Security Engineer with 5+ years in Vulnerability Assessment & Penetration Testing
AI is analyzing your overall score…
Identifying your key strengths…
Evaluating your skill match against the job requirements…
Assessing your cultural and operational fit
Results-driven Cybersecurity Professional with 5+ years of experience conducting risk-based vulnerability assessments and penetration testing across web applications, APIs, and enterprise infrastructure. Executed penetration tests on 300+ business applications, applying OWASP Top 10, SANS Top 25, and MITRE ATTCK frameworks to identify critical vulnerabilities and drive remediation strategies that strengthened organizational security posture. Expert in Active Directory security assessments, red team engagements, and phishing simulations, with proficiency in tools such as Burp Suite, Nessus, and Metasploit. Skilled at translating technical findings into executive-level reports that enable informed decision-making.
KL University
Bachelor of Technology · Electronics and Computer Science Engineering
August 1, 2016 – June 30, 2020
Palo Alto Networks (via CBNITS India Pvt Ltd)
Data Security Research Engineer
May 1, 2024 – Present
Bengaluru, Karnataka, India
CyberNX Technologies Pvt Ltd
Security Analyst Associate
November 1, 2020 – May 1, 2024
Mumbai, Maharashtra, India
SaaS Security Posture Management Optimization
May 1, 2024 – Present
Designed and implemented standardized security onboarding framework for 30+ SaaS applications at Palo Alto Networks Analyzed SSPM authentication protocols, OAuth 2.0 flows, SAML configurations, and permission models to establish security baselines Created automated security review checklists covering authentication, authorization, data encryption, audit logging, and compliance requirements Integrated onboarding controls with change management workflows ensuring every SaaS integration underwent security assessment before production deployment
Red Team Simulation and Active Directory Security Assessment
November 1, 2020 – May 1, 2024
Led red team engagements for banking, financial services, and enterprise clients simulating advanced persistent threats and insider attack scenarios Performed comprehensive Active Directory enumeration using BloodHound and SharpHound identifying shortest attack paths to domain administrator privileges Executed Kerberoasting attacks extracting service account credentials, AS-REP roasting targeting accounts without Kerberos pre-authentication, and LLMNR poisoning capturing NTLMv2 hashes Compromised internal systems through credential stuffing, password spraying, and exploitation of unpatched vulnerabilities enabling lateral movement across network segments Simulated data exfiltration scenarios demonstrating business impact and risk exposure to executive leadership Conducted social engineering campaigns including spear phishing, vishing, and physical security testing to assess human attack surface Documented detailed attack chains with screenshots, network diagrams, and timeline analysis mapped to MITRE ATT&CK tactics and techniques Provided actionable security recommendations including network segmentation, privileged access management, EDR deployment, and security awareness training
Dark Web Monitoring and Threat Intelligence Program
November 1, 2020 – May 1, 2024
Established dark web monitoring program for banking and fintech clients detecting credential leaks, data breaches, and targeted threats Developed custom OSINT tools and crawlers monitoring Telegram channels, hacker forums, paste sites, and breach databases for client-specific indicators Discovered and validated leaked credentials for 500+ employee accounts enabling proactive password resets and preventing account takeover attacks Identified exposed source code repositories, API keys, database dumps, and internal documents preventing intellectual property theft and data breaches Created threat intelligence dashboards visualizing breach timelines, affected systems, threat actor attribution, and geographic threat distribution Conducted threat actor profiling analyzing tactics, techniques, procedures, and motivations to predict future attack vectors
Certified AppSec Practitioner
SecOps Group
June 1, 2026 – Present
Certified Red Team Professional (CRTP)
Pentester Academy
June 1, 2026 – Present
Certified Ethical Hacker V11 Practical (CEH Practical)
EC-Council
June 1, 2026 – Present
Certified Ethical Hacker (CEH)
EC-Council
June 1, 2026 – Present
Cultural Fit Analysis
The candidate's diverse project experience across banking, financial services, and enterprise clients, coupled with their work at CyberNX Technologies and Palo Alto Networks, indicates adaptability to various organizational cultures and security challenges. Their involvement in red teaming, threat intelligence, and SaaS security posture management shows a broad interest in different facets of cybersecurity, aligning well with a dynamic security engineering role. The recognition for responsible disclosure also points to a strong ethical stance and commitment to the security community.
Soft Skills & Operational Fit
The candidate demonstrates strong problem-solving skills through their detailed project descriptions and vulnerability discovery achievements. Their experience in leading red team engagements and collaborating with SOC analysts for purple team exercises indicates good teamwork and communication. The ability to generate comprehensive reports for both technical and non-technical stakeholders highlights strong communication and documentation skills. Their continuous research and training commitment suggests a proactive and adaptable work attitude.