# Maitreyi Ekbote

> Software Engineer (Security & AI) @ Google | Ex-Deloitte | IAM, LLM Security, Cloud (Azure/GCP) | Backend & ETL Systems | Actively looking for new opportunities

Location: United States, United States
Profile: https://flows.cv/maitreyi

🌟 Software Engineer (Security & AI) | LLM Security, IAM, Cloud (Azure/GCP) | Backend Systems, APIs & ETL Pipelines | Building Secure & Scalable Systems

I’m Maitreyi, a Software Engineer with 2+ years of experience building secure, scalable backend systems and cloud data pipelines. My work sits at the intersection of security, AI, and distributed systems, with hands-on experience across identity platforms, LLM security, and large-scale infrastructure.

Currently, I work on AI security and identity systems, where I focus on adversarial testing of LLM-powered applications, prompt injection defense, and designing secure, reliable AI systems. Previously at Deloitte, I built enterprise IAM solutions supporting 100K+ users, implementing SSO, RBAC, and secure authentication workflows.

I enjoy solving complex system-level problems — whether it’s securing AI systems against real-world attacks, designing identity architectures, or building data pipelines that scale reliably.

🔍 Key Achievements:
• Conducted LLM red teaming and adversarial testing, identifying vulnerabilities like prompt injection, data leakage, and auth bypass in AI chatbot systems
• Built Infrastructure-as-Code (Terraform + GCP) to provision scalable red-team environments, reducing setup time from 2 hours to 12 minutes
• Implemented SSO and IAM solutions (Okta, OAuth, SAML, OIDC) across 10+ enterprise applications, improving authentication consistency and security
• Automated IAM workflows using Python + Selenium, reducing manual effort by 30% and accelerating access certification cycles
• Developed ETL pipelines on Azure Data Factory, processing 4M+ records and enabling real-time analytics with RBAC-secured data access
• Built a full-stack SOC log analyzer (Next.js + Flask) with anomaly detection (Isolation Forest) to identify malicious traffic patterns

💡 Skills:
Security & IAM: Okta, OAuth 2.0, OIDC, SAML, RBAC, MFA, AI Red Teaming, Prompt Injection, OWASP
Backend & Systems: Python, FastAPI, Java, REST APIs, System Design
Cloud & DevOps: Azure, GCP, AWS, Terraform, Docker, CI/CD
Data & Analytics: SQL, ETL Pipelines, Azure Data Factory, Power BI
AI/ML: LLM Security, RAG, LangChain, NLP, Anomaly Detection
Tools: Splunk, Burp Suite, Wireshark, ServiceNow, Postman

🤝 Let’s Connect:
I’m actively exploring opportunities in Security Engineering, AI/LLM Systems, and Backend Engineering, where I can build secure, scalable, and impactful systems.
Email: maitreyi.ek@gmail.com
Phone: +1 2066976680

## Work Experience
### Security Consultant @ Google
Jan 2025 – Present | United States
Project 1: Agentic AI / AI Chatbot LLM Security
- Performed prompt injection attacks and guardrail bypass techniques using crafted adversarial inputs to override system-level constraints and circumvent content filtering and safety mechanisms
- Tested for sensitive data exposure by crafting prompts to extract internal system details, backend configurations, and undisclosed user data
Identified business logic manipulation and authentication bypass vulnerabilities where constructed prompts could alter chatbot decision-making or escalate privileges
- Implemented LLM security measures by crafting prompts resistant to prompt injection and data leakage, safeguarding the AI's operational integrity with input validation, output filtering, and guardrail hardening

Project 2: Identity and Access Platform ( IAM )
- Designed and implemented M365 Security Groups and mail-enabled distribution lists in Entra ID and Exchange Online based on department and location attributes, standardizing both resource access and email distribution
- Developed dynamic group membership rules using PowerShell to automate user-to-group assignment based on profile attributes, eliminating manual provisioning workflows
- Analyzed Entra ID user directory attributes to define grouping logic, ensuring accurate role-to-resource mapping aligned with least-privilege principles

Project 3: Web Application Security Testing
- Performed web app penetration testing aligned with OWASP Top 10, identifying and exploiting vulnerabilities, including IDOR, XSS, SQLi, SSRF, open redirects, and authentication bypass
- Developed custom Python and Bash scripts to automate payload delivery, credential brute-forcing, and parameter fuzzing, enabling repeatable testing across engagements
- Used Burp Suite for request interception, parameter manipulation, and payload injection to validate injection points, session handling flaws, and authorization logic

### Software Engineer @ Trimlite LLC
Jan 2024 – Jan 2025
Capstone at UW - Cloud Supply Chain Analytics
● Built end-to-end ETL pipelines using Azure Data Factory (ADF) to ingest and integrate data from multiple legacy ERP systems into Azure SQL Database, processing 4.3M+ transactional records
● Enforced role-based access control (RBAC) at the database and reporting layers, ensuring least-privilege access to sensitive financial and supply chain data
● Implemented schema validation and data integrity checks within ETL pipelines to prevent ingestion of malformed or unauthorized data
● Developed Power BI dashboards to analyze Purchase Price Variance, supplier performance, and inventory trends, reducing reporting turnaround from weeks to minutes

### Security Consultant @ Google
Jan 2024 – Jan 2024 | San Francisco, CA
Project 1: Internal Tooling
- Built Infrastructure-as-Code using Terraform on GCP to provision Compute Engine instances, networking, firewall rules, and public IPs for red-team environments
- Automated server configuration using Ansible and Python, deploying phishing simulation web servers (Apache/Nginx)
- Enabled parallel environment provisioning through standardized naming and isolation strategies, reducing setup time from 2 hours to 12 minutes

Project 2: Network and Infrastructure Penetration Testing
- Performed reconnaissance and attack surface enumeration using Nmap, theHarvester, CrossLinked, dirb, WaybackURLs, and Aquatone to map exposed services, endpoints, and employee information
- Exploited Active Directory misconfigurations, including Seamless SSO abuse, to demonstrate credential theft without user interaction on corporate-joined devices
- Used BloodHound to map hidden trust relationships and privilege escalation paths in Azure AD 

Project 3:  Social Engineering 
- Designed and deployed phishing simulation websites using Angular (HTML, CSS, JavaScript), replicating client login portals to test employee susceptibility to credential harvesting attacks
- Executed 10+ vishing calls using pretexted scenarios to extract sensitive information from employees, testing adherence to security awareness policies

### Solution Delivery Analyst ( Security and IAM ) @ Deloitte
Jan 2022 – Jan 2023 | Bengaluru
Client: AIG New York
- Implemented SSO integrations using Okta across 10+ enterprise applications, leveraging SAML 2.0, OAuth 2.0, and OIDC, configuring authentication policies, authorization servers, and token claims to establish consistent identity flows
- Designed and enforced RBAC policies in alignment with SOX and SOC 2 requirements by mapping user roles to application-specific permissions, eliminating over-permissioned access and ensuring least-privilege enforcement
- Implemented MFA and Adaptive MFA policies to introduce risk-based step-up authentication for sensitive operations, strengthening protection against unauthorized access aligned with NIST 800-63
- Debugged SSO integration issues by analyzing SAML assertions, OAuth token flows, and OIDC configurations across Dev, UAT, and Prod environments to identify and resolve misconfigurations

Client: AIG New York
- Resolved 1,000+ production access and authentication issues through ServiceNow, participating in on-call rotations and maintaining resolution within defined SLA timelines
- Monitored and analyzed authentication logs using Splunk to detect login anomalies, identify failure patterns in authentication flows, and proactively surface issues before they impacted end users
- Validated IAM configurations across environments post-incident to ensure consistency in access behavior and prevent recurrence of issues caused by misconfigured identity policies

Client: Global Manufacturing Company
- Built automation scripts using Python and Selenium to execute IAM workflows in Saviynt (SaaS IGA platform), including user onboarding, JML workflows, access requests, and certification tasks
- Handled dynamic UI elements by analyzing HTML DOM structure and designing robust selectors to navigate multi-step IAM processes across frequently changing Saviynt interfaces
- Automated access certification campaigns, reducing review cycles from weeks to days and cutting manual intervention by 30%

### Data Science/Machine Learning Intern @ Bhartiya Vidya Bhavans Sardar Patel Institute of Technology Munshi Nagar Andheri Mumbai
Jan 2021 – Jan 2022 | Mumbai, Maharashtra, India
- Worked with a professor on the development and optimization of a hybrid deep learning neural network model for MODI handwritten character recognition.

- Utilized a VGG16-optimized CNN model with Random Forest and XGBoost classifiers to improve recognition accuracy by training the model over handwritten MODI dataset.

- Achieved model accuracies of 92-93% for characters and numerals of the MODI handwritten script through model optimization and fine tuning.

### Teaching Assistant @ Bhartiya Vidya Bhavans Sardar Patel Institute of Technology Munshi Nagar Andheri Mumbai
Jan 2020 – Jan 2021 | Mumbai, Maharashtra, India


## Education
### Master of Science - MS in Information Management
University of Washington

### Bachelor of Technology - BTech in Electronics and Telecommunication Engineering
Bhartiya Vidya Bhavans Sardar Patel Institute of Technology Munshi Nagar Andheri Mumbai

### HSC
Pace Junior Science College

### CBSE
D.A.V. Public School - India


## Contact & Social
- LinkedIn: https://linkedin.com/in/maitreyi-ekbote

---
Source: https://flows.cv/maitreyi
JSON Resume: https://flows.cv/maitreyi/resume.json
Last updated: 2026-04-16