify - SSL/TLS Certificate Security Analysis Tool
Certify is a powerful and easy-to-use tool designed to check the security of SSL/TLS certificates.
PGrab
PGrab is a banner grabber tool used to gather information about a remote server or device, specifically the banner or header information that is sent when a connection is made.
crt.sh Domain Finder
It can retrieve all the domains and the subdomains associated with a domain using crt.sh. It can also be used in conjunction with other tools (such as httpX) to know the active domains.
WebXCrawler
WebXCrawler is a fast static crawler to crawl a website and get all the links. It is useful for web developers and security professionals to identify the links present on a website. It is built using Python and BeautifulSoup.
SSH Bruteforcer and Bruteforce Detector
It is a tool for brute-forcing the SSH service, allowing for testing and analysis of SSH security measures, and it also comes with option to detect brute-force attacks on the SSH service.
What’s Next?
Get In Touch
My inbox is always open. Whether you have a question or just want to say hi, I’ll try my best to get back to you!
Say Hello