Available for opportunities

Rohit Kumar

Senior Application Security Engineer with 5+ years securing enterprise systems across web, mobile, and API platforms. Currently at PwC — building tools, breaking things (legally), and making software safer.

CVE-2024-35581 CVE-2024-35582 CVE-2024-35583
↓ Download Resume Get In Touch View Experience
5+
Years Experience
3
CVEs Published
300+
Assessments Done
200+
Devs Trained

01 / About

Who I Am

I'm a Senior Application Security Engineer specializing in web application penetration testing, iOS/Android mobile security, API assessments, and source code analysis (SCA). With over 5 years across banking, e-commerce, and enterprise environments, I bridge the gap between offensive security findings and practical remediation.

Currently a Senior Associate at PwC, I build internal security automation tools alongside conducting comprehensive assessments. Previously at Black Duck (Synopsys), I led teams, mentored junior consultants, and delivered executive-level security roadmaps to C-suite stakeholders.

My proudest achievement: discovering and responsibly disclosing 3 CVEs — CVE-2024-35581, CVE-2024-35582, CVE-2024-35583 — now published in the MITRE and NVD databases.

📍 Kolkata, West Bengal, India
🎓 B.Tech Computer Engineering — Punjab Technical University (2020)
🔐 OSCP (Pursuing) · CEH · LPT
Certifications
Pursuing Offensive Security Certified Professional (OSCP)
Active Certified Ethical Hacker (CEH)
Active Licensed Penetration Tester (LPT)
Contact & Links
📧 er.rohitkumar1410@gmail.com
📞 +91 6290342545
💼 linkedin.com/in/rohitkumar384
💻 github.com/r04i7

02 / Experience

Where I've Worked

PwC
Senior Associate
Mar 2026 – Present
  • Conduct web application, Android, iOS, and API penetration testing and source code analysis (SCA) for enterprise clients across multiple industries.
  • Built an internal Burp Suite extender tool to streamline vulnerability triage workflow — helps the team manage and track flagged/hidden issues more efficiently.
  • Developed a session cookie analysis tool to identify session management weaknesses during web application assessments.
  • Contribute to building internal security automation tooling to support penetration testing and reporting workflows.
Black Duck (Synopsys)
Senior Security Consultant
Mar 2025 – Mar 2026
  • Directed end-to-end security assessments for enterprise clients covering penetration testing, threat modeling, and remediation validation across web, mobile, and API platforms.
  • Executed advanced iOS and Android security testing — identified critical authentication bypass and data leakage vulnerabilities in 40+ mobile applications.
  • Delivered executive-level security reports and remediation roadmaps to C-suite stakeholders, improving client security posture by 45%.
  • Mentored a team of 5 junior security consultants on OWASP methodologies, secure coding practices, and vulnerability exploitation.
  • Designed scalable security testing frameworks using Python and Bash, reducing manual testing time by 30%.
Black Duck (Synopsys)
Security Consultant
Sep 2024 – Mar 2025
  • Executed 80+ comprehensive web application assessments for banking and fintech clients, identifying high-severity vulnerabilities including IDOR, XXE, and SQL injection.
  • Completed 50+ RESTful and GraphQL API penetration tests, uncovering business logic flaws and broken authentication mechanisms.
  • Reduced false positive rates by 35% through validation workflows and script-based vulnerability verification.
  • Collaborated with 10+ development teams to integrate security best practices into CI/CD pipelines, ensuring SOC2 and GDPR compliance.
  • Facilitated security awareness training for 200+ developers on secure coding and the OWASP Top 10.
Synopsys Inc.
Security Service Associate
Mar 2022 – Sep 2024
  • Discovered and reported 3 CVEs (CVE-2024-35581, CVE-2024-35582, CVE-2024-35583), published in the MITRE and NVD databases.
  • Orchestrated 160+ web application penetration tests and 70+ mobile security audits across e-commerce and healthcare sectors.
  • Directed threat modeling and architecture reviews for 30+ cloud-native applications, reducing attack surface by 40%.
  • Engineered custom Python security automation tools for reconnaissance and reporting, improving efficiency by 25%.
  • Triaged and validated 500+ security findings from commercial scanners to ensure accurate risk assessment.
CSCC Labs
Cyber Security Analyst
Jul 2021 – Mar 2022
  • Managed engagements for 40+ web applications, identifying OWASP Top 10 vulnerabilities and business logic flaws.
  • Assessed network security and configurations, identifying misconfigurations across 60+ systems.
  • Spearheaded forensic analysis for security breaches, reducing mean time to resolution by 50%.
CSCC Labs
Cyber Security Intern
Feb 2021 – Jul 2021
  • Supported vulnerability assessments for 20+ client applications and performed OSINT-based reconnaissance for 15+ targets.

03 / Skills

Technical Arsenal

🎯
Security Testing
Web App Pentesting iOS Security Android Security API Security VAPT Source Code Analysis Network Security Threat Modeling
🛠️
Tools & Frameworks
Burp Suite Pro OWASP ZAP Metasploit MobSF Frida Objection JADX Apktool Genymotion Postman 3uTools
📋
Standards & Compliance
OWASP Top 10 OWASP Mobile Top 10 CWE/SANS 25 SOC2 GDPR Secure SDLC CVE Research
💻
Languages & Scripting
Python Bash Java C++

04 / Projects

Research & Tools

🔍
CVE Research & Vulnerability Disclosure
Discovered and responsibly disclosed 3 CVEs — CVE-2024-35581, CVE-2024-35582, CVE-2024-35583 — through zero-day vulnerability research in web applications and open-source software. All published in the official MITRE and NVD databases.
CVE-2024-35581 CVE-2024-35582 CVE-2024-35583 Zero-Day Research MITRE / NVD
🔧
Burp Suite Extender — Issue Tracker
Built an internal Burp Suite extension for PwC's assessment team to manage and track flagged/hidden vulnerabilities during engagements. Streamlines the vulnerability triage workflow and eliminates manual tracking overhead.
Burp Suite Java Security Automation Internal Tool
🍪
Session Cookie Analysis Tool
Developed a specialized tool to identify session management weaknesses during web application assessments — analyzing cookie attributes, entropy, predictability, and security flags against OWASP session management standards.
Python Session Security OWASP Web Security
Penetration Testing Automation Suite
Open-source collection of Python and Bash scripts for reconnaissance, vulnerability scanning, and exploit development. Designed scalable security testing frameworks that reduced manual testing time by 30% and improved reporting efficiency by 25%.
Python Bash Reconnaissance Open Source

05 / Contact

Let's Connect

Whether you're looking for a security assessment, want to discuss a CVE, need a consultant for your enterprise, or just want to talk offensive security — my inbox is always open.

📧
Email er.rohitkumar1410@gmail.com
💼
LinkedIn linkedin.com/in/rohitkumar384
💻
GitHub github.com/r04i7
📞
Phone +91 6290342545
📄
Resume Download CV (PDF)