Hi, my name is
Shivam Saraswat.
I build things for the security.
I’m a security engineer (R&D) specialized in building exceptional security solutions. Currently, I’m focused on building dev-centric security products (using shift-left approach) at PayPal.
About Me
Hello! My name is Shivam. I stop bad packages before they reach your developers.
Over the past 4+ years, I've built enterprise security platforms that reduce risk without slowing engineering down — at PayPal, IKEA, and Tekion. My focus: SSDLC automation, container and supply chain security, and building security tooling that developers actually want to use, not tools they route around.
Committed to bridging the gap between development and security teams to create resilient, scalable, and efficient systems.
Here are a few technologies I’ve been working with recently:
- SSDLC
- Supply Chain Security
- DevSecOps
- Cloud Security
- Security Automation
- Vulnerability Management
- Github Actions, GitLab CI/CD, Harness CI/CD
- Docker, Kubernetes
- Google Cloud, AWS

Where I’ve Worked
Senior Product Security Engineer @ PayPal
April 2025 - Present
- Built an org-wide supply chain firewall that blocks malicious/vulnerable packages before they reach Artifactory.
- Deployed container security across 3,100+ CI/CD pipelines, improving vulnerability detection by 50%.
- Standardized container vulnerability policy enforcement to 100% compliance org-wide.
- Built a CVE/package/version deduplication system that cut alert fatigue and improved patch efficiency by 30%.
- Prototyped an AI-powered SCA system for reachability analysis, safe-version recommendations, and fix suggestions across Maven & npm.
- Detected and neutralized the Shai-Hulud self-replicating worm and similar supply chain attacks before credential theft or spread.
- Built an automated third-party vendor image scanning pipeline with a Slack AI bot for on-demand scans.
- Authored container security ADRs and guides that cut developer onboarding time by 40%.
Some Things I’ve Built
Featured Project
SeCoRA
An AI-powered tool for detecting and remediating security vulnerabilities in codebases. This tool uses advanced language models to perform static analysis, vulnerability chaining, and provide actionable security recommendations.
- Python
- AI SAST
- Gen AI
Featured Project
PYrevDNS
PYrevDNS is a simple tool for performing reverse DNS lookups on IP addresses. Available on PyPi and Docker Hub.
- Python
- DNS
- Docker
Featured Project
Certify
Certify is a powerful and easy-to-use tool designed to check the security of SSL/TLS certificates. Available on PyPi and Docker Hub.
- Python
- TLS
Other Noteworthy Projects
view the archivePGrab
PGrab is a banner grabber tool used to gather information about a remote server or device, specifically the banner or header information that is sent when a connection is made.
crt.sh Domain Finder
It can retrieve all the domains and the subdomains associated with a domain using crt.sh. It can also be used in conjunction with other tools (such as httpX) to know the active domains.
WebXCrawler
WebXCrawler is a fast static crawler to crawl a website and get all the links. It is useful for web developers and security professionals to identify the links present on a website. It is built using Python and BeautifulSoup.
SSH Bruteforcer and Bruteforce Detector
It is a tool for brute-forcing the SSH service, allowing for testing and analysis of SSH security measures, and it also comes with option to detect brute-force attacks on the SSH service.
Refinements In Zeek Intrusion Detection System
Designed and implemented custom scripts for improving the logging capability of the Zeek IDS. Also, published a paper in the IEEE Conference on the topic – Refinements in Zeek Intrusion Detection System.
NETMAPPY
This is a basic port scanner written in Python 3. It is a simple script that uses the
socketmodule to scan the ports of a given IP address. It is a useful tool for security professionals and network administrators to check the open ports on a server to ensure that only the necessary ports are open.
What’s Next?
Get In Touch
My inbox is always open. Whether you have a question or just want to say hi, I’ll try my best to get back to you!
Say Hello

