Nainish Kelhe
Cybersecurity Analyst & Automation Specialist
About
Cybersecurity Analyst & Automation Specialist with hands-on expertise in Bug Bounty, Penetration Testing, and OWASP Top 10 vulnerabilities. Proven ability to automate security workflows using Python, SIEMonster, and powerful tools like Burp Suite and Metasploit. Eager to apply a data-driven approach to threat detection and risk mitigation.
Skills & Expertise (27)
Work Experience
VAPT Intern
Persistent Systems
Dec 2025 - Present
Conducted authorized penetration testing on enterprise chatbot and interview portal, identifying vulnerabilities across authentication, authorization, and input handling layers. Performed LLM security testing, including prompt injection, data leakage, role bypass, and policy circumvention scenarios, mapped to OWASP Top 10 and LLM threat models. Executed web application security assessments on the interview platform, covering session management, access control, business logic, and input validation flaws. Utilized Burp Suite, SQLmap, FFUF, and manual request tampering to validate findings and eliminate false positives. Analyzed API request/response flows to detect excessive data exposure, IDOR risks, and improper error handling. Produced professional VAPT reports with PoCs, severity ratings, and actionable remediation recommendations, supporting secure deployment of AI-driven systems.
Security Researcher (Bug Bounty Program)
McGraw Hill
Oct 2025 - Nov 2025
Identified and reported origin IP leak behind a WAF/CDN (Sensitive Data Exposure), enabling potential security control bypass and direct targeting of the backend server.
Security Researcher (Bug Bounty Program)
Flipkart
Jun 2025 - Jul 2025
Identified and reported a High-Severity hardcoded API key exposure in sw.js, which could have led to unauthorized backend access and API misuse.
Data Science Analyst
Emergys
Jun 2025 - Jul 2025
Developed 10+ end-to-end Python automation tools for data scraping, cybersecurity analysis, and workflow automation. Built a news aggregator processing 500+ articles/day from multiple sources using custom RSS parsing and BeautifulSoup. Designed a PDF intelligence extractor that parsed 1,000+ company filings to extract key data (CINs, PANs, emails) via Regex and PyPDF2. Implemented Markdown-based news scrapers with advanced URL validation and error handling, improving efficiency by 30%. Enhanced productivity by 40% using web automation, logging frameworks, and structured error management.
Education
Btech in Electronics and Telecommunication - Pimpri Chinchwad College of Engineering
2022 - · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
H1B
Relocation
Open to Relocation
Skills (27)
Click a skill to find developers with the same skill
