Cyber security- VAPT with 3+ years in Vulnerability Assessment & Penetration Testing
AI is analyzing your overall score…
Identifying your key strengths…
Evaluating your skill match against the job requirements…
Assessing your cultural and operational fit
Cybersecurity Analyst and Penetration Tester with 3 years of experience in Vulnerability Assessment and Penetration Testing (VAPT) across web applications, APIs, mobile (Android & iOS), and network environments. Skilled in performing Dynamic Application Security Testing (DAST) along with manual security testing to identify and exploit vulnerabilities such as IDOR, SQL Injection, XSS, CSRF, and SSTI. Strong expertise in manual validation, Burp Suite advanced modules, and SSL pinning bypass. Experienced in vulnerability assessment, reducing false positives, and delivering actionable remediation recommendations aligned with OWASP Top 10 and industry best practices.
University BDT College of Engineering
Bachelor of Engineering
August 1, 2019 – June 30, 2023
QSEAP Infotech Pvt Ltd
Information Security Consultant (VAPT)
October 1, 2025 – Present
Bengaluru, Karnataka, India
QSEAP Infotech Pvt Ltd
Associate Information Security Consultant
August 1, 2024 – September 1, 2025
Bengaluru, Karnataka, India
Velocis Systems Pvt Ltd
Associate Security Consultant
April 1, 2023 – August 1, 2024
Bengaluru, Karnataka, India
Exploited Server-Side Template Injection (SSTI)
June 1, 2026 – Present
Exploited Server-Side Template Injection (SSTI) leading to remote code execution (RCE) in a controlled environment.
Bypassed SSL pinning in Android applications using Frida
June 1, 2026 – Present
Bypassed SSL pinning in Android applications using Frida, enabling interception of encrypted traffic.
Conducted API security testing identifying IDOR, authentication bypass, and access control issues
June 1, 2026 – Present
Conducted API security testing identifying IDOR, authentication bypass, and access control issues.
Performed mobile application testing using MobSF and runtime analysis tools
June 1, 2026 – Present
Performed mobile application testing using MobSF and runtime analysis tools.
Bug Bounty/Recognition: Recognized for identifying Critical vulnerabilities in BMTC, KSRTC, and EuroKids applications
June 1, 2026 – Present
Recognized for identifying Critical vulnerabilities in BMTC, KSRTC, and EuroKids applications.
Published technical blogs on Medium covering web security and real-world vulnerabilities
June 1, 2026 – Present
Published technical blogs on Medium covering web security and real-world vulnerabilities.
Certified Ethical Hacker (CEH)
EC-Council
June 1, 2026 – Present
Certified Red Team Analyst (CRTA)
CyberWarFare Labs
June 1, 2026 – Present
Certified AppSec Practitioner (CAP)
SecOps Group
June 1, 2026 – Present
Cultural Fit Analysis
The candidate's diverse project experience, including bug bounty recognition and technical blogging, demonstrates initiative and a passion for cybersecurity beyond typical job duties. Their experience across banking, fintech, and government sectors (BEL) indicates adaptability to different organizational contexts. The certifications (CEH, CRTA, CAP) show a commitment to professional development and staying current with industry best practices, which aligns well with a culture of continuous improvement in a cybersecurity role.
Soft Skills & Operational Fit
The candidate's experience in collaborating with development teams for vulnerability remediation and preparing detailed VAPT reports indicates good communication and operational fit. Their publication of technical blogs suggests a proactive approach to knowledge sharing and continuous learning. The project descriptions, while concise, highlight practical problem-solving skills.