Cyber Security Consultant · Bengaluru, India
4 years · VAPT · Web · Mobile · API
01 — About
Cyber Security Consultant
@ Synopsys Software Integrity
Bengaluru, Karnataka, India
Consultant with 4 years in cybersecurity — specializing in penetration testing, vulnerability assessment, and security strategy. Skilled in VAPT, manual and automated testing, and tools such as Burp Suite, Nmap, and OWASP frameworks. Experienced in identifying and mitigating vulnerabilities across web, mobile, and API ecosystems.
02 — Experience
Leading security assessments across web applications, APIs, and mobile platforms for enterprise clients. Delivering end-to-end VAPT engagements with detailed remediation guidance and risk-prioritized findings.
Performed Web, Mobile, and VAPT engagements — identified 15+ critical vulnerabilities including SQLi and IDOR, reducing client risk exposure by 40%. Executed both manual and automated testing across internal, web, and mobile attack surfaces.
03 — Capabilities
01
Comprehensive web VAPT covering OWASP Top 10 — injection, auth flaws, misconfigurations, and business logic vulnerabilities.
02
Android & iOS assessments — static/dynamic analysis, insecure data storage, SSL pinning bypass, and runtime manipulation.
03
REST and GraphQL API testing — broken object-level auth, excessive data exposure, rate limiting, and mass assignment flaws.
04
Internal network pentesting, Active Directory enumeration, privilege escalation, and lateral movement in enterprise environments.
05
Multi-cloud attack surface analysis across AWS, Azure, and GCP. Threat modeling and red team exercise planning.
06
Testing LLMs and ML pipelines for prompt injection, model inversion, adversarial inputs, and data poisoning risks.
07
Structured identification of attack surfaces using STRIDE and DREAD frameworks — before a line of code ships.
08
Embedding security into the SDL — requirements, risk assessment, and cross-team security ownership across the product lifecycle.
09
Deep-dive security assessment of system designs — trust boundaries, data flows, auth models, and infrastructure exposure.
10
Early-stage security engagement on feature designs — catching insecure patterns before implementation locks them in.
The Approach
Every system is a structure of trust boundaries and data flows. I rotate it, probe each face, and find the edge where assumptions break — then prove it, and hand back a path to fix it.
Impact in Practice
Findings & Impact
04 — Certifications
FIRST CVSS v4.0 Certificate
Certified AppSec Practitioner (CAP)
Multi-Cloud Red Teaming Analyst
Penetration Tester
SQL & Relational Databases 101
05 — Education
University of Madras
Currently Pursuing
Achariya College of Engineering Technology
August 2017 – September 2021
Spot Recognition Award
Initiatives
Creativity
Exceptional Skills
06 — Get in touch