Hi, I'm
Rohit Vishwakarma

Designed and implemented AWS WAF at the edge (CloudFront) to protect production infrastructure from malicious traffic.

• Enabled managed rule sets (OWASP Top 10, IP reputation, bad inputs) to block attacks like SQLi, XSS, and malformed requests
• Configured input validation rules to restrict abnormal query sizes and suspicious payload patterns
• Implemented edge-level traffic filtering to prevent malicious requests from reaching backend services
• Conducted security validation using payload injection and abnormal request testing to verify rule effectiveness

Result: Successfully enforced first-layer security at the edge, reducing exposure to common web attacks and improving overall application security posture

1. Created a dedicated CI/CD job to run TypeORM database migrations
2. Pulled the latest backend Docker image from Amazon ECR
3. Executed migrations inside AWS ECS using the existing container image
4. Decoupled migration execution from build pipeline (no image rebuild)
5. Ensured consistent schema updates across environments
6. Reduced deployment time and eliminated manual DB migration steps

1. Enforced pre-commit checks using Gitleaks to prevent hardcoded secrets
2. Implemented pre-push dependency audit to block vulnerable packages
3. Integrated lockfile enforcement in GitHub CI to ensure dependency consistency across environments
4. Added Gitleaks scanning in CI pipeline for an additional security layer
5. Automated dependency vulnerability checks in CI to detect insecure libraries
6. Strengthened code security by preventing insecure or non-compliant code from reaching repositories

1. Diagnosed and resolved a production issue where users continued receiving outdated frontend builds after CI/CD deployments and had to perform a hard refresh.
2. The application was deployed using a CloudFront → Application Load Balancer → ECS architecture with a Vite-based frontend.
3. Identified that index.html was being cached while static assets used content hashing, causing the browser to reference old bundles.
4. Implemented proper cache-control strategy in Nginx by disabling caching for index.html and allowing long-term caching for hashed static assets.
5. This ensured users automatically receive the latest frontend version immediately after deployment without requiring manual refresh, improving deployment reliability and user experience.