Vansh is available for hire

Vansh Devgan

Verified Expert in Engineering

Security Engineer and Developer

Delhi, India

Toptal member since October 19, 2022

Expertise

MERN Stack System Security Cloudflare SSO Engineering Web Scraping Data Scraping Startup Development Interim CTOs Full-stack DNS AJAX Accessibility Development Ethical Hacking Penetration Testing

Bio

Vansh is a seasoned security researcher and full-stack developer with 5+ years of experience uncovering critical vulnerabilities for top firms like Microsoft, Google, and NordVPN. He specializes in web, cloud, and AI/ML security, including red teaming and adversarial testing. With a strong background in scripting and automation, Vansh helps companies stay ahead of modern threats.

Portfolio

Talvaro GMBH

Application Security, Security, Code Review, Unit Testing...

Carousell

Ethical Hacking, Nessus, Certified Ethical Hacker (CEH), OSCP...

Crypto.com

Penetration Testing, Security, IT Security, Web Security, Cloud Security...

Experience

Burp Suite - 5 years
Kali Linux - 5 years
Node.js - 5 years
MERN Stack - 5 years
Source Code Review - 5 years
Penetration Testing - 5 years
Web App Security - 5 years
Python 3 - 5 years

Preferred Environment

Ubuntu Linux, Burp Suite, Metasploit, NMap, Kali Linux, Amazon Web Services (AWS), Security Testing, Kubernetes, Information Security, Vulnerability Scanning

The most amazing...

...vulnerability I've found is in the Microsoft Edge browser, for which I got rewarded with a bounty of $20,000.

Work Experience

Application Security Expert

2024 - 2024

Talvaro GMBH

Collaborated with Talvaro to review their source code and assist in developing secure coding practices for their clients.
Assisted Talvaro in identifying critical SQL injection vulnerabilities in their code, enabling them to remediate the issues before deploying the application to their client.
Provided key recommendations to protect the website against injection attacks such as XSS, SSTI, and SQLi, and assisted in implementing measures to prevent server-side attacks like SSRF.
Reviewed source code for internal tools that integrated ML inference results, identifying insecure input handling that could be exploited via indirect prompt injection or manipulated vector inputs.
Delivered secure coding recommendations to mitigate risks stemming from integrating third-party ML libraries (e.g., insecure serialization or unsanitized output used in UI rendering).

Technologies: Application Security, Security, Code Review, Unit Testing, Vulnerability Identification, Vue, .NET, Networking, Full-stack Development, Adversarial Machine Learning, AI Risk Assessment, Large Language Model Operations (LLMOps), Machine Learning Operations (MLOps), Cyber Forensics, Hacking, White-hat Security, Writing & Editing, Customer Identity and Access Management (CIAM), Cybersecurity Maturity Model Certification (CMMC), Enterprise Cybersecurity, Cybersecurity Operations, Angular, UI Design, Sprints, UX Design, User Interface (UI), Google AppSheet, Offensive Security, MDM, Active Directory (AD), Cloud Infrastructure, Loki, Vulnerability Remediation, Accessibility, Performance, Expo, OpenVAS, Wordfence Security, AWS Secrets Manager, AWS IAM, DNS, GoDaddy, Email, Security Orchestration, Automation, and Response (SOAR), User Acceptance Testing (UAT), GCP Security

Product Security Engineer

2023 - 2024

Carousell

Conducted source code reviews to identify security vulnerabilities early in the development lifecycle using tools like Semgrep and SonarCloud.
Performed internal penetration testing on web, mobile, and API applications to assess and enhance security posture.
Developed automation scripts to monitor web application attack surfaces and integrated security solutions into CI/CD pipelines.
Set up and managed Wazuh and Nessus for continuous security monitoring, automating bi-weekly scans.
Led threat modeling exercises across multiple products, mapping attack surfaces and improving security resilience.
Evaluated and secured cloud infrastructure, ensuring compliance with best practices and regulatory requirements.
Implemented PII Detection checks to prevent sensitive data leakage through APIs.
Delivered secure code training to development teams, reducing security risks during development.
Performed architecture reviews and threat modeling for various applications, identifying potential vulnerabilities and recommending mitigations.
Conducted secure code reviews for Carousell’s recommendation and fraud detection ML pipelines, identifying weak points in the ML lifecycle, including artifact storage, feature engineering logic, and model access control.

Technologies: Ethical Hacking, Nessus, Certified Ethical Hacker (CEH), OSCP, Penetration Testing, Source Code Review, SIEM, SOC 1, SOC 2, Web Security, Mobile Security, Checkmarx, Web App Security, Networking, Full-stack Development, Adversarial Machine Learning, AI Risk Assessment, Large Language Model Operations (LLMOps), Machine Learning Operations (MLOps), Azure Web Application Firewall, Cyber Forensics, Hacking, White-hat Security, White-hat Hacking, Writing & Editing, Customer Identity and Access Management (CIAM), Cybersecurity Maturity Model Certification (CMMC), Enterprise Cybersecurity, Cybersecurity Operations, UI Design, Sprints, UX Design, User Interface (UI), Google AppSheet, Offensive Security, MDM, Active Directory (AD), Cloud Infrastructure, Wiz Cloud Security Platform, Loki, Vulnerability Remediation, Accessibility, Performance, Expo, OpenVAS, Wordfence Security, AI Trust, Risk and Security Management (AI TRiSM), AWS Secrets Manager, DNS, GoDaddy, Email, Security Orchestration, Automation, and Response (SOAR), User Acceptance Testing (UAT), GCP Security

Senior Product Security Engineer

2023 - 2024

Crypto.com

Collaborated with a crypto team to manage their bug bounty program, identified issues through penetration testing in their exchange apps and decentralized finance wallet, and conducted red teaming exercises.
Conducted source code reviews for their applications, identifying numerous issues related to hard-coded credentials, insecure server-side calls, and more.
Worked closely with their team on various red teaming activities, uncovering information disclosure issues related to PII data, and helped them implement strong controls to secure their infrastructure.
Led red team simulations targeting LLM-based support agents and internal automation tools, discovering input-based prompt injections and recommending role-based access for LLM endpoints based on severity classification.
Assisted engineering teams securely integrating LLMs into consumer-facing crypto wallet features by introducing output validation, rate-limiting, and audit logging for model responses.

Technologies: Penetration Testing, Security, IT Security, Web Security, Cloud Security, PostgreSQL, REST APIs, Large Language Models (LLMs), Scalable Web Services, Concurrency, Encryption, Code Auditing, Kubernetes Security, Digital Forensics, Communication, SQL Injection Protection, SQL, Forensics, Shopify, Cloudflare, Ajax, CSS3, Svelte, Tailwind CSS, Front-end Development, HTML5, Less, jQuery, RDBMS, Site Reliability Engineering (SRE), Web Hosting, Data Privacy, Virtual Cloud Network (VCN), Security Information and Event Management (SIEM), Audits, Information Security Management Systems (ISMS), Scanning, Firmware, Duo, Cisco, Cisco Umbrella, Calendars, Google Maps, PDF, Stripe, Web Design, Webflow, WooCommerce, NestJS, Auth0 API, Facebook API, Facebook Ads API, Google API, Full-stack Development, AI Risk Assessment, Large Language Model Operations (LLMOps), Machine Learning Operations (MLOps), Azure Web Application Firewall, Cyber Forensics, White-hat Hacking, Writing & Editing, Cybersecurity Maturity Model Certification (CMMC), Enterprise Cybersecurity, Cybersecurity Operations, UX Design, Google AppSheet, Offensive Security, MDM, Cloud Infrastructure, Wiz Cloud Security Platform, Loki, Vulnerability Remediation, Accessibility, Performance, Expo, OpenVAS, Wordfence Security, AI Trust, Risk and Security Management (AI TRiSM), AWS Secrets Manager, AWS IAM, DNS, GoDaddy, Email, Security Orchestration, Automation, and Response (SOAR), User Acceptance Testing (UAT), GCP Security

Product Security Engineer | Threat Modeling Expert

2023 - 2023

Yahoo!

Contributed to the company by manually reviewing source code for their applications, offering constructive feedback for continuous improvement across the codebase.
Aided the company in performing threat modeling for diverse new features, collaborating with the product team to enhance comprehension and prioritize potential threats.
Assisted in coordinating dynamic penetration testing and software composition analysis (SCA) for newly introduced features and products at Yahoo.
Designed threat models for upcoming Yahoo AI products, evaluating exposure to AI-specific attack vectors such as data poisoning, training leakage, and unauthorized model access across AWS and GCP deployments.
Reviewed the deployment architecture for fine-tuned LLMs used in content moderation and smart reply features, helping teams implement robust guardrails for user inputs and introduce monitoring to detect model drift or misuse.

Technologies: Threat Modeling, Penetration Testing, Cloud Security, Source Code Review, Cybersecurity, Security, IT Security, Architecture, Dynamic Analysis, Go, Java, Python, JavaScript, Amazon Web Services (AWS), Google Cloud, Checkmarx, SSL, HTTPS, Transport Layer Security (TLS), Managed Security Service Providers (MSSP), Information Security, Certified Ethical Hacker (CEH), Threat Intelligence, Azure Cloud Services, Unit Testing, Business Continuity Planning (BCP), ISO 27001, Documentation, VPN, Vulnerability Scanning, Jakarta Server Pages (JSP), Red Teaming, Quality Assurance (QA), SAML, SAML-auth, Single Sign-on (SSO), Vulnerability Management, Shell Scripting, Web Scraping, Scraping, Data Scraping, Website Audits, Off-page SEO, Product Security, Security Breach Consulting, Risk Analysis, Root-cause Analysis (RCA), LAMP, AI Security, Artificial Intelligence (AI), PostgreSQL, REST APIs, Large Language Models (LLMs), Scalable Web Services, Concurrency, Encryption, HIPAA Compliance, Code Auditing, Kubernetes Security, Digital Forensics, Communication, SQL Injection Protection, SQL, Forensics, Shopify, Cloudflare, Ajax, CSS3, Svelte, Tailwind CSS, Front-end Development, Cypress, HTML5, Less, jQuery, RDBMS, Site Reliability Engineering (SRE), Web Hosting, Data Privacy, Virtual Cloud Network (VCN), Security Information and Event Management (SIEM), Audits, Information Security Management Systems (ISMS), Scanning, Firmware, Duo, Cisco, Cisco Umbrella, Calendars, Google Maps, PDF, Stripe, Web Design, WooCommerce, NestJS, Auth0 API, Facebook API, Facebook Ads API, Google API, Azure Web Application Firewall, Cellebrite, EnCase, Google AppSheet, BigQuery, Wiz Cloud Security Platform, Expo, Wordfence Security, AI Trust, Risk and Security Management (AI TRiSM), Email, User Acceptance Testing (UAT), GCP Security

Product Security Engineer

2021 - 2022

Novelship

Integrated multiple payment gateways into a web application and performed security assessments.
Performed multiple security operations on assets, including source code review and internal penetration testing.
Searched for misconfigurations in AWS and other cloud applications as part of a cloud security assessment.
Implemented and managed single sign-on (SSO) solutions (Okta) successfully, streamlining user access and enhancing security.

Technologies: JavaScript, Node.js, MERN Stack, React, Express.js, PostgreSQL, Docker, Python 3, Burp Suite, Heroku, Ubuntu, IT Security, Security, Consulting, ISO 27001, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Python, Linux, CSS, HTML, Windows, Risk Assessment, Vulnerability Assessment, NIST, Google Cloud Platform (GCP), Authentication, Vulnerability Identification, APIs, DevOps, DevSecOps, Containers, Windows Server, SSL Certificates, SecOps, Data-level Security, Compliance, General Data Protection Regulation (GDPR), Architecture, Data Protection, Amazon Web Services (AWS), Cloud Security, CISSP, MySQL, PHP, Security Management, SonarQube, Azure Active Directory, Technical Writing, Security Policies & Procedures, Azure, WAS, Web Security, WordPress, Web Architecture, Data Security, SOC 2, Amazon S3 (AWS S3), Security Architecture, Identity & Access Management (IAM), CI/CD Pipelines, AWS SDK, SIEM, Intrusion Prevention Systems (IPS), Mobile Security, System Administration, Java Security, Firebase, DDoS, Intrusion Detection Systems (IDS), JumpCloud, Database Security, OAuth, Gmail API, Jenkins, Terraform, Infrastructure as Code (IaC), Dynamic Analysis, Google Cloud, Cloudflare, Laravel Forge, Antivirus Software, IDS/IPS, Monitoring, Web App Security, ASP.NET, OWASP, OWASP Top 10, CISO, Group Policy, Governance, IT Governance, Data Governance, Security Engineering, Checkmarx, Computer Security, Algorithms, Okta, Kubernetes, Security Audits, React Native, Microsoft 365, PCI, Google Workspace, Azure DevOps, Grafana, Gobuster, OWASP Zed Attack Proxy (ZAP), Rekono, Cybersecurity, CAPTCHA, Fraud Prevention, Data Loss Prevention (DLP), SSL, HTTPS, Transport Layer Security (TLS), Managed Security Service Providers (MSSP), Information Security, Certified Ethical Hacker (CEH), Threat Intelligence, Azure Cloud Services, Release Management, Unit Testing, Vue, ASM, Documentation, GRC, Network Engineering, IPsec, VPN, Vulnerability Scanning, Jakarta Server Pages (JSP), Red Teaming, Quality Assurance (QA), SAML, SAML-auth, Single Sign-on (SSO), Vulnerability Management, Shell Scripting, Web Scraping, Scraping, Data Scraping, Next.js, On-page SEO, Search Engine Optimization (SEO), Technical SEO, Website Audits, Off-page SEO, Risk Analysis, LAMP, AI Security, Artificial Intelligence (AI), REST APIs, Large Language Models (LLMs), Scalable Web Services, Concurrency, Encryption, HIPAA Compliance, Code Auditing, Kubernetes Security, Digital Forensics, Communication, SQL Injection Protection, SQL, Forensics, Shopify, Ajax, CSS3, Svelte, Tailwind CSS, Front-end Development, Cypress, HTML5, Less, jQuery, App Infrastructure, RDBMS, Site Reliability Engineering (SRE), Web Hosting, Data Privacy, Security Information and Event Management (SIEM), Audits, Information Security Management Systems (ISMS), Scanning, Firmware, Cisco, Cisco Umbrella, Calendars, Google Maps, PDF, Stripe, Web Design, Webflow, WooCommerce, NestJS, Startups, Auth0 API, Facebook API, Facebook Ads API, Google API, Fractional CTO, Azure Web Application Firewall, BigQuery, Prometheus

Product Security Engineer

2020 - 2022

CyberXplore Pvt

Implemented secure solutions over AWS, integrating past, DAST, and hardcoded credentials checks over GitHub.
Collaborated closely with a small team of developers to implement new features and improve the overall security of the product.
Conducted audits of vulnerability assessment and penetration testing (VAPT) performed by several clients and helped them build a more robust security profile and team.
Gained significant experience detecting and fixing identity and single sign-on (SSO) issues, including those with Okta. I partnered with multiple companies to establish robust SSO solutions, enhancing their infrastructure security.

Technologies: Application Security, GitHub, DevOps, DevSecOps, Software Architecture, Risk Management, Threat Modeling, Vulnerability Assessment, NIST, Google Cloud Platform (GCP), Authentication, Vulnerability Identification, APIs, Cloud, Containers, Windows Server, SSL Certificates, SecOps, Data-level Security, Compliance, General Data Protection Regulation (GDPR), Architecture, Data Protection, Amazon Web Services (AWS), Cloud Security, MySQL, PHP, Security Management, SonarQube, Azure Active Directory, Technical Writing, Security Policies & Procedures, Azure, WAS, Python, Web Security, WordPress, Web Architecture, Data Security, SOC 2, Amazon S3 (AWS S3), Security Architecture, Identity & Access Management (IAM), CI/CD Pipelines, AWS SDK, Docker, SIEM, Intrusion Prevention Systems (IPS), Mobile Security, System Administration, Java Security, Firebase, DDoS, Java, JumpCloud, Database Security, OAuth, Gmail API, Jenkins, Terraform, Infrastructure as Code (IaC), Dynamic Analysis, Google Cloud, Cloudflare, Laravel, Ubuntu, Antivirus Software, IDS/IPS, Monitoring, Web App Security, ASP.NET, OWASP, OWASP Top 10, CISO, Group Policy, Governance, IT Governance, Data Governance, Security Engineering, Checkmarx, Computer Security, Algorithms, Okta, Kubernetes, Security Audits, React Native, Microsoft 365, PCI, Google Workspace, Azure DevOps, Grafana, Gobuster, OWASP Zed Attack Proxy (ZAP), Rekono, Cybersecurity, CAPTCHA, Fraud Prevention, Data Loss Prevention (DLP), SSL, HTTPS, Transport Layer Security (TLS), Managed Security Service Providers (MSSP), Information Security, Certified Ethical Hacker (CEH), Threat Intelligence, Azure Cloud Services, Release Management, .NET, Vue, Documentation, Network Engineering, IPsec, VPN, Vulnerability Scanning, Jakarta Server Pages (JSP), Red Teaming, Quality Assurance (QA), SAML, SAML-auth, Single Sign-on (SSO), Vulnerability Management, Shell Scripting, Scraping, Data Scraping, Node.js, Next.js, On-page SEO, Search Engine Optimization (SEO), Technical SEO, Website Audits, Risk Analysis, Root-cause Analysis (RCA), LAMP, AI Security, Artificial Intelligence (AI), PostgreSQL, Concurrency, Encryption, Code Auditing, Digital Forensics, Communication, SQL Injection Protection, SQL, Forensics, Shopify, Cypress, App Infrastructure, RDBMS, Site Reliability Engineering (SRE), Security Information and Event Management (SIEM), Audits, Scanning, Google Maps, PDF, Stripe, Web Design, Webflow, WooCommerce, Startups, CTO, Fractional CTO, Autopsy, Cellebrite, EnCase, Angular, BigQuery, Prometheus

Synack Red Teamer

2020 - 2022

Synack

Reported numerous critical vulnerabilities to clients to help secure their infrastructures.
Assisted in verifying multiple patches for bug fixes.
Contributed to missions to support some standard security tests requested by clients.
Helped companies find misconfigurations in their Okta setup and helped them fix them for the proper security of their projects.

Technologies: Cybersecurity, Burp Suite, Ethical Hacking, Web Security, Penetration Testing, IT Security, Security, LDAP, Consulting, ISO 27001, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Security Testing, Certified Ethical Hacker (CEH), IoT Security, Python, Linux, Scripting, Windows, Risk Assessment, Vulnerability Assessment, NIST, Authentication, Vulnerability Identification, APIs, Cloud, DevOps, DevSecOps, Containers, Windows Server, SSL Certificates, SecOps, Data-level Security, Compliance, General Data Protection Regulation (GDPR), Architecture, Data Protection, Amazon Web Services (AWS), Cloud Security, MySQL, PHP, Security Management, SonarQube, Azure Active Directory, Technical Writing, Security Policies & Procedures, Azure, WAS, WordPress, Web Architecture, SOC 2, Amazon S3 (AWS S3), Security Architecture, Identity & Access Management (IAM), CI/CD Pipelines, AWS SDK, Docker, SIEM, Intrusion Prevention Systems (IPS), Mobile Security, System Administration, Java Security, Firebase, DDoS, Java, Intrusion Detection Systems (IDS), JumpCloud, Database Security, Jenkins, Terraform, Infrastructure as Code (IaC), Dynamic Analysis, Google Cloud, Cloudflare, Ubuntu, Antivirus Software, IDS/IPS, Monitoring, Web App Security, ASP.NET, OWASP, OWASP Top 10, Governance, IT Governance, Data Governance, Security Engineering, Checkmarx, Computer Security, React Native, Google Workspace, Azure DevOps, Grafana, Gobuster, OWASP Zed Attack Proxy (ZAP), Rekono, CAPTCHA, Data Loss Prevention (DLP), Transport Layer Security (TLS), Managed Security Service Providers (MSSP), Information Security, Threat Intelligence, Release Management, VPN, Red Teaming, Quality Assurance (QA), SAML-auth, Single Sign-on (SSO), Technical SEO, Risk Analysis, Root-cause Analysis (RCA), LAMP, AI Security, PostgreSQL, Encryption, SQL, Forensics, Audits, PDF, Web Design, Webflow, WooCommerce

CTF Player and Bug Bounty Researcher

2018 - 2022

Self-employed

Assisted multiple big clients, including Microsoft, Google, and Apple, to identify security issues in their web application assets, getting rewarded by them with massive bounties.
Obtained top hacker badges at various companies on HackerOne, including NordVPN, Pluralsight, and Teachable.
Participated in, conducted, and won many capture-the-flag (CTF) events and reached the top 15 of the national CTF event organized by Cisco SecCon CTF.

Technologies: Application Security, Applications, Vulnerability Assessment, Authentication, Vulnerability Identification, APIs, Data-level Security, Compliance, MySQL, PHP, Security Management, SonarQube, Python, Web Security, Data Security, Security Architecture, AWS SDK, Mobile Security, DDoS, Java, Infrastructure as Code (IaC), Dynamic Analysis, Ubuntu, Antivirus Software, IDS/IPS, Monitoring, OWASP, CISO, Okta, Google Workspace, Information Security, Quality Assurance (QA), Single Sign-on (SSO), LAMP, AI Security, PostgreSQL, Encryption, SQL, Forensics, Shopify, Audits, WooCommerce

Penetration Tester

2021 - 2021

Plug&paid

Identified multiple race condition vulnerabilities in their web application which led to financial loss to the company, and helped them with possible mitigation for the problem.
Discovered an API leaking their AWS access key and secret key, giving an attacker complete control of their cloud infrastructure, and helped them migrate the issue, impacting their availability by 100%.
Assisted their team with consulting on security features implementation to prevent race conditions and brute-force attacks on critical functionalities provided as a part of the web applications.

Technologies: Applications, Application Security, Burp Suite, AWS DevOps, Amazon Web Services (AWS), Code Review, Consulting, Risk Assessment, Software Architecture, Risk Management, Threat Modeling, Vulnerability Assessment, NIST, Authentication, Vulnerability Identification, APIs, MySQL, PHP, Security Management, SonarQube, Python, Web Security, WordPress, Web Architecture, Data Security, SOC 2, Docker, Mobile Security, Java, Database Security, Google Cloud Platform (GCP), OAuth, Gmail API, Dynamic Analysis, OWASP, Compliance, CISO, Google Workspace, Cybersecurity, Managed Security Service Providers (MSSP), Information Security, Quality Assurance (QA), AI Security, PostgreSQL, Encryption, SQL, Forensics, Shopify, Cloudflare, Audits

Penetration Tester

2020 - 2020

Renderforest

Assisted as a product security engineer, helping them identify potential vulnerabilities in their web application APIs from a black-box perspective.
Consulted their developer's team on how to write good fixes for vulnerabilities found and gave some insights about how to write secure code and always sanitize inputs.
Helped integrate SAST and DAST into their CI/CD pipeline, working over AWS as a part of their DevSecOps.

Technologies: Application Security, Applications, Amazon Web Services (AWS), AWS DevOps, Burp Suite, Code Review, CompTIA, Consulting, Risk Assessment, Software Architecture, Risk Management, Threat Modeling, Vulnerability Assessment, Authentication, Vulnerability Identification, APIs, MySQL, PHP, Security Management, SonarQube, Web Security, WordPress, Web Architecture, Data Security, SOC 2, Mobile Security, Database Security, Google Cloud Platform (GCP), OAuth, Gmail API, Dynamic Analysis, OWASP, Cybersecurity, Managed Security Service Providers (MSSP), Information Security, AI Security, PostgreSQL, SQL, Cloudflare, Audits

Experience

Attack Surface Management Project

Developed a cyber security attack surface management project. It was similar to an SaaS product where user can input a domain or list of websites which are needed to test for security flaws or discovering an attack surface of an organization. I ran multiple microservices over AWS to perform the task over them and store the data in a database. I also generated a PDF report from it.

Subdomain Enumeration at Scale

This project involved building a script that takes a list of subdomains, performs subdomain enumeration on the scale for them, and then tries to monitor them continuously for some vulnerabilities through Nuclei.

Web Scraping For eCommerce Platform

I created an Amazon API Gateway for a company I worked with to scrape data from one of the sites, process the scraped data, and store the results in databases. This scraping was automated up to an extent like a cron job which runs daily as a part of the web application and feeds the data as an output to databases used by the application.

Mass Vulnerability Reporting

I developed a Python script to fingerprint certain types of third-party services over two million subdomains and check for misconfigurations over them. If the misconfiguration exists, the system processes its report template and saves the report as a draft to submit to the program over HackerOne or Bugcrowd.

Education

2018 - 2022

Bachelor's Degree in Computer Science

Lovely Professional University - Phagwara, India

Certifications

NOVEMBER 2024 - PRESENT

CREST Registered Penetration Tester (CRT)

CREST

OCTOBER 2024 - PRESENT

CREST Practitioner Security Analyst (CPSA)

CREST

JULY 2023 - PRESENT

OffSec Certified Professional (OSCP)

OffSec

APRIL 2023 - PRESENT

Certified Red Team Professional

Altered Security

APRIL 2022 - PRESENT

CompTIA PenTest+

CompTIA

Skills

Libraries/APIs

Node.js, REST APIs, Google Maps, Stripe, Auth0 API, Facebook API, Facebook Ads API, Google API, React, Java Security, Gmail API, jQuery, Vue

Tools

Slack, SonarQube, AWS SDK, Checkmarx, Google Workspace, OWASP Zed Attack Proxy (ZAP), VPN, Nessus, Azure Web Application Firewall, Expo, AWS IAM, GCP Security, Metasploit, NMap, AWS ELB, Terraform, Grafana, Cisco Umbrella, Microsoft Intune, BigQuery, Loki, GitHub, Jenkins

Languages

Python 3, Python, CSS, HTML, PHP, Java, SAML, TypeScript, SQL, CSS3, HTML5, JavaScript, Bash, GraphQL, Sass, Go, Less

Frameworks

Next.js, ASP.NET, React Native, NestJS, OpenVAS, Express.js, Laravel, Jakarta Server Pages (JSP), Tailwind CSS, Cypress, Angular, .NET, ASM, Svelte

Paradigms

Penetration Testing, DevSecOps, Web Architecture, DDoS, Security Orchestration, Automation, and Response (SOAR), User Acceptance Testing (UAT), DevOps, Azure DevOps, Unit Testing, On-page SEO, Search Engine Optimization (SEO), Off-page SEO, UI Design, UX Design, HIPAA Compliance

Platforms

Windows, Burp Suite, Docker, Google Cloud Platform (GCP), Amazon Web Services (AWS), Azure, WordPress, Visual Studio Code (VS Code), Kubernetes, LAMP, Shopify, Duo, Webflow, WooCommerce, Google AppSheet, Ubuntu Linux, MacOS, Kali Linux, Heroku, Linux, Windows Server, Firebase, Ubuntu, Web, Mobile, Wazuh

Storage

PostgreSQL, MySQL, Azure Active Directory, Database Security, SQL Injection Protection, MongoDB, Docker Cloud, Amazon S3 (AWS S3), Azure Cloud Services, RDBMS, Google Cloud

Industry Expertise

Cybersecurity, Web Design

Other

MERN Stack, Ethical Hacking, Web Security, Web App Security, Application Security, IT Security, Security, ISO 27001, Security Testing, Certified Ethical Hacker (CEH), Risk Management, Software Architecture, Threat Modeling, Vulnerability Assessment, Authentication, Vulnerability Identification, APIs, SecOps, Compliance, Architecture, Security Management, Technical Writing, Security Policies & Procedures, Data Security, SOC 2, Mobile Security, System Administration, Dynamic Analysis, Cloudflare, Antivirus Software, Security Engineering, Computer Security, Security Audits, Gobuster, Rekono, SSL, HTTPS, Transport Layer Security (TLS), Managed Security Service Providers (MSSP), Information Security, Threat Intelligence, Documentation, GRC, Vulnerability Scanning, Red Teaming, Quality Assurance (QA), SAML-auth, Single Sign-on (SSO), Vulnerability Management, Shell Scripting, Web Scraping, Scraping, Data Scraping, Risk Analysis, Root-cause Analysis (RCA), Scalable Web Services, Concurrency, Encryption, Code Auditing, Kubernetes Security, Digital Forensics, Communication, Ajax, Web Hosting, Security Information and Event Management (SIEM), Audits, Information Security Management Systems (ISMS), Scanning, Calendars, PDF, Startups, OSCP, Bug Triage, Vulnerability Triage, Bug Bounty Program, Networking, CTO, Full-stack Development, Fractional CTO, Hacking, White-hat Security, White-hat Hacking, Writing & Editing, User Interface (UI), Offensive Security, IT Management, Active Directory (AD), Prometheus, Wiz Cloud Security Platform, Vulnerability Remediation, Accessibility, Performance, Wordfence Security, AI Trust, Risk and Security Management (AI TRiSM), DNS, GoDaddy, Email, Source Code Review, Employee Training, Secure Web Development, CompTIA, AWS DevOps, DevOps Engineer, Web Development, Dynamic Application Security Testing (DAST), Code Review, Consulting, Static Application Security Testing (SAST), Scripting, Risk Assessment, NIST, Containers, SSL Certificates, Data-level Security, General Data Protection Regulation (GDPR), Data Protection, Cloud Security, WAS, Security Architecture, Identity & Access Management (IAM), CI/CD Pipelines, SIEM, Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS), JumpCloud, OAuth, Infrastructure as Code (IaC), IDS/IPS, Monitoring, OWASP, OWASP Top 10, CISO, Group Policy, Governance, IT Governance, Data Governance, Algorithms, Okta, Microsoft 365, PCI, Malware Removal, CAPTCHA, Fraud Prevention, Data Loss Prevention (DLP), Release Management, Network Engineering, IPsec, Technical SEO, Website Audits, AI Security, Artificial Intelligence (AI), App Infrastructure, Site Reliability Engineering (SRE), Data Privacy, Firewalls, Virtual Cloud Network (VCN), Firmware, Cisco, Adversarial Machine Learning, AI Risk Assessment, Large Language Model Operations (LLMOps), Machine Learning Operations (MLOps), Cyber Forensics, Customer Identity and Access Management (CIAM), Cybersecurity Maturity Model Certification (CMMC), Enterprise Cybersecurity, Cybersecurity Operations, Sprints, User Experience (UX), MDM, Cloud Infrastructure, AWS Secrets Manager, LDAP, IoT Security, Applications, Cloud, CISSP, CRTP, Laravel Forge, Business Continuity Planning (BCP), Product Security, Security Breach Consulting, Large Language Models (LLMs), Forensics, Front-end Development, Web Applications, Mobile App Security, Networks, Web & Mobile Applications, SOC 1, Autopsy, Cellebrite, EnCase

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring