Security researcher and engineer running manual and automated penetration tests across web, API, network, and mobile targets for government and enterprise clients. I build security tooling in Python — currently building an automated mobile (Android & iOS) penetration-testing agent — and I contribute upstream to the tools I actually use: drozer, MobSF, nuclei-templates.

• Manual + automated VAPT across web, API, network, and mobile, under direct CTO supervision
• Identify critical & high-severity findings across 20+ client engagements and deliver remediation guidance
• Build Python / Docker security-testing automation for DAST & SAST pipelines
• Threat modeling, risk assessment, and digital-forensics investigations
• Triage 1,000+ security events from DevSecOps tooling; deploy & tune Cloudflare WAF
• Operate against NIST · ISO 27001/27017 · PCI DSS · GDPR frameworks

Autonomous Mobile Penetration Testing Agent. An LLM-orchestrated pipeline (LangGraph + Claude) that runs static, dynamic, and network assessments across Android & iOS, with a human checkpoint at every stage gate.

• 29 static analyzers — manifest, secrets, crypto-misuse, native libs, Firebase rules, trackers, deep-links, WebView, and Ghidra headless decompilation
• 21 iOS Frida hooks — SSL unpinning, jailbreak bypass, keychain/biometric capture, NSURLSession & WKWebView logging, anti-debug bypass
• 20 network / API testers — IDOR, injection, mass-assignment, race conditions, auth/session, TLS, plus ZAP & mitmproxy integration
• Findings mapped to OWASP MASTG / NIAP · exposed over an MCP server · runs on WSL2, Windows, macOS & Linux

Upstream fixes and detections for the tools I rely on day to day — 9 PRs across 7 projects, 2 merged.

_{Built in the open · tested only with authorization · India}