Summary
Experience
Senior Security Researcher, Bug Bounty ProgramSynapse Tech
- Discovered and reported 40+ critical and high-severity vulnerabilities (e.g., RCE, SQLi, XSS, SSRF) within 2 years, leading to a 15% reduction in exploitable attack surface.
- Led the investigation and remediation efforts for 5 major security incidents, minimizing potential data breaches and financial losses by an estimated $2M annually.
- Developed and implemented automated scanning scripts in Python, improving vulnerability detection efficiency by 25% and reducing manual review time by 10 hours/week.
- Mentored junior security researchers, improving team's average bug severity and payout by 20% over one year.
Application Security EngineerInnovate Labs
- Identified and reported over 75 unique security flaws, including authentication bypasses and critical API vulnerabilities, leading to a 30% stronger application security posture.
- Performed comprehensive penetration tests on 10+ web and mobile applications, utilizing tools like Burp Suite Pro and OWASP ZAP to uncover hidden attack vectors.
- Collaborated with development teams to implement secure coding practices, reducing the average number of vulnerabilities introduced in new features by 40%.
- Contributed to the design and review of security architecture for new product features, integrating security by design principles from conception.
Projects
Automated Web Vulnerability Scanner (OWASP Top 10)
- Developed a Python-based open-source tool for detecting common web vulnerabilities like XSS, SQLi, and CSRF based on OWASP Top 10.
- Integrated with custom payloads and passive scanning techniques to identify vulnerabilities in large codebases, supporting both black-box and gray-box testing.
- Achieved a 90% accuracy rate in detecting critical vulnerabilities in controlled environments, significantly reducing manual review time for initial assessments.
API Security Fuzzer
- Created a Go-lang application for fuzzing RESTful APIs with various input combinations, headers, and authentication tokens to uncover edge-case vulnerabilities.
- Successfully identified multiple authentication bypasses and sensitive data exposure flaws in dummy APIs by generating millions of unique requests.
- Designed for modularity, allowing easy integration of new test cases and custom dictionaries for targeted vulnerability discovery.
Education
University of California, BerkeleyBachelor of Science in Computer Science
- Graduated Magna Cum Laude with a 3.8 GPA
- Awarded Dean's List for 6 consecutive semesters
- Completed capstone project on AI-driven vulnerability detection
Skills
Penetration Testing
Web Application PentestingMobile App PentestingAPI Security TestingNetwork PenetrationCloud Security Assessment
Vulnerability Research
Exploit DevelopmentFuzzingReverse EngineeringThreat ModelingIncident Response
Tools & Technologies
Burp SuiteOWASP ZAPMetasploitNmapWiresharkNessusGhidraDocker
Programming & Scripting
PythonGoJavaScriptBashSQLPHP
Cloud Platforms
AWS SecurityAzure SecurityGCP SecurityContainer Security