About
Application and Product Security Engineer focused on securing real-world web and API products. Experienced in identifying high-risk, production-impacting vulnerabilities and working with engineering teams to fix root causes, not symptoms. Builder of AlphaScan, an LLM-assisted security tool for attack-surface discovery and application testing. Reported and remediated 120+ production-impacting vulnerabilities across fintech, government, and consumer platforms, reducing external attack surface and preventing sensitive data exposure.
Skills & Expertise (25)
Work Experience
Independent Security Researcher
Bugcrowd
Mar 2024 - Present
Discovered and responsibly disclosed 120+ validated, high-impact vulnerabilities across 20+ production organizations spanning fintech, government, and large-scale consumer platforms. Identified authorization bypasses, IDORs, business-logic flaws, and stored/reflected XSS affecting real user data and privileged workflows. Owned the full vulnerability lifecycle: discovery, exploitation proof, impact validation, remediation review, and retesting to ensure fixes addressed root causes. Collaborated through coordinated disclosure with organizations including BitGo, OSMRE, AvalonBay, SEEK (Jora), Swiggy, Byrd, and TrafficJunky, resulting in confirmed remediation and decreased attacker reach. Delivered high-fidelity, reproducible proof-of-concepts under real-world constraints such as scoped testing rules and rate limiting. Ranked within the top ~3,500 Bugcrowd researchers, earning multiple Hall of Fame acknowledgements for accuracy, impact, and reporting quality.
Penetration Tester & Instructor
MATEX Consultancy, Bengaluru · STEM Avishkar Pvt Ltd, Mysore
Jan 2024 - Jan 2025
Designed and executed 10+ hands-on penetration testing labs and 100+ controlled attack simulations across web, network, and application layers for 700+ learners. Conducted targeted penetration testing on systems and applications, identifying 100+ security weaknesses aligned to real attacker paths. Delivered clear, reproducible security reports with actionable remediation guidance, enabling fixes to high-risk vulnerabilities before exploitation. Mapped findings to root causes and security control gaps, contributing to reduced overall threat exposure.
Security Engineer
AlphaScan
Aug 2025 - Present
Built an LLM-assisted external security analysis tool to identify real application attack surfaces beyond traditional scanners. Automated reconnaissance, endpoint discovery, and signal correlation to support manual testing and risk prioritization. Designed tooling for startup realities, including partial access, fast-changing scope, and limited security maturity, while maintaining production-safe validation. Focused on low-noise, high-confidence findings by correlating reconnaissance signals with application context. Identified and responsibly disclosed production information-disclosure and PII exposure vulnerabilities affecting assets at IDEEZA, Nykaa, and Netskope, leading to remediation and lowered exposure of sensitive data.
Education
Bachelor of Technology (CSE — AI/ML) - St. Martin's Engineering College, Hyderabad
2022 - 2026 · Afghanistan
Certifications
Certified Ethical Hacker v12
· 2025
Google Cybersecurity
· 2024
Ethical Hacking Essentials (EHE)
· 2023
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Need Sponsorship
Relocation
Open to Relocation
