Ganesh babu
Cyber Security Consultant (VAPT)
About
Cybersecurity Consultant with 3+ years of experience delivering end-to-end VAPT across Web, Mobile (Android/iOS), API, Network, and Cloud environments. I am skilled in adversary simulation, vulnerability enumeration, and manual exploitation to demonstrate real-world business impact. Strong knowledge of OWASP Top 10, SANS Top 25, CWE, and NIST SP 800-115, with experience mapping exploited techniques to the MITRE ATT&CK framework. Experienced in preparing PoC-driven reports, impact analysis, CVSS scoring, and collaborating with development/infrastructure teams for remediation and security hardening.
Skills & Expertise (46)
Work Experience
Cyber Security Consultant (VAPT)
RHYM Technologies LLP
Mar 2025 - Present
Performed end-to-end VAPT across Web, Mobile (Android/iOS), API, Network, and Cloud environments, identifying critical vulnerabilities and demonstrating business impact through manual exploitation, aligned with OWASP Top 10 and NIST SP 800-115. Performed SAST & DAST using SonarQube, MobSF, and Burp Suite to identify code-level and runtime vulnerabilities. Conducted AWS/GCP cloud security assessments including IAM privilege escalation, storage exposure, metadata service abuse, and security group/firewall misconfigurations aligned with CIS Benchmarks. Executed advanced Android/iOS testing using Frida for SSL pinning bypass and API interception to detect insecure data handling and authentication flaws. Delivered PoC-driven reports with CVSS scoring, risk analysis, and collaborated with engineering teams for remediation support, retesting, and continuous security improvement.
Cyber Security Analyst
HKIT Security Solutions
Mar 2023 - Feb 2025
Performed VAPT across Web, Mobile (Android/iOS), API, and Network environments aligned with OWASP Top 10 testing standards. Conducted reconnaissance, vulnerability enumeration, and manual exploitation to simulate real-world attack scenarios on applications and critical CERT platforms, creating detailed PoCs to demonstrate business impact, while mapping exploited techniques to the MITRE ATT&CK framework. Performed onsite Web and Network assessments using Burp Suite, Nessus, and Nmap to identify exposed services, misconfigurations, and missing patches across critical client infrastructure. Performed SAST/DAST using SonarQube, MobSF, and Burp Suite to identify insecure code patterns and runtime vulnerabilities. Delivered comprehensive assessment reports including PoCs, CVSS scoring, business impact analysis, and collaborated with development teams for remediation and patch validation.
Education
B. Tech – Mechanical Engineering - Narasaraopet Engineering College
2018 - 2021 · Afghanistan
Diploma – Mechanical Engineering - Divi Seema Polytechnic
2014 - 2017 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Open to Relocation
Skills (46)
Click a skill to find developers with the same skill
