Akash P, Developer in Bengaluru, Karnataka, India
Akash is available for hire
Hire Akash

Akash P

Cybersecurity Developer

Bengaluru, Karnataka, India

Toptal member since June 8, 2026

Expertise
Web DevelopmentPenetration TestingWindows DevelopmentEthical HackingOpenAISystem SecurityPythonJavaScriptLLMSecurity EngineeringC#Java
Bio

Akash is a cybersecurity professional with 8+ years of experience in application security, security architecture, DevSecOps, and penetration testing. He is currently securing products at a Fortune 50 company. Skilled in web/mobile security, threat modeling, API security, secure code reviews, cloud security, and CI/CD security, Akash combines AI-assisted analysis with hands-on testing to identify vulnerabilities and deliver practical, risk-based security solutions.

Portfolio

IBM
Application Security, Static Application Security Testing (SAST)...
Vanguard
DevSecOps, Secure Software Development Lifecycle (SSDLC)...
Infosys
Application Security, Vulnerability Management, Incident Response, DevSecOps...

Experience

  • Application Security - 8 years
  • Penetration Testing - 8 years
  • Enterprise Cybersecurity - 8 years
  • Vulnerability Management - 7 years
  • DevSecOps - 5 years
  • Security Architecture - 5 years
  • Cloud Security - 5 years
  • Threat Modeling - 5 years

Preferred Environment

Kali Linux, Penetration Testing, Vulnerability Management, Threat Modeling, Product Security, Windows, Application Security, IT Security, Enterprise Cybersecurity

The most amazing...

...thing I've done is identify critical business logic vulnerabilities missed by automated tools, preventing potential exposure of sensitive customer data.

Work Experience

Senior Security Consultant

2023 - PRESENT
IBM
  • Performed security architecture reviews, threat modeling, and risk assessments for enterprise applications, improving security posture across multiple product teams.
  • Conducted penetration testing of web applications and APIs, identified critical vulnerabilities, communicated risks to stakeholders, and guided remediation efforts through successful closure.
  • Implemented shift-left security practices by integrating automated security controls into CI/CD pipelines, reducing late-stage security findings and enabling faster, more secure product releases.
  • Designed and implemented an AI-powered threat modeling agent that automated the threat modeling process, improving consistency, scalability, and accelerated risk identification.
Technologies: Application Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Penetration Testing, Threat Modeling, DevSecOps, Security Architecture, Cloud Security, Certified Ethical Hacker (CEH), Risk Assessment, Secure Software Development Lifecycle (SSDLC), Information Security, Burp Suite, Vulnerability Management, IT Security, Security, Enterprise Cybersecurity

Application Security Engineer

2022 - 2023
Vanguard
  • Contributed to enterprise DevSecOps transformation initiatives by embedding security controls into CI/CD pipelines and application development processes.
  • Performed security assessment and validation of findings from automated security testing tools, enabling earlier detection and remediation of application vulnerabilities.
  • Partnered with development and security teams to drive secure-by-design practices, improve vulnerability management efficiency, and support continuous security improvement.
Technologies: DevSecOps, Secure Software Development Lifecycle (SSDLC), Vulnerability Management, Penetration Testing, IT Security, Enterprise Cybersecurity

Application Security Consultant

2021 - 2023
Infosys
  • Supported enterprise vulnerability management programs for global clients, driving remediation tracking, SLA compliance, and risk reduction across application portfolios.
  • Performed vulnerability validation and false-positive analysis for findings generated by Qualys, Fortify, Checkmarx, and Netsparker, improving reporting accuracy and remediation prioritization.
  • Partnered with development teams to remediate DAST, SAST, and penetration testing findings while providing regular security metrics and executive reporting to client stakeholders and leadership.
Technologies: Application Security, Vulnerability Management, Incident Response, DevSecOps, Burp Suite, Information Security, Penetration Testing, IT Security, Enterprise Cybersecurity

Application Security Analyst

2021 - 2022
Intel
  • Supported enterprise-scale vulnerability management programs for a global technology organization, driving risk reduction through vulnerability prioritization, remediation tracking, and SLA compliance.
  • Performed validation and false-positive analysis of findings generated by Qualys, Fortify, Checkmarx, and Netsparker (Invicti), improving the accuracy of security reporting and remediation efforts.
  • Collaborated with application owners and engineering teams to remediate security vulnerabilities while delivering executive-level reporting on vulnerability trends, aging, and compliance metrics.
Technologies: Vulnerability Management, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Splunk Enterprise Security, Enterprise Cybersecurity

Associate Cyber Security Analyst

2019 - 2021
UL Technology Solutions
  • Completed over 25 application and network security assessments, identifying vulnerabilities and helping teams remediate security risks before production deployment.
  • Assisted in security incident investigations and developed incident response procedures that improved the organization's ability to detect and respond to security events.
  • Led security awareness initiatives and created secure development guidelines as part of ISO 27001 implementation, promoting secure-by-design practices across engineering teams.
Technologies: Application Security, Penetration Testing, Incident Response, Certified Ethical Hacker (CEH), JavaScript, Python, Enterprise Cybersecurity

Experience

Enterprise Web and API Penetration Testing

https://drive.google.com/file/d/1C5YPwMFDfpNxdd9KgWE49XIaF6tWFcgP/view?usp=sharing
This is a redacted sample penetration testing report representative of the deliverables I provide to clients. My assessments combine automated vulnerability scanning with extensive manual testing focused on authentication, authorization, business logic, session management, API security, and OWASP Top 10 risks. Findings are validated manually, assigned risk ratings, and accompanied by clear remediation guidance, proof-of-concept evidence, and re-testing support to help organizations effectively reduce security risk.

Secure Cloud-native Architecture Review and Modernization Proposal

https://drive.google.com/file/d/1zt9lv78-F8ZefzBxupYpT2CUk3lwA5rk/view?usp=sharing
Conducted a security architecture review of a cloud-native SaaS platform and developed a modernization strategy aligned with the NIST Cybersecurity Framework. The engagement focused on API security, IAM/RBAC, secrets management, monitoring, incident response, secure CI/CD, and low-downtime deployment strategies. I delivered an enhanced architecture design, a security roadmap, and a requirement traceability matrix to improve scalability, resilience, and the overall security posture.

AI-assisted Application Security Testing Platform (Self Project)

https://github.com/akashp49/Burp-AI-extension
Designed and developed an AI-assisted application security testing platform integrating Burp Suite, FastAPI, and a Next.js dashboard. The platform combines deterministic vulnerability analysis with AI-driven payload generation to support testing for XSS, SQL Injection, SSRF, and Command Injection. Its strongest capability is context-aware reflected XSS analysis, enabling targeted payload generation based on execution context. Future enhancements include browser-based exploit verification, AI-assisted threat modeling, business logic analysis, multi-user collaboration, and integrations with vulnerability management platforms.

Education

2013 - 2017

Bachelor's Degree in Engineering

Cochin University of Science and Technology - Kochi, Kerala, India

2009 - 2011

Senior Secondary School in Computer Science

Central Board of Secondary Education - India

Certifications

AUGUST 2025 - PRESENT

AWS Partner: Generative AI Essentials

Amazon Web Services

AUGUST 2025 - PRESENT

Microsoft Certified: Azure Fundamentals

Microsoft

JANUARY 2023 - PRESENT

Certified in Cybersecurity (CC)

ISC2

JANUARY 2018 - JANUARY 2021

Certified Ethical Hacker

EC Council USA

Skills

Paradigms

Penetration Testing, DevSecOps

Platforms

Burp Suite, Windows, Kali Linux, Azure

Languages

Python, JavaScript, C#, Java

Other

Vulnerability Management, Threat Modeling, Dynamic Application Security Testing (DAST), Information Security, OWASP Top 10, IT Security, Security, Enterprise Cybersecurity, Product Security, Computer Science, Certified Ethical Hacker (CEH), Application Security, Static Application Security Testing (SAST), Cybersecurity Operations, Cloud Services, OpenAI, SIEM, Secure Software Development Lifecycle (SSDLC), AWS Security Hub, Security Architecture, Cloud Security, Risk Assessment, Network Security, GRC, AI Security, NIST, Incident Response, Splunk Enterprise Security, Vibe Coding, Large Language Models (LLMs), Gemini API, Security Automation, Security Research

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring